Hey there, human — the robots need you! Vote for IEEE’s Robots Guide in the Webby Awards.

Close bar

Google Develops Quantum-Safe Security Keys

A professional-grade authentication method gets a makeover fit for the quantum age.

3 min read

closeup of fingers holding onto a black stick with a gold Y and lines at the end
GK Images/Alamy

There’s a race on to update the cybersecurity infrastructure before quantum computers become capable of cracking the current standards. Now Google has developed a quantum-resilient way of implementing the FIDO2 security key standard, an increasingly popular method of authentication that’s used as an alternative to passwords.

Security keys, like passwords, help users prove their identity so they can authenticate to digital services. But unlike passwords, security keys are unlikely to be compromised because they are physical devices built for the sole purpose of performing authentication. They are the size of USB sticks, and they plug into secondary devices like laptops when users need to perform authentication. Security keys are resistant to phishing attacks because they work in two directions: They help users authenticate services, and they authenticate users to services. Because authentication happens on a separate device that’s engineered to be hard to compromise, these keys are generally quite secure.

“Whenever you have a website that supports FIDO2 authentication, you can use your security key,” said quantum security researcher Tommaso Gagliardoni, who works at Kudelsky Security. “It’s still a very small number of people who are using that, but among security professionals I think they are becoming more and more common.”

Services are slowly adding support for security keys, starting with the big operators like Google, Microsoft, and Facebook. Drawbacks include their cost—most other forms of authentication are free—and the potential for users to misplace their security keys and need to replace them.

Google took a hybrid approach that combines a traditional public-key cryptography algorithm with Dilithium for authentication.

Public-key cryptography is the technology that makes security keys possible, by providing the proof-of-identity logic to authenticate users and services using digital signatures. That technology is also what makes security keys vulnerable to quantum attacks, because ultimately, quantum computers will break all current forms of public-key cryptography, researchers say.

Google’s implementation uses one of the post-quantum cryptography algorithms approved by the National Institute of Standards and Technology (NIST) for standardization last year. The algorithm, called Dilithium, is designed specifically for digital signatures. Because Dilithium is not yet an official standard and has not long been in use under real-world conditions, Google took a hybrid approach that combines a traditional public-key cryptography algorithm with Dilithium for authentication.

Gagliardoni said Google’s biggest contribution is in finding a way to optimize the Dilithium algorithm so that it can run on the hardware of a typical security key, which has limited memory and processing power.

“If you take the implementation of the quantum-resistant scheme as it is published by NIST and you try to put it in hardware, it will not work because it will require too much memory,” he said.

To make it work, Google reduced the amount of memory Dilithium is supposed to run on in exchange for a slightly slower operation. David Turner, senior director of standards development at FIDO Alliance, which manages password-free authentication standards, said postquantum changes to security keys are expected to come with challenges. In order to create a more secure connection, new algorithms could increase the complexity of authentication protocols and require a longer time to process the authentication.

Google’s implementation still lacks a protection against side-channel attacks, Gagliardoni said. That’s where hackers break the cryptography by gaining direct physical access to the security keys. A stereotypical side-channel attack might involve a hacker breaking into the hotel room of a target and hacking into their security key left unguarded on a desk, stealing their target’s digital signature, then leaving the key intact without the target ever knowing. Google’s implementation ignores those types of local threats and focuses only on remote attacks—which makes some sense because it would be difficult to sneak a quantum computer into a hotel room.

The implementation was released through Google’s open-source project for security keys, OpenSK. Many platforms that rely on public-key cryptography will soon need to make the transition to postquantum algorithms, particularly platforms that handle highly sensitive encrypted information and important services that have long life spans, such as satellites. Services and data with long life spans are vulnerable to quantum attacks even if threats take decades to materialize, which is why they should be prioritized. Security keys can be in use for many years but are only just gaining in popularity, so they are a good early choice for transitioning.

There will be many more transitions like this in the years to come, including Google’s recent work with transport layer security in the Chrome browser.

This article appears in the November 2023 print issue.

The Conversation (0)