Article Details
Scrape Timestamp (UTC): 2025-02-23 15:11:37.605
Original Article Text
Click to Toggle View
Google Cloud introduces quantum-safe digital signatures in KMS. Google Cloud has introduced quantum-safe digital signatures to its Cloud Key Management Service (Cloud KMS), making them available in preview. The tech giant says this initiative aligns with the National Institute of Standards and Technology's (NIST) post-quantum cryptography (PQC) standards, addressing future risks of quantum computing breaking classic encryption schemes. With Google Cloud being used by financial institutions, large enterprises, government agencies, critical infrastructure units, and software developers, the introduction of quantum-safe encryption is crucial for safeguarding sensitive data from advanced attacks. Quantum-ready Cloud KMS Cloud KMS is Google Cloud's encryption key management tool used for securely generating, storing, and managing cryptographic keys that encrypt and sign data. By using conventional public-key cryptography such as RSA and ECC, customers run the risk of having their data exposed in the future via what is known as 'harvest now, decrypt later' (HNDL) attacks. Although quantum computers capable of breaking current encryption schemes do not exist yet, all experts agree that the HNDL risk is too high to ignore. This concern is further heightened by Microsoft's announcement of its Majorana 1 chip breakthrough, representing a crucial step toward building a future quantum computer. To help future-proof our data, Google is now integrating quantum-resistant cryptography into Cloud KMS (software) and Cloud HSM (hardware security modules). The two algorithms that are adopted are ML-DSA-65 (FIPS 204), a lattice-based digital signature algorithm, and SLH-DSA-SHA2-128S (FIPS 205), a stateless hash-based digital signature algorithm. "Today, we're excited to announce quantum-safe digital signatures (FIPS 204/FIPS 205) in Google Cloud Key Management Service (Cloud KMS) for software-based keys, available in preview," reads Google's announcement. "We're also sharing a high-level view into our post-quantum strategy for Google Cloud encryption products, including for Cloud KMS and our Hardware Security Modules (Cloud HSM)." Cloud KMS now allows users to sign and verify digital signatures using these new PQC algorithms, just like they would with classical cryptography. The cryptographic implementations will be open-source (via BoringCrypto and Tink libraries), maintaining transparency and allowing independent security audits. Google invites organizations to start testing and integrating quantum-resistant algorithms into existing deployments and report their feedback to help iron out any problems.
Daily Brief Summary
Google Cloud has introduced quantum-safe digital signatures to its Cloud Key Management Service (Cloud KMS) to combat potential future quantum computing threats.
This update aligns with the National Institute of Standards and Technology (NIST) on post-quantum cryptography (PQC) standards.
Quantum-safe cryptography is considered essential for protecting sensitive data of financial institutions, government agencies, and other high-stake entities against advanced decryption methods.
The new cryptographic options in Cloud KMS include two algorithms: ML-DSA-65 and SLH-DSA-SHA2-128S, designed to be resistant to quantum attacks.
Although fully functional quantum computers do not exist yet, the risk of future 'harvest now, decrypt later' attacks prompts the need for preemptive updates to encryption methods.
Google's implementation also extends to their Cloud Hardware Security Modules (HSM), enhancing overall data security within their cloud infrastructure.
These cryptographic implementations are open-source, allowing for community involvement and independent security verifications.
Google encourages enterprises to begin testing these quantum-resistant algorithms to prepare for future security landscapes and provide feedback for further improvements.