Recently, Google announced they are testing a quantum resistant cryptographic algorithm for the Chrome browser, specifically the new Canary version used for experimentation. If you are unfamiliar with quantum resistant algorithms, you can watch the short video or read a series of blog posts.
I applaud Google's effort to take this important first step toward addressing the existential challenges of quantum computing by creating a more future-proof way for users to securely communicate over the internet. I urge the other browser vendors to follow suit.
However, I am puzzled by Google's choice of quantum resistant crypto, an algorithm called "New Hope." A better choice would have been Security Innovation’s NTRU algorithm. Although New Hope and NTRU are both based on a technology known as lattice-based cryptography, one of the biggest differences between the two is that NTRU has been probed, prodded and scrutinized for nearly 20 years, while New Hope is less than a year old. NTRU’s scrutiny has taken many forms. NTRU Encrypt and its signature schemes have had 47 scientific research papers and surveys published about it and has been standardized by X9 for data security for financial services and by the IEEE 1363. Over the past eighteen months, Security Innovation has been running the NTRU Challenge, in which researchers can earn cash rewards for breaking the algorithm. However, the world’s best researchers have only succeeded in breaking the lowest security levels and have done so in our predicted amount of time. New Hope has not undergone this significant level of scrutiny and has not been standardized.
But I'm not alone in thinking that New Hope is not ready for prime time. Security guru Bruce Schneier described it in his blog by saying "this algorithm is by no means ready for operational use. Secure public-key algorithms are very hard to create, and this one has not had nearly enough analysis to be trusted."
With cryptography, the maturity of an algorithm is very important. Cryptography is a very difficult field, particularly complex algorithms based on lattice technology. It takes years for academics and researchers to put an algorithm through its paces. Many end users, particularly large corporations, cannot afford to consider immature algorithms as the mechanism to protect their critical communications and data. Google added New Hope in Canary for a 2-year experimentation period and does not intend for it to protect critical information. But I believe that their users would have been better served by offering a proven algorithm like NTRU.