The continued advancement of experimental quantum computing has raised concerns about the security of many of the world’s widely-used public-key cryptography systems. Crucially, there exists the potential for sufficiently large, cryptographically-relevant quantum computers to break these algorithms. This potential highlights the need for developers to build and implement quantum-resistant cryptography now.
Fortunately, post-quantum cryptography (PQC) offers a way of mitigating these risks using existing hardware and software. The National Institute of Standards and Technology’s new PQC standards, made available in August 2024 following several years of community engagement, have begun enabling technology vendors around the world to take steps toward PQC migrations.
Google announced a quantum-safe digital signatures (FIPS 204/FIPS 205) in Google Cloud Key Management Service (Cloud KMS) for software-based keys, available in preview. They also share a high-level view into Google’s post-quantum strategy for Google Cloud encryption products, including for Cloud KMS and their Hardware Security Modules (Cloud HSM).
Google announced that they take post-quantum computing risks seriously. They began testing PQC in Chrome in 2016, Google has been using PQC to protect internal communications since 2022, and taken additional quantum-computing protective measures in Google Chrome, Google’s data center servers, and in experiments for connections between Chrome Desktop and Google products (such as Gmail and Cloud Console.)
Origin of text and picture: https://cloud.google.com/blog/products/identity-security/announcing-quantum-safe-digital-signatures-in-cloud-kms?hl=en