Google has announced its plan to transition from KYBER to ML-KEM in its Chrome browser as part of ongoing efforts to protect against threats posed by quantum computers.
“Chrome will support hybrid ML-KEM (codepoint 0x11EC) for key share prediction,” said members of the Chrome Team, David Adrian, David Benjamin, Bob Beck, and Devon O’Brien. “The PostQuantumKeyAgreementEnabled flag and enterprise policy will apply to both Kyber and ML-KEM.”
This change will take effect in Chrome version 131, expected to be released in early November 2024. Google cited incompatibility between the two hybrid post-quantum key exchange methods as the reason for moving away from KYBER.
“The final version of ML-KEM is not compatible with the previously deployed Kyber version,” Google noted, explaining the switch from Kyber768+X25519 (codepoint 0x6399) to ML-KEM768+X25519 (codepoint 0x11EC) in TLS for post-quantum key exchange.
This update comes shortly after the U.S. National Institute of Standards and Technology (NIST) introduced three new encryption algorithms—FIPS 203 (ML-KEM), FIPS 204 (CRYSTALS-Dilithium or ML-DSA), and FIPS 205 (Sphincs+ or SLH-DSA)—designed to protect against quantum-based attacks. A fourth algorithm, FN-DSA (formerly FALCON), is set to be finalized later this year.
ML-KEM, a Module-Lattice-based Key-Encapsulation Mechanism, originates from the round-three version of CRYSTALS-KYBER and is used to securely establish a shared key over public channels.
Microsoft is also preparing for a post-quantum future, updating its SymCrypt cryptographic library to support both ML-KEM and the eXtended Merkle Signature Scheme (XMSS). Microsoft emphasized that the shift to post-quantum cryptography is a “complex, multi-year process” requiring careful execution.
This announcement comes amid revelations of a cryptographic vulnerability affecting Infineon SLE78, Optiga Trust M, and Optiga TPM microcontrollers, which may allow attackers to extract private keys from YubiKey devices using the Elliptic Curve Digital Signature Algorithm (ECDSA).
Known as EUCLEAK (CVE-2024-45678, CVSS score: 4.9), the vulnerability remained undetected in Infineon’s library for 14 years, compromising about 80 highest-level Common Criteria certifications.
The affected YubiKey models include:
- YubiKey 5 Series (versions before 5.7)
- YubiKey 5 FIPS Series (before 5.7)
- YubiKey Bio Series (before 5.7.2)
- YubiHSM 2 (before 2.4.0)
An attacker would require physical access to the device and specialized equipment to exploit the vulnerability. Since YubiKey firmware cannot be updated for security reasons, vulnerable devices remain permanently at risk of exploitation.
Yubico, the maker of YubiKey, has since announced plans to discontinue the use of Infineon’s cryptographic library and switch to its own library for future firmware updates.
A similar side-channel attack was demonstrated in 2021 against Google Titan security keys, where attackers cloned the device using electromagnetic side-channel attacks on its embedded chip.
“[The EUCLEAK] attack necessitates physical access to the secure element for brief electromagnetic side-channel data acquisition,” explained researcher Thomas Roche. “In FIDO protocol cases, this enables cloning of the FIDO device.”
Author : Anuradha Ranaweera – Information Security Enginner