CECPQ2
   HOME

TheInfoList



Click Here for Items Related To - CECPQ2
OR:
CECPQ2 on:   [Wikipedia]   [Google]   [Amazon]

In
cryptography Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...
, Combined Elliptic-Curve and Post-Quantum 2 (CECPQ2) is a quantum-secure modification to
Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over ...
(TLS) 1.3 developed by
Google Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...
. It is intended to be used experimentally, to help evaluate the performance of post-quantum key-exchange algorithms on actual users' devices.


Details

Similarly to its predecessor CECPQ1, CECPQ2 aims to provide confidentiality against an attacker with a large scale
quantum computer A quantum computer is a computer that exploits quantum mechanical phenomena. On small scales, physical matter exhibits properties of both particles and waves, and quantum computing takes advantage of this behavior using specialized hardware. ...
. It is essentially a plugin for the TLS key-agreement part. CECPQ2 combines two key exchange mechanisms: the classical
X25519 X, or x, is the twenty-fourth letter of the Latin alphabet, used in the English alphabet, modern English alphabet, the alphabets of other western European languages and others worldwide. Its name in English is Wikt:ex#English, ''ex'' (pro ...
and HRSS (Hülsing, Rijneveld, Schanck, and Schwabe) scheme (an instantiation of the
NTRU NTRU is an open-source public-key cryptosystem that uses lattice-based cryptography to encrypt and decrypt data. It consists of two algorithms: NTRUEncrypt, which is used for encryption, and NTRUSign, which is used for digital signatures. Unlike ...
lattice based
key exchange Key exchange (also key establishment) is a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm. If the sender and receiver wish to exchange encrypted messages, each m ...
primitive). Additionally, Kris Kwiatkowski has implemented and deployed an alternative version of post-quantum key-exchange algorithm, titled ''CECPQ2b''. Similarly to CECPQ2, this is also a hybrid post-quantum key exchange scheme, that is based on
supersingular isogeny key exchange Supersingular isogeny Diffie–Hellman key exchange (SIDH or SIKE) is an insecure proposal for a post-quantum cryptographic algorithm to establish a secret key between two parties over an untrusted communications channel. It is analogous to the ...
(SIKE) instead of HRSS. CECPQ2 uses 32 bytes of shared secret material derived from the classical
X25519 X, or x, is the twenty-fourth letter of the Latin alphabet, used in the English alphabet, modern English alphabet, the alphabets of other western European languages and others worldwide. Its name in English is Wikt:ex#English, ''ex'' (pro ...
mechanism, and 32 bytes of shared secret material derived from the quantum-secure HRSS mechanism. The resulting bytes are concatenated and used as secret key. Concatenation is meant to assure that the protocol provides at least the same security level as widely used X25519, should HRSS be found insecure. The algorithm was to be deployed on both the server side using
Cloudflare Cloudflare, Inc., is an American company that provides content delivery network services, cybersecurity, DDoS mitigation, wide area network services, reverse proxies, Domain Name Service, ICANN-accredited domain registration, and other se ...
's infrastructure, and the client side using
Google Chrome Google Chrome is a web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, iOS, iPadOS, an ...
Canary. Since both parties need to support the algorithm for it to be chosen, this experiment is available only to Chrome Canary users accessing websites hosted by Cloudflare. It was estimated that the experiment started mid-2019. It was considered a step in a general program at
Cloudflare Cloudflare, Inc., is an American company that provides content delivery network services, cybersecurity, DDoS mitigation, wide area network services, reverse proxies, Domain Name Service, ICANN-accredited domain registration, and other se ...
to transition to post-quantum safe cryptographic primitives. Support for CECPQ2 was removed from BoringSSL in April 2023.


See also

*
Elliptic-curve Diffie–Hellman Elliptic-curve Diffie–Hellman (ECDH) is a key agreement protocol that allows two parties, each having an Elliptic curve, elliptic-curve public–private key pair, to establish a shared secret over an insecure channel. This shared secret may be di ...


References

{{Reflist Cryptographic protocols Application layer protocols Transport Layer Security