Intent to Experiment: Algorithm Updates in WebCrypto

38 views
Skip to first unread message

Chromestatus

unread,
9:38 AM (5 hours ago) 9:38 AM
to blin...@chromium.org, dad...@google.com, jdeb...@chromium.org, hc...@chromium.org
Contact emails
hc...@chromium.org

Explainer
No information provided

Specification
https://wicg.github.io/webcrypto-modern-algos

Summary
Add post-quantum cryptography and a common symmetric AEAD to the set of cryptographic algorithms available in the Web Cryptography API. This will enable developers to have access browser-provided implementations of common quantum-resistant cryptographic algorithms standardized by NIST. * ML-KEM - 768, 1024 * ML-DSA - 44, 65, 87 * ChaCha20-Poly1305 * X-Wing

Blink component
Blink>WebCrypto

Web Feature ID
web-cryptography

TAG review
No information provided

TAG review status
Pending

Goals for experimentation
None

Risks


Interoperability and Compatibility
Won't work cross-browser until other browsers implement any of these new algorithms.

Gecko: Neutral (https://github.com/mozilla/standards-positions/issues/1282) Despite being neutral, Firefox is shipping anyway

WebKit: Neutral (https://github.com/WebKit/standards-positions/issues/641) Everyone is neutral because no one likes the Web Crypto API, but everyone agrees we should add PQC to it.

Web developers: No signals

Other signals:

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

No information provided


Ongoing technical constraints
No information provided

Debuggability
No information provided

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?
Yes

Is this feature fully tested by web-platform-tests?
Yes
https://wpt.fyi/results/WebCryptoAPI

DevTrial instructions
https://docs.google.com/document/d/1iFYtR2gab5wDh9DM00BSO8sqPtG6ATWPczmBoD2yLng/edit?usp=sharing

Flag name on about://flags
webcrypto-pqc

Finch feature name
WebCryptoPQC

Requires code in //chrome?
False

Tracking bug
https://issues.chromium.org/issues/450627017

Launch bug
https://launch.corp.google.com/launch/4463007

Measurement
New Methods: https://chromestatus.com/metrics/feature/timeline/popularity/5830 https://chromestatus.com/metrics/feature/timeline/popularity/5831 https://chromestatus.com/metrics/feature/timeline/popularity/5832 https://chromestatus.com/metrics/feature/timeline/popularity/5833 https://chromestatus.com/metrics/feature/timeline/popularity/5901 New Algorithms: https://chromestatus.com/metrics/feature/timeline/popularity/5678, https://chromestatus.com/metrics/feature/timeline/popularity/5679, https://chromestatus.com/metrics/feature/timeline/popularity/5680, https://chromestatus.com/metrics/feature/timeline/popularity/5681, https://chromestatus.com/metrics/feature/timeline/popularity/5682, https://chromestatus.com/metrics/feature/timeline/popularity/5683, https://chromestatus.com/metrics/feature/timeline/popularity/5898,

Estimated milestones
Origin trial desktop first151
Origin trial desktop last154
DevTrial on desktop150
Origin trial Android first151
Origin trial Android last154
DevTrial on Android150


Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5198951632470016?gate=5928130913107968

Links to previous Intent discussions
Intent to Prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/68e95ca2.2b0a0220.2c868e.0000.GAE%40google.com
Ready for Trial: https://groups.google.com/a/chromium.org/g/blink-dev/c/WKF2N040tGM


This intent message was generated by Chrome Platform Status.

Mike Taylor

unread,
9:48 AM (4 hours ago) 9:48 AM
to Chromestatus, blin...@chromium.org, dad...@google.com, jdeb...@chromium.org, hc...@chromium.org

On 6/17/26 9:38 a.m., Chromestatus wrote:

Contact emails
hc...@chromium.org

Explainer
No information provided

Specification
https://wicg.github.io/webcrypto-modern-algos

Summary
Add post-quantum cryptography and a common symmetric AEAD to the set of cryptographic algorithms available in the Web Cryptography API. This will enable developers to have access browser-provided implementations of common quantum-resistant cryptographic algorithms standardized by NIST. * ML-KEM - 768, 1024 * ML-DSA - 44, 65, 87 * ChaCha20-Poly1305 * X-Wing

Blink component
Blink>WebCrypto

Web Feature ID
web-cryptography

TAG review
No information provided

TAG review status
Pending

Goals for experimentation
None
Can you say more why you want to run an OT (or is this a Finch stable experiment) instead of just shipping?
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/6a32a33e.341e3fe1.243138.0c5e.GAE%40google.com.

Hubert Chao

unread,
10:14 AM (4 hours ago) 10:14 AM
to Mike Taylor, Chromestatus, blin...@chromium.org, dad...@google.com, jdeb...@chromium.org, David Benjamin
On Wed, Jun 17, 2026 at 9:48 AM Mike Taylor <mike...@chromium.org> wrote:

On 6/17/26 9:38 a.m., Chromestatus wrote:

Contact emails
hc...@chromium.org

Explainer
No information provided

Specification
https://wicg.github.io/webcrypto-modern-algos

Summary
Add post-quantum cryptography and a common symmetric AEAD to the set of cryptographic algorithms available in the Web Cryptography API. This will enable developers to have access browser-provided implementations of common quantum-resistant cryptographic algorithms standardized by NIST. * ML-KEM - 768, 1024 * ML-DSA - 44, 65, 87 * ChaCha20-Poly1305 * X-Wing

Blink component
Blink>WebCrypto

Web Feature ID
web-cryptography

TAG review
No information provided

TAG review status
Pending

Goals for experimentation
None
Can you say more why you want to run an OT (or is this a Finch stable experiment) instead of just shipping

We'd like to get a few sites to test out the new algorithms in real-world scenarios before shipping it, to ferret out any subtle bugs that might've slipped past us. The WPTs test are extensive, but we've already caught a few bugs that slipped in during the development process (e.g. crbug.com/512509718, a JWK export/import bug for ML-KEM fixed by crrev.com/c/7887900), and we'd like to prevent oddities from getting baked into our implementation because we missed something (an old historical example: https://issues.chromium.org/issues/40365706).

Ensuring that the algorithms are cryptographically correct is not as big of a worry (as we're using BoringSSL's implementation of the crypto). Performance is also not a huge concern, but it would be good to get this evaluated with in-the-world usage.

/hubert

 

Mike Taylor

unread,
11:05 AM (3 hours ago) 11:05 AM
to Hubert Chao, Chromestatus, blin...@chromium.org, dad...@google.com, jdeb...@chromium.org, David Benjamin

Thanks - LGTM

Reply all
Reply to author
Forward
0 new messages