Thursday, May 8, 2025
HomeCloudGoogle Introduces Quantum-Safe Digital Signatures in Cloud KMS

Google Introduces Quantum-Safe Digital Signatures in Cloud KMS

Published on

SIEM as a Service

Follow Us on Google News

Google Cloud has unveiled a critical cybersecurity upgrade: quantum-safe digital signatures via its Key Management Service (Cloud KMS), now available in preview.

This move aligns with the National Institute of Standards and Technology’s (NIST) 2024 post-quantum cryptography (PQC) standards, offering developers tools to safeguard encryption against future quantum threats.

Quantum-Resistant Signatures Enter the Mainstream

Google’s latest update integrates two NIST-standardized algorithms into Cloud KMS: ML-DSA-65 (a lattice-based signature scheme under FIPS 204) and SLH-DSA-SHA2-128S (a stateless hash-based method per FIPS 205).

- Advertisement - Google News

These algorithms enable cryptographic signing and validation processes that are resistant to attacks from cryptographically relevant quantum computers.

By embedding these protocols into Cloud KMS, Google allows enterprises to future-proof authentication workflows—particularly vital for systems requiring long-term security, such as critical infrastructure firmware or software update chains.

The implementation leverages Cloud KMS’s existing API, minimizing disruption for developers. Organizations can now generate and manage quantum-safe keys alongside classical ones, facilitating phased migration.

Notably, Google has open-sourced its software implementations through BoringCrypto and Tink, enabling third-party audits and fostering trust in its cryptographic backbone.

Google’s Post-Quantum Strategy Takes Shape

This release marks a milestone in Google’s broader PQC roadmap, which spans software (Cloud KMS) and hardware (Cloud HSM).

The company prioritizes hybrid approaches, combining classical and quantum-resistant algorithms to mitigate transitional risks.

However, hybridization standards for digital signatures remain under debate, prompting Google to defer API support until industry consensus emerges.

Since pioneering PQC experiments in Chrome in 2016, Google has fortified internal communications with quantum-safe protocols since 2022.

Its Cloud division now aims to quantum-proof core infrastructure while aiding customer migrations. This includes collaboration with HSM vendors and External Key Manager partners to ensure cohesive ecosystem support.

The update addresses the Harvest Now, Decrypt Later (HNDL) threat, where adversaries collect encrypted data today to decrypt it later using quantum machines.

While such systems remain theoretical, their potential to compromise digital signatures—and thus software integrity—demands proactive defense.

Signatures securing high-value assets, like root certificates or industrial control systems, face decades-long exposure windows, making immediate action essential.

“Migrating to quantum-safe signatures isn’t just about tomorrow’s threats—it’s about ensuring today’s systems remain trustworthy in a quantum future,” noted a Google Cloud spokesperson.

Organizations reliant on long-lived signatures are urged to begin testing. Cloud KMS’s preview enables integration into CI/CD pipelines and code-signing frameworks.

Google plans to expand Cloud KMS’s PQC support to include FIPS 203 (key encapsulation) and hybrid key exchanges, reinforcing end-to-end encryption.

Performance optimization remains a focus, as lattice-based algorithms incur higher computational overhead than classical equivalents.

Early benchmarks suggest ML-DSA-65 signatures are 2–3x larger than ECDSA equivalents, necessitating infrastructure adjustments for large-scale deployments.

Industry collaboration will drive standardization. Google continues contributing to NIST working groups and open-source projects, advocating for interoperable PQC solutions.

As quantum computing timelines solidify, such efforts aim to prevent fragmented adoption and ensure a unified defense against quantum-enabled threats.

With this release, Google positions Cloud KMS as a bridge to the post-quantum era, balancing innovation with practical, incremental migration paths.

Enterprises are now tasked with evaluating their exposure and initiating pilots—because delay is the adversary’s ally in quantum security.

Free Webinar: Better SOC with Interactive Malware Sandbox for Incident Response, and Threat Hunting - Register Here

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Critical Vulnerability in Ubiquiti UniFi Protect Camera Allows Remote Code Execution by Attackers

Critical security vulnerabilities in Ubiquiti’s UniFi Protect surveillance ecosystem-one rated the maximum severity score...

IXON VPN Client Vulnerability Allows Privilege Escalation for Attackers

A critical security vulnerability in IXON’s widely used VPN client has exposed Windows, Linux,...

Cisco IOS Software SISF Vulnerability Could Enable Attackers to Launch DoS Attacks

Cisco has released security updates addressing a critical vulnerability in the Switch Integrated Security...

Seamless AI Communication: Microsoft Azure Adopts Google’s A2A Protocol

Microsoft has announced its support for the Agent2Agent (A2A) protocol, an open standard developed...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Critical Vulnerability in Ubiquiti UniFi Protect Camera Allows Remote Code Execution by Attackers

Critical security vulnerabilities in Ubiquiti’s UniFi Protect surveillance ecosystem-one rated the maximum severity score...

IXON VPN Client Vulnerability Allows Privilege Escalation for Attackers

A critical security vulnerability in IXON’s widely used VPN client has exposed Windows, Linux,...

Cisco IOS Software SISF Vulnerability Could Enable Attackers to Launch DoS Attacks

Cisco has released security updates addressing a critical vulnerability in the Switch Integrated Security...