Google and Cloudflare test post-quantum cryptography for tls

Cloudflare, together with Google, proposes to conduct a large-scale test for the performance of so-called post-quantum cryptography over TLS. The companies want to know how security algorithms perform in practice.

Cloudflare, together with Google, is the best party to conduct a large-scale test with post-quantum public key cryptosystems for tls, because of Cloudflare’s distributed network of access points and Google’s Chrome browser.

Post-quantum cryptography aims to find encryption that can withstand cracking by quantum computers. The security of many encryption methods is based on the fact that an unrealistic amount of computing power is required for cracking via classical computing. It is expected that the extreme parallel computing power of quantum computers can quickly break through the security of, for example, RSA and elliptic curve cryptography.

In the run-up to that moment, Cloudflare wants to test algorithms and systems that can compete with quantum computers. The company does not want to do this in the lab, but by using real client systems and real networks. In particular, the company wants to test the influence of differences in the size of the public keys on the time it takes for the handshake at tls. Cloudflare has its eye on two algorithms: hrss-sxy and sike. The first has positive properties in terms of speed, the second in terms of key size and ciphertext.

In the test, the companies will investigate via traceroutes whether slow clients using post-quantum algorithms have shared network properties and what could be the causes of increased latency. They hope to answer the question of what a good ratio between speed and key size is and how networks affect TLS performance with different exchanges of post-quantum keys.

You can read more about post-quantum cryptography in the background article The threat of quantum computers and the need for resistant encryption.