In cryptography, Combined Elliptic-Curve and Post-Quantum 2 (CECPQ2) is a quantum secure modification to Transport Layer Security (TLS) 1.3 developed by Google. It is intended to be used experimentally, to help evaluate the performance of post quantum

key-exchange algorithm Key exchange (also key establishment) is a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm. If the sender and receiver wish to exchange encrypted messages, each m ...

s on actual users' devices.

Details

Similarly to its predecessor CECPQ1, CECPQ2 aims to provide confidentiality against an attacker with a large scale

quantum computer Quantum computing is a type of computation whose operations can harness the phenomena of quantum mechanics, such as superposition, interference, and entanglement. Devices that perform quantum computations are known as quantum computers. Though ...

. It is essentially a plugin for the TLS key-agreement part. CECPQ2 combines two key exchange mechanisms: the classical

X25519 X, or x, is the twenty-fourth and third-to-last letter in the Latin alphabet, used in the modern English alphabet, the alphabets of other western European languages and others worldwide. Its name in English is ''"ex"'' (pronounced ), ...

and HRSS (Hülsing, Rijneveld, Schanck, and Schwabe) scheme (an instantiation of the

NTRU NTRU is an open-source public-key cryptosystem that uses lattice-based cryptography to encrypt and decrypt data. It consists of two algorithms: NTRUEncrypt, which is used for encryption, and NTRUSign, which is used for digital signatures. Unli ...

lattice based key exchange primitive). Additionally, Kris Kwiatkowski has implemented and deployed an alternative version of post-quantum key exchange algorithm, titled ''CECPQ2b''. Similarly to CECPQ2, this is also a hybrid post-quantum key exchange scheme, that is based on

supersingular isogeny key exchange Supersingular isogeny Diffie–Hellman key exchange (SIDH or SIKE) is an insecure proposal for a post-quantum cryptographic algorithm to establish a secret key between two parties over an untrusted communications channel. It is analogous to the D ...

(SIKE) instead of HRSS. CECPQ2 uses 32 bytes of shared secret material derived from the classical

mechanism, and 32 bytes of shared secret material derived from the quantum-secure HRSS mechanism. The resulting bytes are concatenated and used as secret key. Concatenation is meant to assure that the protocol provides at least the same security level as widely used X25519, should HRSS be found insecure. The algorithm was to be deployed on both the server side using Cloudflare's infrastructure, and the client side using

Google Chrome Google Chrome is a cross-platform web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS ...

Canary. Since both parties need to support the algorithm for it to be chosen, this experiment is available only to Chrome Canary users accessing websites hosted by Cloudflare. It was estimated that the experiment started mid-2019. It was considered a step in a general program at Cloudflare to transition to post-quantum safe cryptographic primitives. Support for CECPQ2 was removed from

BoringSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTT ...

in April 2023.

References

{{Reflist Cryptographic protocols Application layer protocols Transport Layer Security

Details

See also

References