Post-Quantum Era Begins in Production
Google has activated ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) post-quantum cryptography by default in Chrome 134, marking the first major browser to ship NIST-standardized post-quantum algorithms to all users globally.
The move protects Chrome users against "harvest now, decrypt later" attacks, where adversaries collect encrypted traffic today with plans to decrypt it once quantum computers become capable of breaking current cryptographic algorithms.
What Changed
Chrome 134 (Stable Channel — February 4, 2026)
| Feature | Details |
|---|---|
| Algorithm | ML-KEM-768 (NIST FIPS 203) |
| Protocol | TLS 1.3 hybrid key exchange |
| Deployment | Enabled by default globally |
| Fallback | Automatic to classical X25519 if server doesn't support PQ |
| Performance | +0.5KB per TLS handshake, <1ms additional latency |
Chrome now uses a hybrid key exchange combining classical X25519 with ML-KEM-768, ensuring connections remain secure even if one algorithm is broken.
Google Cloud Platform
Google announced a phased timeline for all GCP services:
| Phase | Timeline | Scope |
|---|---|---|
| Phase 1 (Complete) | Q4 2025 | Internal Google-to-Google traffic |
| Phase 2 (Current) | Q1 2026 | Cloud Load Balancer, Cloud CDN |
| Phase 3 | Q3 2026 | All GCP managed TLS endpoints |
| Phase 4 | Q1 2027 | Customer-managed certificates with PQ support |
Why This Matters
The Quantum Threat Timeline
| Estimate Source | Cryptographically Relevant QC | Confidence |
|---|---|---|
| NIST | 2030-2035 | Medium |
| IBM Quantum | 2029-2033 | Medium-High |
| Google Quantum AI | 2030-2035 | Medium |
| National Academy of Sciences | 2035+ | Low-Medium |
While practical quantum computers that can break RSA-2048 or ECDH are estimated to be 5-10 years away, the data being transmitted today may have value well beyond that horizon.
"Harvest Now, Decrypt Later" Risk
Nation-state intelligence agencies are widely believed to be recording encrypted internet traffic at scale. Data with long-term sensitivity — government communications, healthcare records, financial data, intellectual property — could be decrypted retroactively once quantum capabilities mature.
Enterprise Impact
What Security Teams Should Do
- Inventory cryptographic dependencies — Identify all systems using RSA, ECDH, or ECDSA
- Test PQ compatibility — Verify firewalls, proxies, and inspection tools handle larger TLS handshakes
- Update TLS inspection — Some security appliances may break on ML-KEM handshakes
- Plan migration roadmap — Align with NIST PQ migration guidelines
- Monitor NIST standards — ML-KEM (FIPS 203), ML-DSA (FIPS 204), SLH-DSA (FIPS 205)
Known Compatibility Issues
| Component | Issue | Mitigation |
|---|---|---|
| Legacy TLS proxies | May reject larger ClientHello | Update firmware or bypass PQ |
| Older firewalls | Cannot inspect PQ-encrypted traffic | Update to PQ-aware firmware |
| Java < 21 | No ML-KEM support | Upgrade to Java 21+ |
| OpenSSL < 3.3 | No ML-KEM support | Upgrade to OpenSSL 3.3+ |
| Some WAFs | False positives on larger handshakes | Whitelist PQ key sizes |
Browser and Platform Support
| Browser/Platform | ML-KEM Support | Status |
|---|---|---|
| Chrome 134+ | ML-KEM-768 | Default on |
| Firefox 135+ | ML-KEM-768 | Behind flag |
| Safari | Not yet | Under development |
| Edge 134+ | ML-KEM-768 | Default on (Chromium) |
| Cloudflare | ML-KEM-768 | Enabled for all plans |
| AWS CloudFront | ML-KEM-768 | Opt-in available |
| nginx 1.27+ | ML-KEM-768 | Manual configuration |