Google Cloud has unveiled quantum-safe digital signatures in its Key Management Service (Cloud KMS) for software-based keys.
The initiative aims to strengthen encryption systems against the future risks posed by quantum computers, which could potentially break traditional cryptographic protocols.
The feature, now in preview, aligns with the National Institute of Standards and Technology's (NIST) post-quantum cryptography (PQC) standards, which were finalized in August 2024. Google Cloud's PQC roadmap includes support for NIST PQC standards (FIPS 203, FIPS 204, FIPS 205, and future updates) in both software (Cloud KMS) and hardware (Cloud HSM), enabling quantum-safe key import, key exchange, encryption/decryption, and digital signature creation. The company has also made its PQC software implementations open source, including FIPS 203 (ML-KEM), FIPS 204 (CRYSTALS-Dilithium / ML-DSA), and FIPS 205 (Sphincs+ / SLH-DSA).
A key driver for adopting post-quantum cryptography (PQC) is the "Harvest Now, Decrypt Later" (HNDL) threat. This tactic involves adversaries collecting encrypted sensitive data today, with the goal of decrypting it in the future when quantum computers become advanced enough to break current encryption methods. Google Cloud's Jennifer Fernick and Andrew Foster emphasized that organizations dealing with long-lived digital signatures, firmware security, and critical infrastructure should take proactive steps to mitigate this risk.
To extend quantum-safe cryptographic protection, Google Cloud is collaborating with Hardware Security Module (HSM) vendors and Google Cloud External Key Manager (EKM) partners. Currently, Cloud KMS supports quantum-safe digital signatures in preview for ML-DSA-65 (FIPS 204) and SLH-DSA-SHA2-128S (FIPS 205). Additionally, Google plans to introduce hybridization schemes in the future if the cryptographic community reaches a broader consensus.
Quantum computing advancements pose a serious long-term risk to encryption security. By integrating PQC early, Google Cloud aims to fortify digital trust and ensure the resilience of modern cryptographic systems. The adoption of quantum-resistant cryptography is crucial for businesses and governments handling sensitive data with extended confidentiality requirements.
