Google’s Cloud Key Management Service (Cloud KMS) now supports quantum-safe digital signatures that align with recently published post-quantum cryptography (PQC) standards from the National Institute of Standards and Technology (NIST).The company announced Thursday that FIPS 204 and FIPS 205 compliant cryptography methods are now available in preview via the existing Cloud KMS API. Customers can use the API to sign data and validate signatures using cryptographic algorithms that are resistant to potential future decryption by quantum computers.Googe Cloud KMS supports both the ML-DSA-65 lattice-based digital signature scheme, which aligns with FIPS 204, and the SLH-DSA-SHA2-128S stateless hash-based digital signature scheme, which complies with FIPS 205.These PQC methods are designed to protect against future quantum threats, including “Harvest Now, Decrypt Later” attacks, where encrypted data stolen prior to the availability of quantum computers is stored in the hopes of deciphering it later.Getting ahead of quantum computing using quantum-safe signatures and encryption is important to ensure encrypted secrets remain safe even as decryption methods evolve.NIST’s PQC standards were published in August 2024 after several years of development and feedback. Google has been testing PQC in its products since 2016, beginning with testing of a post-quantum key exchange algorithm in the Chrome browser. Google has also used PQC for its internal communications since 2022, specifically the lattice-based NTRU-HRSS key encapsulation mechanism (KEM) algorithm.Google plans to make its implementations of ML-DSA-65 and SLH-DSA-SHA2-128S for Cloud KMS open source “to enable full transparency and code-availability of our algorithmic implementations to our customers and to the broader security community,” stated Jennifer Fernick, senior staff product security engineer, and Andrew Foster, engineering manager for Cloud KMS, in the announcement. The PQC software implementations for Cloud KMS will be included in Google’s open-source cryptographic libraries BoringCrypto and Tink.The company ultimately plans to include support for all current and future NIST PQC standards for both software, via Cloud KMS, and hardware, via Cloud Hardware Security Module (Cloud HSM). The Cloud KMS API doesn’t currently support digital signature hybridization, where classical and post-quantum cryptography schemes are used together, with Google citing a lack of consensus regarding hybridization in the cryptographic community.“We commit to staying on top of developments in post-quantum cryptography, including incorporating any future algorithm standards from NIST. We are prepared to adapt to any changes that may arise as the quantum cryptanalytic landscape evolves over time, particularly if future cryptanalysis demonstrates attacks which would materially affect the security of Google Cloud customers or their data,” Google stated.Other companies have also begun incorporating PQC into their products to defend against quantum threats like Harvest Now, Decrypt later; for example, Apple announced last February that it would be adding its own PQC protocol, called PQ3, to iMessage’s end-to-end encryption.
