Google recently unveiled quantum-safe digital signatures in its Cloud Key Management Service (Cloud KMS), aligning with the National Institute of Standards and Technology (NIST) post-quantum cryptography (PQC) standards. This update, now available in preview, addresses the growing concern over the potential risks posed by future quantum computers, which could crack traditional encryption methods.
Quantum computing, with its ability to solve problems exponentially faster than classical computers, presents a serious challenge to current cryptographic systems. Algorithms like Rivest–Shamir–Adleman (RSA) and elliptic curve cryptography (ECC), which are fundamental to modern encryption, could be vulnerable to quantum attacks.
One of the primary threats is the “Harvest Now, Decrypt Later” (HNDL) model, where attackers store encrypted data today with plans to decrypt it once quantum computers become viable. While large-scale quantum computers capable of breaking these cryptographic methods are not yet available, experts agree that preparing for this eventuality is crucial.
To safeguard against these quantum threats, Google integrates two NIST-approved PQC algorithms into Cloud KMS. The first is the ML-DSA-65 (FIPS 204), a lattice-based digital signature algorithm; the second is SLH-DSA-SHA2-128S (FIPS 205), a stateless, hash-based signature algorithm. These algorithms provide a quantum-resistant means of signing and verifying data, ensuring that organizations can continue to rely on secure encryption even in a future with quantum-capable adversaries.
Google’s decision to integrate these algorithms into Cloud KMS allows enterprises to test and incorporate quantum-resistant cryptography into their security workflows. The cryptographic implementations are open-source via Google’s BoringCrypto and Tink libraries, ensuring transparency and allowing for independent security audits. This approach is designed to help organizations gradually transition to post-quantum encryption without overhauling their entire security infrastructure.
The authors of a Google Cloud blog post write:
While that future may be years away, those deploying long-lived roots-of-trust or signing firmware for devices managing critical infrastructure should consider mitigation options against this threat vector now. The sooner we can secure these signatures, the more resilient the digital world’s foundation of trust becomes.
Google’s introduction of quantum-safe digital signatures comes at a time when the need for post-quantum security is becoming increasingly urgent. The rapid evolution of quantum computing, highlighted by Microsoft’s recent breakthrough with its Majorana 1 chip, raises concerns over the imminent risks of quantum computers. While these machines are not yet powerful enough to crack current encryption schemes, experts agree that the timeline to quantum readiness is narrowing, with NIST aiming for compliance by 2030.Top of Form
Phil Venables, a Chief Information Security Officer at Google Cloud, tweeted on X:
Cryptanalytically Relevant Quantum Computers (CRQCs) are coming—perhaps sooner than we think, but we can conservatively (and usefully) assume in the 2032 – 2040 time frame. Migrating to post-quantum cryptography will be more complex than many organizations expect, so starting now is vital. Adopting crypto-agility practices will mitigate the risk of further wide-scale changes as PQC standards inevitably evolve.
