X25519Kyber768: Post-Quantum Hybrid Algorithm Supported by Google Chrome

Chrome now introduces the X25519Kyber768 algorithm for TLS symmetric secrets, beginning in Chrome 116 and accessible via a flag in Chrome 115.

This hybrid mechanism combines the output of two cryptographic algorithms to create the session key used to encrypt the bulk of the TLS connection:

• X25519 — an elliptic curve algorithm widely used for key agreement in TLS today
• Kyber-768 — a quantum-resistant Key Encapsulation Method, approved by NIST

X25519Kyber768 Post-Quantum Key Exchange for HTTPS Communication

Enable Client Support of Kyber in Google Chrome

If your Google Chrome browser is running version 116 or later, you can enable Kyber support. Simply open your browser and enter the following in the address bar: chrome://flags/#enable-tls13-kyber.

You should be able to locate the setting named TLS 1.3 hybridized Kyber support. If your browser settings are on Default, switch them to Enabled.

Testing the new algorithm

To check if you have enabled Kyber support correctly, it can easily be done using the Cloudflare Research PQC Key Agreement checker tool. You will see if your browser has enabled Kyber support.

PQC support results you may receive depending on your browser’s settings.

Also you can use Chrome’s Developer’s Tools by navigating to the Security tab. It will show the key exchange algorithm used for TLS key exchange.

With X25519Kyber768 enabled in your browser, try visiting different websites to see if your communication is quantum-secure.

Further Reading

Quantum Computing: The Demise of Traditional Cryptography

CRYSTALS Kyber : The Key to Post-Quantum Encryption

CRYSTALS Kyber for Post-Quantum Hybrid Encryption with Java