Google Quantum-Proofs HTTPS (arstechnica.com) 8
An anonymous reader quotes a report from Ars Technica: Google on Friday unveiled its plan for its Chrome browser to secure HTTPS certificates against quantum computer attacks without breaking the Internet. The objective is a tall order. The quantum-resistant cryptographic data needed to transparently publish TLS certificates is roughly 40 times bigger than the classical cryptographic material used today. Today's X.509 certificates are about 64 bytes in size, and comprise six elliptic curve signatures and two EC public keys. This material can be cracked through the quantum-enabled Shor's algorithm. Certificates containing the equivalent quantum-resistant cryptographic material are roughly 2.5 kilobytes. All this data must be transmitted when a browser connects to a site.
To bypass the bottleneck, companies are turning to Merkle Trees, a data structure that uses cryptographic hashes and other math to verify the contents of large amounts of information using a small fraction of material used in more traditional verification processes in public key infrastructure. Merkle Tree Certificates, "replace the heavy, serialized chain of signatures found in traditional PKI with compact Merkle Tree proofs," members of Google's Chrome Secure Web and Networking Team wrote Friday. "In this model, a Certification Authority (CA) signs a single 'Tree Head' representing potentially millions of certificates, and the 'certificate' sent to the browser is merely a lightweight proof of inclusion in that tree."
[...] Google is [also] adding cryptographic material from quantum-resistant algorithms such as ML-DSA (PDF). This addition would allow forgeries only if an attacker were to break both classical and post-quantum encryption. The new regime is part of what Google is calling the quantum-resistant root store, which will complement the Chrome Root Store the company formed in 2022. The [Merkle Tree Certificates] MTCs use Merkle Trees to provide quantum-resistant assurances that a certificate has been published without having to add most of the lengthy keys and hashes. Using other techniques to reduce the data sizes, the MTCs will be roughly the same 64-byte length they are now [...]. The new system has already been implemented in Chrome.
To bypass the bottleneck, companies are turning to Merkle Trees, a data structure that uses cryptographic hashes and other math to verify the contents of large amounts of information using a small fraction of material used in more traditional verification processes in public key infrastructure. Merkle Tree Certificates, "replace the heavy, serialized chain of signatures found in traditional PKI with compact Merkle Tree proofs," members of Google's Chrome Secure Web and Networking Team wrote Friday. "In this model, a Certification Authority (CA) signs a single 'Tree Head' representing potentially millions of certificates, and the 'certificate' sent to the browser is merely a lightweight proof of inclusion in that tree."
[...] Google is [also] adding cryptographic material from quantum-resistant algorithms such as ML-DSA (PDF). This addition would allow forgeries only if an attacker were to break both classical and post-quantum encryption. The new regime is part of what Google is calling the quantum-resistant root store, which will complement the Chrome Root Store the company formed in 2022. The [Merkle Tree Certificates] MTCs use Merkle Trees to provide quantum-resistant assurances that a certificate has been published without having to add most of the lengthy keys and hashes. Using other techniques to reduce the data sizes, the MTCs will be roughly the same 64-byte length they are now [...]. The new system has already been implemented in Chrome.
Do We Have Quantum Computers For this? (Score:3)
I didn't think that we had quantum computers already.
How is it that we have Shor's Algorithm(from 1994) and have Google working on this?
Is it still theoretical and prophylactic, or does this stuff exist today and have real world possibility now?
Re: (Score:2)
Google wants to be a leader in selling quantum computing, and in order to do that, they have to create the perception that it is useful.
Re: (Score:2)
The current actual QC factorization record is 28. And that is not with the general Shor's algorithm, because that would take a larger working QC than exists.
There is a lot of lying and giving false expressions when it comes to what QCs can actually do. The reality is that it is almost nothing and that is after 50 years of research. Anybody that expects great things here is not living in the real world.
Shor algorithm (Score:1)
This material can be cracked through the quantum-enabled Shor's algorithm.
Yes, but it requires a quantum computer with lot of Qubits [postquantum.com], which currently there is no known path to build.
Re: (Score:3)
Or rather for which it is unknown whether it is even possible, giving the restrictions of this universe. Classical computers have scaled exponentially for a long time. Although scaling is basically over for CPUs, they still scale somewhat linearly for problems that can be subdivided into smaller pieces (quantum algorithms cannot be). Now, all evidence points to QCs scaling inverse exponential, i.e. for one bit more or one step longer computations, you need exponentially more efforts. That is not a computing
Today's certs are not 64 bytes in size (Score:2)
Some EC public keys might be, but certs contain other identity information, and the key was often not their largest component.
Is it powered by cold fusion? (Score:1)