The researchers who developed the new security key implementation pointed out that a hybrid scheme is needed as some quantum-resistant algorithms have shown signs of weakness. Given that most security keys cannot be upgraded, caution is needed, Google said.
Proof-of-concept (PoC) source code has been released as part of Google’s OpenSK project. The OpenSK project was announced in early 2020 and its goal is to provide open source code for hardware security keys. As part of the project, the tech giant also provides the resources necessary to 3D print a security key enclosure.
“On the technical side, a large challenge was to create a Dilithium implementation small enough to run on security keys’ constrained hardware. Through careful optimization, we were able to develop a Rust memory optimized implementation that only required 20 KB of memory, which was sufficiently small enough,” Google explained in a blog post.
“We also spent time ensuring that our implementation signature speed was well within the expected security keys specification. That said, we believe improving signature speed further by leveraging hardware acceleration would allow for keys to be more responsive,” it added.
While it will take some time until quantum attacks become a reality, Google believes the industry needs to take action as early as possible given the difficulty of widely deploying new cryptography across the internet.
Google hopes that its implementation will be standardized at some point and supported by all major web browsers.
Related: Quantum Decryption Brought Closer by Topological Qubits
Related: QuSecure and Accenture Test Multi-Orbit Communications Link Using Post-Quantum Cryptography
Related: QuSecure Unveils Quantum-Resilient Communications Satellite Link
Related: News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
