Set #enable-tls13-kyber to Enabled by default on Android

[Metrokoto]

Preliminary checklist

• [X] I have read the README
• [X] I have searched existing issues for my feature request. This is a new issue (NOT a duplicate) and is not related to another issue.
• [X] I have searched wont fix issues and this request is not among them
• [X] This is a feature request for the Cromite browser; not the website nor F-Droid nor anything else.

Is your feature request related to privacy?

Yes

Is there a patch available for this feature somewhere?

enable-tls13-kyber

Describe the solution you would like

Cloudflare is one of the leading CDNs around currently. They offer support for the latest Post-quantum TLS encryption standards (aka Kyber) to all of their customers, meaning a large portion of the web supports this new privacy and security enhancing TLS standard already.

It is currently set to Disabled by default in Chromium, however I believe this should be added as a Cromite flag with it set to Enabled by default, as the benefits are obvious and the downsides, as far as I can tell, non-existent.

This would enhance the privacy and security offered by Cromite by allowing all connections that support it to use Kyber encryption, without the need for a user to be technically competent enough to know what it is and how to enable it.

TLDR; This would enhance security and privacy for TLS, with no obvious downsides, the proposed solution is enabling the flag by default and moving it to a Cromite flag.

More info: https://blog.cloudflare.com/post-quantum-for-all/ https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html

Describe alternatives you have considered

Enabling #enable-tls13-kyber in chrome://flags

[uazo]

yes, I am aware of the new kPostQuantumKyber flag introduced with 111.0.5563.50 (https://issues.chromium.org/issues/40910498) is currently active by default on desktops.

I do not activate it by default because unfortunately I know nothing about it, and this sentence in the chromium policy scares me:

Offering Kyber is backwards-compatible. Existing TLS servers and networking middleware
are expected to ignore the new option and continue selecting previous options.

However, devices that do not correctly implement TLS may malfunction when offered the
new option. 

For example, they may disconnect in response to unrecognized options or the
resulting larger messages. Such devices are not post-quantum-ready and will interfere
with an enterprise's post-quantum transition. If encountered, administrators should
contact the vendor for a fix.

I normally do not activate anything by default that I do not understand

[Metrokoto]

yes, I am aware of the new kPostQuantumKyber flag introduced with 111.0.5563.50 (https://issues.chromium.org/issues/40910498) is currently active by default on desktops.

I do not activate it by default because unfortunately I know nothing about it, and this sentence in the chromium policy scares me:

Offering Kyber is backwards-compatible. Existing TLS servers and networking middleware
are expected to ignore the new option and continue selecting previous options.

However, devices that do not correctly implement TLS may malfunction when offered the
new option. 

For example, they may disconnect in response to unrecognized options or the
resulting larger messages. Such devices are not post-quantum-ready and will interfere
with an enterprise's post-quantum transition. If encountered, administrators should
contact the vendor for a fix.

I normally do not activate anything by default that I do not understand

There is currently no known issues with Kyber encryption, I have checked all the relevant bug trackers.

As for explaining what it is, I asked GPT-4o to write an explainer, I hope this helps you understand it;

Post-quantum Kyber TLS refers to the implementation of the Kyber key encapsulation mechanism (KEM) within the Transport Layer Security (TLS) protocol to secure communications against the potential threat posed by quantum computers. Here's a detailed explanation:

Context

TLS Protocol: TLS is the standard protocol used to secure internet communications. It ensures privacy and data integrity between communicating applications, such as a web browser and a server.

Quantum Threat: Quantum computers, once sufficiently advanced, could break many of the cryptographic schemes currently in use, such as RSA and ECC (Elliptic Curve Cryptography), which rely on the difficulty of factoring large numbers or solving discrete logarithms, tasks that quantum computers can solve efficiently using Shor's algorithm.

Post-Quantum Cryptography

To mitigate the threat posed by quantum computers, new cryptographic algorithms are being developed that are believed to be secure against quantum attacks. These are known as post-quantum or quantum-resistant algorithms.

Kyber KEM

Kyber is one of these post-quantum cryptographic algorithms. Specifically, it is a key encapsulation mechanism (KEM) based on the hardness of lattice problems, which are considered resistant to quantum attacks. Kyber was selected for standardization by the National Institute of Standards and Technology (NIST) as part of their post-quantum cryptography project.

Kyber in TLS

Key Encapsulation Mechanism: In the context of TLS, a KEM is used during the handshake phase to securely exchange cryptographic keys. Kyber KEM can replace or work alongside traditional key exchange mechanisms (such as Diffie-Hellman) in TLS to provide quantum-resistant security.

Implementation:

1. Handshake Phase: During the TLS handshake, the client and server agree on cryptographic parameters and establish shared keys for encrypting the session. With Kyber, this involves:
   • The server generates a Kyber public/private key pair and sends the public key to the client.
   • The client uses the server’s public key to generate a shared secret and a ciphertext.
   • The client sends the ciphertext back to the server.
   • The server decrypts the ciphertext using its private key to obtain the shared secret.
2. Session Encryption: The shared secret is then used to derive session keys, which encrypt the data transmitted during the session.

Benefits:

• Quantum Resistance: By integrating Kyber into TLS, the resulting communication is secure against potential future quantum computers.
• Performance: Kyber is designed to be efficient in terms of computational overhead and bandwidth usage, making it practical for real-world applications.

Challenges:

• Compatibility: Ensuring Kyber-based TLS works seamlessly with existing infrastructure and software.
• Standardization and Adoption: Widespread adoption requires robust standards and thorough vetting by the cryptographic community.

Conclusion

Post-quantum Kyber TLS is a crucial step in future-proofing internet security against the advent of quantum computing. By incorporating Kyber KEM into the TLS protocol, it ensures that secure communications remain protected even in the face of quantum advancements, maintaining the confidentiality and integrity of data exchanged over the internet.

[uazo]

no, it is not the protocol that worries me, it is the compatibility with android devices.

[Metrokoto]

no, it is not the protocol that worries me, it is the compatibility with android devices.

I believe the underlying compatibility is dependent on the SSL implementation being used, and as far as I know Chrome/Chromium uses Google's BoringSSL, and therefore, Kyber should be compatibile with anything that can run Cromite on it.

I mean, Google makes Android and Chrome/Chromium, I doubt we will run into issues. Perhaps just flip the switch and see what happens, we don't have any way of knowing otherwise.

Also; I doubt Cloudflare would ship something by default on all of their customer's sites if it were going to cause issues.

[uazo]

yes, but if the chromium team doesn't trust it to activate it by default in android, perhaps there is a reason we don't know.

[uazo]

and since I have no telemetry or finch to use, I wait until they are sure.

[Metrokoto]

yes, but if the chromium team doesn't trust it to activate it by default in android, perhaps there is a reason we don't know.

Probably because it is new? That happens with many things, it doesn't mean they are unstable.

It could also be in a phased rollout, who knows?

[uazo]

That happens with many things, it doesn't mean they are unstable.

I did not say that, but since I do not fully understand, I do not activate it.

I don't think it is default on Windows either yet.

yes, it is. https://source.chromium.org/chromium/chromium/src/+/refs/tags/127.0.6533.89:net/base/features.cc;l=138-144;bpv=1;bpt=0

It could also be in a phased rollout, who knows?

may be, I do not know that. when I understand how finch works I will tell you.