Google Introduces First Quantum Resilient FIDO2 Security Key Implementation
18.8.23 Security The Hacker News
Google on Tuesday announced the first quantum resilient FIDO2 security key implementation as part of its OpenSK security keys initiative.
"This open-source hardware optimized implementation uses a novel ECC/Dilithium hybrid signature schema that benefits from the security of ECC against standard attacks and Dilithium's resilience against quantum attacks," Elie Bursztein and Fabian Kaczmarczyck said.
OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
The development comes less than a week after the tech giant said it plans to add support for quantum-resistant encryption algorithms in Chrome 116 to set up symmetric keys in TLS connections.
It's also part of broader efforts to switch to cryptographic algorithms that can withstand quantum attacks in the future, necessitating the need to incorporate such technologies early on to facilitate a gradual rollout.
"Fortunately, with the recent standardization of public key quantum resilient cryptography including the Dilithium algorithm, we now have a clear path to secure security keys against quantum attacks," the Mountain View-based company said.
Similar to how Chrome's hybrid mechanism is a combination of X25519 and Kyber-768, Google's proposed FIDO2 security key implementation is a mix of Elliptic Curve Digital Signature Algorithm (ECDSA) and the recently standardized quantum resistant signature algorithm, Dilithium.
The hybrid signature schema, developed in partnership with ETH Zürich, is a Rust-based memory-optimized implementation that only requires 20 KB of memory, making it ideal to run on security keys' constrained hardware.
The company said it is "hoping to see this implementation (or a variant of it), being standardized as part of the FIDO2 key specification and supported by major web browsers so that users' credentials can be protected against quantum attacks."