Google Cloud Shields Data With Quantum-Resistant Digital Signatures

Google has launched quantum-safe digital signatures in its Cloud Key Management Service (Cloud KMS) for software-based keys.

Google Cloud said the move is a response to risks posed by the advancement of experimental quantum computing on the security of many public-key cryptography systems used for encrypting data.

“The potential for sufficiently large, cryptographically relevant quantum computers to break these algorithms […] highlights the need for developers to build and implement quantum-resistant cryptography now,” it added a public statement.

What Is Google Cloud KMS?

Google Cloud KMS is a managed service that enables users to create, use, rotate and manage encryption keys for their cloud-based data and applications.

This service is designed for organizations using a cloud identity and access management (IAM) service to protect sensitive data in the cloud and ensure high levels of security and compliance.

The proactive implementation of post-quantum cryptography (PQC) aims to mitigate a potential threat known as “Harvest Now, Decrypt Later” (HNDL).

HNDL describes when malicious actors collect encrypted sensitive information now, with the intention of exploiting it in the future when quantum computing capabilities advance to the point of being able to crack current encryption methods.

Quantum-Safe Digital Signatures in Cloud KMS

Google Cloud’s new feature, available in preview, enables software-based keys to be protected with quantum-safe cryptography.

These quantum-proof signatures will support two post-quantum cryptography (PQC) algorithms:

• FIPS 204 (ML-DSA-65 or CRYSTALS-Dilithium), a lattice-based digital signature algorithm
• FIP 205 (SLH-DSA-SHA2-128S or Sphincs+), a stateless hash-based digital signature algorithm

The tech giant said the move aligns with the US National Institute of Standards and Technology’s (NIST) PQC standards, which were formalized in August 2024.

Google Cloud’s Post-Quantum Roadmap

Additionally, Google Cloud also provided a glimpse into its post-quantum strategy for its encryption products, including Cloud KMS and Hardware Security Modules (Cloud HSM).

This roadmap includes support for FIPS 204, FIPS 205 and FIPS 203 (ML-KEM) as well as future NIST-approved PQC standards.

Google Cloud’s underlying software implementations of these standards will be available as open-source software, said the company.

Google also plans API support for hybridization schemes for future rollout if the cryptographic community reaches a broader consensus.

Jennifer Fernick, Google Cloud’s Senior Staff Security Engineer, and Andrew Foster, Engineering Manager for Google Cloud KMS, said:  “While that future [where quantum computing helps breaking current encryption methods] may be years away, those deploying long-lived roots-of-trust or signing firmware for devices managing critical infrastructure should consider mitigation options against this threat vector now.”

“The sooner we’re able to secure these signatures, the more resilient the digital world’s foundation of trust becomes,” they added.

Google’s announcement comes days after Microsoft released the world’s first quantum chip and warned that quantum computers capable of breaking current encryption protocols will be available in “years, not decades.”

Read now: Going for Gold: HSBC Approves Quantum-Safe Technology for Tokenized Bullions