Google has stopped quantum security in Chrome due to bugs in the middleware or middleware, as the company reports.
Google said Tuesday it temporarily disabled the quantum computer-resistant security feature in Chrome after receiving bug reports that faulty middleware was causing unexpected web connection failures for the few users who had the feature enabled.
The function is known as Combined Elliptic-Curve and Post-Quantum 2, or simply CECPQ2, and was developed to improve cryptography on TLS connections. So when quantum computers are released, potential malicious users will not be able to decrypt HTTPS traffic and have access to secure communications.
CECPQ2 was first developed in 2016, along with Cloudflare engineers, and was available in Chrome 91, which was released in May this year. It was initially enabled for all domains starting with the letter "A", so that Google engineers could test the behavior of the new feature while still working on it.
The feature seems to have worked by adding a basic homogeneous key to the Chrome TLS trading component to further secure an encrypted HTTPS connection.
The error occurred because CECPQ2 generates larger TLS packets.
Google reported that some middleware devices could not handle these packages, resulting in unexpected connection failures.
With the release of Chrome 93 yesterday, Google announced that it was temporarily disabling CECPQ2 for all users to work with middleware vendors to resolve the issue.
Google has stated that CECPQ2 will remain disabled for Chrome 93 and 94 release cycles, and that it is not committed to re-enabling it in Chrome 95.
Users who still want to use CECPQ2 can reactivate it manually for all domains by teasing the following flag. Just change it to "Enabled".
chrome://flags/#post-quantum-cecpq2
According to a document [PDF] published last month, the US National Security Agency (NSA) says it does not know of any quantum computers capable of hacking current encryption algorithms.