Google stopped quantum security in Chrome due to bugs in the middleman software or middleware as stated by the company.
Google said on Tuesday that it had temporarily disabled the feature quantum computer-resistant security in Chrome, as it received bug reports of faulty middleware causing unexpected failures connections on websites for the few users who had the feature enabled.
The function is known as Combined Elliptic-Curve and Post-Quantum 2, or simply CECPQ2, and was developed to improve cryptography in TLS connections. So when quantum computers are released, potential malicious users will not be able to decrypt HTTPS traffic and have access in secure communications.
CECPQ2 was first developed in 2016, along with Cloudflare engineers, and was available in Chrome 91, which was released in May this year. Initially activated for all domains that started with the letter “A” so that Google engineers could test the behavior of the new feature while they were still working on it.
The feature seems to have worked by adding a basic homogeneous key to the Chrome TLS trading component to further secure an encrypted HTTPS connection.
The error occurred because CECPQ2 generates larger TLS packets.
Google reported that some middleware devices could not handle these packages, resulting in unexpected connection failures.
With the release of Chrome 93 yesterday, Google announced that it was temporarily disabling CECPQ2 for all users to work with middleware vendors to resolve the issue.
Google has stated that CECPQ2 will remain disabled for Chrome 93 and 94 release cycles, and that it is not committed to re-enabling it in Chrome 95.
Users who still want to use CECPQ2 can reactivate it manually for all domains by teasing the following flag. Just change it to "Enabled".
chrome://flags/#post-quantum-cecpq2
According to a document [PDF] published last month, the US National Security Agency (NSA) says it does not know of any quantum computers capable of hacking current encryption algorithms.