Google calls experiment with post-quantum crypto in browsers a success

Today’s internet security architecture heavily relies on so called public-key cryptography. Without this public-key cryptography, web-traffic encryption does not work and applications such as secure online banking are not be possible.  Public-key crypto is well understood and currently no efficient attacks against these cryptographic systems are known. However, already in the 90s Peter Schor was able to show that if a quantum computer can be build all state-of-the-art public-key cryptosystem would become insecure[https://en.wikipedia.org/wiki/Shor‘s_algorithm].

So far no efficient quantum computer has been build and it is still an open question if – and when – a quantum computer efficient enough to break public-key crypto can be built. Currently, quantum technology is a hot research topic and the European Union recently started a big quantum offensive by providing one billion Euro for research in quantum technologies.
[https://ec.europa.eu/digital-single-market/en/news/european-commission-will-launch-eu1-billion-quantum-technologies-flagship]

Hence, it makes sense to plan ahead and be ready for the case that efficient quantum computers become available. Therefore a new research direction called post-quantum crypto was established  which focuses on public-key crypto that remains secure even in the presence of quantum computers. These algorithms have matured a lot in recent years to a point where they are becoming practical.

And this is where google comes in: In an experiment announced in July 2016 [https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html] Google integrated the post-quantum algorithm called New Hope [https://eprint.iacr.org/2015/1092] into a test version of the Chrome browser. Essentially, they implemented NewHope as an additional Layer around TLS to enable post-quantum secure web-applications.

The experiment now ended and Google’s Adam Langley calls the experiment a success [https://www.imperialviolet.org/2016/11/28/cecpq1.html]: While some latency overhead occurred, he concludes that adoption of NewHope or similar post-quantum algorithms into TLS is indeed possible if the need arises. But he also calls for more research before they are ready for a wide deployment.

Hence, quantum computers do not need to be end of a secure internet. But research in this area should continue and one should not wait until quantum computers are built before standardizing post-quantum crypto.