Insider Brief:
- Google introduced quantum-safe digital signatures in Cloud KMS, aligning with NIST’s post-quantum cryptography standards and enabling enterprises to test and integrate quantum-resistant signatures.
- Google outlined a broader post-quantum security roadmap, including PQC support in Cloud HSM, migration paths for cryptographic keys, and integration with open-source cryptographic libraries like BoringCrypto and Tink.
- Google continues to collaborate with industry and government bodies, working with NIST, EKM partners, and HSM vendors to develop hardware-backed quantum-resistant encryption solutions.
PRESS RELEASE — As progress to secure digital infrastructure accelerates, Google announced a major update to its post-quantum cryptography strategy in a recent post. As a new addition to Google Cloud Key Management Service (Cloud KMS), Google introduced quantum-safe digital signatures and outlined broader efforts to integrate PQC across its encryption products. This update, now available in preview, aligns with the National Institute of Standards and Technology (NIST) post-quantum cryptography standards and is part of Google’s broader strategy to ensure encryption resilience against future quantum threats.
As part of this release, Cloud KMS now supports FIPS 204 and FIPS 205 digital signature algorithms, enabling customers to cryptographically sign data and validate signatures using NIST-standardized quantum-safe cryptography. This update allows enterprises to begin testing and integrating post-quantum signatures into existing security workflows ahead of wider adoption.
Google has been actively working to strengthen its encryption infrastructure against future quantum threats. The introduction of quantum-safe digital signatures in Cloud KMS is part of a broader effort to ensure long-term cryptographic security while offering a clear migration path for organizations transitioning to PQC.
Beyond digital signatures, Google outlined its comprehensive post-quantum security roadmap for Google Cloud encryption products, including Cloud KMS and Cloud Hardware Security Modules (Cloud HSM). Key initiatives include:
- Full support for standardized PQC algorithms in software (Cloud KMS) and hardware (Cloud HSM).
Seamless migration paths for existing cryptographic keys and protocols.
- Integration of PQC standards into open-source cryptographic libraries, including BoringCrypto and Tink, ensuring transparency and industry collaboration.
- Strategic partnerships with hardware security vendors to enable quantum-resistant encryption at the hardware level.
This adds to Google’s existing commitment to advancing PQC across its infrastructure. Since 2016, Google has been testing PQC in Chrome, deploying quantum-resistant protections in Google data centers, and experimenting with post-quantum encryption in its products such as Gmail and Cloud Console.
As a key contributor to global PQC standardization efforts, Google emphasized its continued collaboration with NIST, government agencies, and industry partners to drive PQC adoption. The company is actively working with External Key Manager (EKM) partners and HSM vendors to implement resilient, hardware-backed post-quantum security solutions.
In addition to Cloud KMS, Google is evaluating future implementations of hybrid cryptographic schemes, which combine classical and post-quantum signatures. However, Google noted that industry consensus on hybridization has not yet been established.
With the introduction of quantum-safe digital signatures in Cloud KMS, Google has expanded its support for post-quantum cryptography within its cloud services. As NIST continues to develop post-quantum standards, Google plans to integrate future algorithm updates and provide tools for customers to evaluate and implement quantum-resistant encryption.
