Google announced on Thursday the development of quantum -proof digital signatures (FIPS 204/FIPS 205) in Google Cloud Key Management Service (Cloud KMS) to software -based keys. This is available in preview.
The Search giant also provided a high-level view in its post quantum strategy for Google Cloud encryption products, including Cloud KMS and Cloud Hardware Security Module (Cloud HSM).
Mounting Concern over Public-Key Cryptography Systems
This is important, the company said, because the security of many of the world’s most commonly used public key-cryptography systems has increasingly become a problem as experimental quantum calculation continues to move on. Large, cryptographically relevant quantum computers have the potential to break these algorithms.
However, Post-Quantum Cryptography (PQC) can use existing hardware and software to mitigate these risks. New PQC standards from the National Institute of Standards and Technology (NIST) became available in August 2024, enabling tech suppliers around the world to begin PQC migations.
“At Google, we take post-quantum computing risks seriously,” Jennifer Fernick, a senior worker’s security engineer, and Andrew Foster, engineering manager for Cloud KMS, wrote in a Google Cloud blog post. “We started testing PQC in Chrome in 2016, we have used PQC to protect internal communication since 2022, and we have taken additional quantum-computing protection measures in Google Chroma Desktop and Google products (such as Gmail and Cloud Console). “
Google’s approach to quantum -safe Sky KMS
Google Detailed Steps that the company takes to make Google Cloud Kms Quantum-Safe, which includes:
- Offers software and hardwares support for standardized quantum-proof algorithms.
- Supports migration paths for existing keys, protocols and customer processing to adopt PQC.
- Quantum-Proofing Google’s underlying core infrastructure.
- Analysis of security and performance of PQC algorithms and implementations.
- Contributes technical comments to PQC Advocacy efforts in standards for bodies and government organizations.
Pantage of Open Source Availability
Google’s Cloud KMS PQC schedule supports NIST Post-Quantum Cryptography Standards (FIPS 203, FIPS 204, FIPS 205 and FUTURE STANDARDS), which can help customers establish according to the company.
The software implementations of these standards will be available to Cloud KMS clients such as Open Source software and maintained as part of Google author, Open Source Cryptographic Libraries BoringCrypto and Tink, wrote Fernick and Foster.
Quantum-proof digital signatures are now available in Cloud KMS, so customers can use Google’s existing API to cryptographically sign data and validate signatures using NIST-standard quantum-proof cryptography with key pairs stored in Cloud KMS.
“This removes the most important work of testing and integrating these signing schemes into existing workflows in front of a wider adoption,” explained Fernick and Foster. “It can also help ensure that kidney’s digital signatures are resistant to attacks by future opponents who may have access to cryptographically relevant quantum computers.”