Google Cloud is introducing quantum-safe digital signatures in its Cloud Key Management Service (Cloud KMS). The signature accounts are available in preview.
So writes BleepingComputer. The tech giant says the implementation aligns with the National Institute of Standards and Technology’s (NIST) post-quantum cryptography standards (PQC). The signatures address future risks in which quantum computers can crack classical encryption methods.
Protecting sensitive data
Because Google Cloud is used by financial institutions, large enterprises, government agencies, critical infrastructure and software developers, the introduction of quantum-secure encryption is essential for protecting sensitive data from sophisticated attacks.
Cloud KMS is Google Cloud’s encryption key management solution. It allows users to securely generate, store and manage cryptographic keys to encrypt and sign data.
When using conventional public-key cryptography, such as RSA and ECC, customers risk exposing their data to so-called “harvest now, decrypt later” (HNDL) attacks in the future.
Majorana 1 development concerns
Currently, quantum computers that can crack current encryption methods do not yet exist. Still, experts agree that the HNDL risk is too great to ignore. Microsoft’s announcement of the Majorana 1 chip breakthrough increases that concern. After all, this is an important step in the development of a future quantum computer.
To future-proof our data, Google is now integrating quantum-resistant cryptography. And it does so in both Cloud KMS (software) and Cloud HSM (hardware security modules).
Google uses two algorithms. First, ML-DSA-65 (FIPS 204). This is a lattice-based digital signature algorithm. And second, SLH-DSA-SHA2-128S (FIPS 205). This is a stateless hash-based digital signature algorithm. Cloud KMS now allows users to use and verify digital signatures with these new PQC algorithms, just as with classical cryptography.
The cryptographic implementations are open-source via BoringCrypto and Tink libraries. This ensures transparency and enables independent security audits.
Google calls on organizations to test and integrate quantum-resistant algorithms into existing systems and share their feedback to solve potential problems.