Google Cloud has introduced quantum-safe digital signatures in its Cloud Key Management Service (Cloud KMS), offering them in preview. This move aligns with the National Institute of Standards and Technology’s (NIST) post-quantum cryptography (PQC) standards. The initiative is designed to address the future risks posed by quantum computing, which has the potential to break traditional encryption schemes currently used to safeguard sensitive data.
Quantum-safe encryption is vital for industries relying on Google Cloud, including financial institutions, government agencies, and software developers. These sectors depend on the secure management of cryptographic keys, which are critical for encryption and digital signatures. With quantum computing’s potential to break existing cryptographic methods, Google Cloud aims to protect data from attacks that could compromise confidentiality, integrity, and authenticity.
The digital signatures introduced are based on two new algorithms: ML-DSA-65, a lattice-based digital signature algorithm, and SLH-DSA-SHA2-128S, a stateless hash-based digital signature algorithm. These quantum-resistant algorithms are available for software-based keys within Cloud KMS and can be used in much the same way as conventional public-key cryptography, such as RSA and ECC. The algorithms are also available in Google’s Cloud HSM (Hardware Security Modules) and are open-source, encouraging transparency and independent security audits.
Google Cloud encourages organizations to integrate these quantum-safe algorithms into their existing deployments and provide feedback to improve the product. This step comes as experts recognize the high risk of “harvest now, decrypt later” (HNDL) attacks, which could exploit data encrypted with current schemes once quantum computers become operational. With quantum computing advancements such as Microsoft’s Majorana 1 chip, the need for quantum-resistant encryption is becoming more pressing for protecting sensitive data.
