Google Chrome Switching from KYBER to ML-KEM for Quantum Computing Defense

Google’s Chrome browser is set to beef up its security against cryptographically relevant quantum computers (CRQCs) by switching from the Kyber algorithm to the more robust ML-KEM. The switch, scheduled for Chrome version 131 release in November 2024, comes in response to the growing threat of quantum attacks on cryptographic systems.

The announcement from Google’s Chrome Team highlighted the key role of hybrid ML-KEM in defending against the emerging threat landscape. This move follows the U.S. National Institute of Standards and Technology (NIST) finalizing three new encryption algorithms – ML-KEM, CRYSTALS-Dilithium, and Sphincs+ – to fortify current systems against quantum threats.

Microsoft is also gearing up for the post-quantum era by updating its SymCrypt cryptographic library to support ML-KEM and eXtended Merkle Signature Scheme (XMSS). The transition to post-quantum cryptography (PQC) signifies a complex and iterative process that necessitates meticulous planning and implementation.

In a related development, a cryptographic flaw was discovered in Infineon security microcontrollers, affecting certain YubiKey devices and potentially enabling the extraction of private keys. Dubbed EUCLEAK, the attack requires physical possession of the device and specialized equipment, posing a grave security risk.

Yubico, the company behind YubiKey, issued a coordinated advisory acknowledging the vulnerability and outlined plans to deprecate support for the affected cryptographic library in upcoming firmware updates. This incident underscores the critical importance of robust security measures in thwarting sophisticated cyber threats in the evolving digital landscape.