Google on Tuesday announced the first quantum resilient FIDO2 security key implementation as part of its OpenSK security keys initiative.
“This open-source hardware optimized implementation uses a novel ECC/Dilithium hybrid signature schema that benefits from the security of ECC against standard attacks and Dilithium’s resilience against quantum attacks,” Elie Bursztein and Fabian Kaczmarczyck said.
OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
The development comes less than a week after the tech giant said it plans to add support for quantum-resistant encryption algorithms in Chrome 116 to set up symmetric keys in TLS connections.
![Cybersecurity](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgNmNiBV8c8Rp0Xy6N9lCX9JL2cBlrjkSeuW4JhgOVQ3mKTsYV4pPvh3nDz32D97D8XcWQ53EJ1p4n2VX0gZH_YrBZBqElUMfzFWgb50P8lv1iac_1f-p5liZzC1ISVWJygv2s1Qm36rOHwk_kPXUNNT3nbSDr144QYZ6XGq0aXRDOrFfSlUnHnc0x4Fe_F/s728-e3650/cis-d.gif)
It’s also part of broader efforts to switch to cryptographic algorithms that can withstand quantum attacks in the future, necessitating the need to incorporate such technologies early on to facilitate a gradual rollout.
“Fortunately, with the recent standardization of public key quantum resilient cryptography including the Dilithium algorithm, we now have a clear path to secure security keys against quantum attacks,” the search giant said.
Similar to how Chrome’s hybrid mechanism – which is a combination of X25519 and Kyber-768 – Google’s proposed FIDO2 security key implementation is a mix of Elliptic Curve Digital Signature Algorithm (ECDSA) and the recently standardized quantum resistant signature algorithm, Dilithium.
The hybrid signature schema, developed in partnership with ETH Zürich, is a Rust-based memory-optimized implementation that only requires 20 KB of memory, making it ideal to run on security keys’ constrained hardware.
The company said it is “hoping to see this implementation (or a variant of it), being standardized as part of the FIDO2 key specification and supported by major web browsers so that users’ credentials can be protected against quantum attacks.”