Protecting Chrome Traffic with Hybrid Kyber KEM

Chrome is rolling out a new hybrid cryptographic mechanism called Hybrid Kyber KEM to protect traffic. It combines two cryptographic algorithms, X25519 and Kyber-768, to create a session key for encrypting TLS connections. This mechanism is designed to be resistant to quantum attacks, addressing potential future threats from quantum computers.

To ensure compatibility, Chrome and Google servers are being monitored for any issues arising from this change. Developers and administrators experiencing problems can report bugs. The motivation behind this change is to proactively protect data in transit against future attacks and to mitigate the risk of "Harvest Now, Decrypt Later" attacks.

It is important to begin protecting traffic now, even though quantum computers are not expected to break modern cryptography for several years. In TLS, while the symmetric encryption algorithms are considered safe, the way symmetric keys are created is vulnerable.

The deployment of Hybrid Kyber KEM involves adding extra data to the TLS ClientHello message, which may cause compatibility issues with some TLS middleboxes. Administrators can temporarily disable Hybrid Kyber KEM using the PostQuantumKeyAgreementEnabled enterprise policy in Chrome 116. However, it is encouraged for administrators to work with affected vendors to fix any compatibility bugs. The X25519Kyber768 and Kyber specifications are still in draft form and may change.