Google introduced on Thursday the event of quantum-safe digital signatures (FIPS 204/FIPS 205) in Google Cloud Key Management Service (Cloud KMS) for software-based keys. This is offered in preview.
The search large additionally offered a high-level view into its post-quantum technique for Google Cloud encryption merchandise, together with Cloud KMS and the Cloud Hardware Security Module (Cloud HSM).
Mounting concern over public-key cryptography programs
This is critical, the corporate mentioned, as a result of the safety of most of the world’s most generally used public-key cryptography programs has more and more grow to be a priority as experimental quantum computing continues to advance. Large, cryptographically-relevant quantum computer systems have the potential to interrupt these algorithms.
However, post-quantum cryptography (PQC) can use present {hardware} and software program to mitigate these dangers. New PQC requirements from the National Institute of Standards and Technology (NIST) turned obtainable in August 2024, enabling tech distributors around the globe to start PQC migrations.
“At Google, we take post-quantum computing risks seriously,’’ wrote Jennifer Fernick, a senior staff security engineer, and Andrew Foster, engineering manager of Cloud KMS, in a Google Cloud blog post. “We began testing PQC in Chrome in 2016, we’ve been using PQC to protect internal communications since 2022, and we’ve taken additional quantum-computing protective measures in Google Chrome, Google’s data center servers, and in experiments for connections between Chrome Desktop and Google products (such as Gmail and Cloud Console).”
Google’s strategy to quantum-safe Cloud KMS
Google detailed steps the corporate is taking to make Google Cloud KMS quantum-safe, which embody:
- Offering software program and {hardware} help for standardized quantum-safe algorithms.
- Supporting migration paths for present keys, protocols, and buyer workloads to undertake PQC.
- Quantum-proofing Google’s underlying core infrastructure.
- Analyzing the safety and efficiency of PQC algorithms and implementations.
- Contributing technical feedback to PQC advocacy efforts in requirements our bodies and authorities organizations.
Pledging open-source availability
Google’s Cloud KMS PQC roadmap helps the NIST post-quantum cryptography requirements (FIPS 203, FIPS 204, FIPS 205, and future requirements), which may help prospects carry out quantum-safe key import and key trade, encryption and decryption operations, and digital signature creation, in line with the corporate.
The software program implementations of those requirements will probably be obtainable to Cloud KMS purchasers as open-source software program and maintained as a part of the Google-authored, open-source cryptographic libraries BoringCrypto and Tink, Fernick and Foster wrote.
Quantum-safe digital signatures at the moment are obtainable in Cloud KMS, so prospects can use Google’s present API to cryptographically signal knowledge and validate signatures utilizing NIST-standardized quantum-safe cryptography with key pairs saved in Cloud KMS.
“This unblocks the essential work of testing and integrating these signing schemes into existing workflows ahead of wider adoption,’’ Fernick and Foster explained. “It also can help ensure that newly-generated digital signatures are resistant to attacks by future adversaries who may have access to cryptographically-relevant quantum computers.”