Google says it can make security keys unbreakable by quantum computers

News
By Lewis Maddison
published

As a powerful new threat looms, Google is tooling up

Quantum Chip
(Image credit: Shutterstock) (Image credit: Shutterstock)

Google says it now has a FIDO2 security key implementation that is quantum resilient, claiming it to be the first of its kind. 

FIDO2 is the technological standard for passwordless solutions, such as passkeys - which are stored on device - and physical security keys. It was developed by the FIDO alliance, a cross-industry association of which Google, along with the rest of big tech, is a board member.

The new quantum resiliant implementation is part of OpenSK, which is Google's open source security key firmware that supports both FIDO2 and FIDO U2F. According to the company, it "uses a novel ECC/Dilithium hybrid signature schema that benefits from the security of ECC against standard attacks and Dilithium’s resilience against quantum attacks."

Hybrid resilience

This schema was codeveloped with the Swiss Federal Institute of Technology in Zurich (ETH Zürich). Google believes that the progress towards practical quantum computers becoming a reality is moving at pace, which is a major concern for the world of cryptography. 

Given the outlandish theoretical speeds and abilities that quantum computers are said to achieve, they are capable of cracking standard encryption methods, something even the most powerful of today's supercomputers can't do. 

read more

> IBM says quantum computing could be a big risk to the future of encryption

> Major quantum computing breakthrough could mean the revolution is here


Sorry, quantum computing isn’t as mind-blowing as you think

Google maintains, however, that with quantum resilient methods, such as the Dilithium algorithm, "we now have a clear path to secure security keys against quantum attacks."

And even though it may be some time before this brave new world of computing makes its way outside of the labs and into the hands of threat actors - somewhere between 5-50 years on some people's reckoning - Google thinks that protecting cryptography and all that it underpins is "a massive undertaking which is why doing it as early as possible is vital."

For security keys, this means users will need to upgrade their models, which in turn means waiting on FIDO to standardize quantum resilient cryptography for them, and for browsers to support their use.

Google took the hybrid approach as the quantum resilient Dilithium algorithm, along with others, could by themselves be vulnerable to compromise from non-quantum computers. 

Recently, Google took this same hybrid approach when adding quantum resistant algorithms to Chrome, as part of its effort to make sure the internet as a whole is safe from the new technology.  

Since it is open source, anyone can test out the new security key algorithm, or contribute to its research, by accessing the OpenSK from its GitHub page.

Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, including speakers and headphones, having spent over a decade exploring the murky depths of audio production and PC building. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.