In cryptography, Combined Elliptic-Curve and Post-Quantum 2 (CECPQ2) is a quantum secure modification to Transport Layer Security (TLS) 1.3 developed by Google. It is intended to be used experimentally, to help evaluate the performance of post quantum key-exchange algorithms on actual users' devices.[1]
Details
editSimilarly to its predecessor CECPQ1, CECPQ2 aims to provide confidentiality against an attacker with a large scale quantum computer. It is essentially a plugin for the TLS key-agreement part. CECPQ2 combines two key exchange mechanisms: the classical X25519 and HRSS (Hülsing, Rijneveld, Schanck, and Schwabe) scheme (an instantiation of the NTRU lattice based key exchange primitive).[1] Additionally, Kris Kwiatkowski has implemented and deployed an alternative version of post-quantum key exchange algorithm, titled CECPQ2b. Similarly to CECPQ2, this is also a hybrid post-quantum key exchange scheme, that is based on supersingular isogeny key exchange (SIKE) instead of HRSS. [2]
CECPQ2 uses 32 bytes of shared secret material derived from the classical X25519 mechanism, and 32 bytes of shared secret material derived from the quantum-secure HRSS mechanism. The resulting bytes are concatenated and used as secret key. Concatenation is meant to assure that the protocol provides at least the same security level as widely used X25519, should HRSS be found insecure.
The algorithm was to be deployed on both the server side using Cloudflare's infrastructure, and the client side using Google Chrome Canary.[3] Since both parties need to support the algorithm for it to be chosen, this experiment is available only to Chrome Canary users accessing websites hosted by Cloudflare.
It was estimated that the experiment started mid-2019.[4] It was considered a step in a general program at Cloudflare to transition to post-quantum safe cryptographic primitives.[5]
Support for CECPQ2 was removed from BoringSSL in April 2023.
See also
editReferences
edit- ^ a b Langley, Adam (12 December 2018). "CECPQ2". Imperial Violet. Retrieved 5 January 2020.
- ^ Kwiatkowski, Kris; Valenta, Luke (30 October 2019). "The TLS Post-Quantum Experiment". Cloudflare Blog. Retrieved 31 December 2020.
- ^ Kwiatkowski, Kris (20 June 2019). "Towards Post-Quantum Cryptography in TLS". The Cloudflare Blog. Retrieved 5 January 2020.
- ^ Shankland, Stephen (20 June 2019). "Quantum computers will break today's internet security; Cloudflare wants to fix it". CNET. Retrieved 5 January 2020.
- ^ Kwiatkowski, Kris; Faz-Hernández, Armando (20 June 2019). "Introducing CIRCL: An Advanced Cryptographic Library". Cloudflare Blog. Retrieved 5 January 2020.