Protecting Chrome Traffic with Hybrid Kyber KEM

Google is actively preparing for the transition to quantum-resistant cryptography, updating technical standards and testing new algorithms. Chrome 116 will support X25519Kyber768, a hybrid mechanism combining X25519 and Kyber-768, for establishing TLS session keys. This change is part of a broader effort to protect against future quantum cryptanalysis attacks. Harvest Now, Decrypt Later attacks make it crucial to start protecting traffic today, even though quantum computers are not yet widely available. X25519Kyber768 adds extra data to the TLS ClientHello message, but experiments have shown compatibility with most implementations. Administrators can disable X25519Kyber768 in Chrome 116 using the PostQuantumKeyAgreementEnabled enterprise policy for compatibility issues. The X25519Kyber768 and Kyber specifications are still in draft and may change, potentially affecting Chrome's implementation. Quantum-resistant cryptography must be secure against both quantum and classical attacks, and also performant on commercial hardware. TLS symmetric encryption is not yet quantum-safe, but updating TLS session keys with quantum-resistant algorithms can protect against future attacks. The effort to migrate to quantum-resistant cryptography is a complex challenge, but Google and other organizations are actively working to ensure a smooth transition.