TL;DR
Google introduces quantum-safe KEMs in Cloud KMS to counter future quantum computing threats, urging organizations to transition to post-quantum cryptography.
Key Points
Highlight key points with color coding based on sentiment (positive, neutral, negative).Google has introduced quantum-safe Key Encapsulation Mechanisms (KEMs) in Cloud Key Management Service (Cloud KMS) to help organizations prepare for future security threats posed by quantum computing.
Transitioning to post-quantum cryptography involves significant architectural changes and managing increased key sizes, which can impact application performance, particularly in resource-constrained environments like IoT devices.
A hybrid approach combining classical and post-quantum algorithms is recommended to mitigate risks associated with the novelty of post-quantum cryptographic algorithms and to ensure a safer transition.
Post-quantum cryptographic operations result in substantially larger public keys and ciphertexts, which can affect bandwidth, storage, and memory usage, necessitating careful planning and adaptation by developers.
Google provides tools like the Tink library to facilitate the integration of post-quantum algorithms, offering support for Hybrid Public Key Encryption (HPKE) to simplify the transition for developers across various programming languages.
Key Numbers
Present key numerics and statistics in a minimalist format.A standard ML-KEM-768 key is larger than a P-256 key.
Key size used by ML-KEM-1024
Key size used by ML-KEM-768
Ciphertext size for ML-KEM-1024
Ciphertext size for ML-KEM-768
Year NIST deprecated SHA-1 hashing algorithms
Year NIST recommends complete phase-out of SHA-1
Year Google began testing PQC in Chrome
Year Google began using PQC to protect internal communications
Year Chrome enabled ML-KEM by default for TLS 1.3 and QUIC on desktop
Year post-quantum cryptography is expected to be fully available in Google Cloud
Stakeholder Relationships
An interactive diagram mapping entities directly or indirectly involved in this news. Drag nodes to rearrange them and see relationship details.Organizations
Key entities and stakeholders, categorized for clarity: people, organizations, tools, events, regulatory bodies, and industries.Google is the primary organization behind the development and deployment of quantum-safe Key Encapsulation Mechanisms in Cloud KMS.
Tools
Key entities and stakeholders, categorized for clarity: people, organizations, tools, events, regulatory bodies, and industries.Cloud KMS is the platform where Google has integrated quantum-safe Key Encapsulation Mechanisms to enhance security.
BoringCrypto is an open-source cryptographic library used by Google to provide implementations of the new quantum-safe KEMs.
Tink is another open-source cryptographic library involved in the implementation of Google's quantum-safe KEMs.
Regulatory
Key entities and stakeholders, categorized for clarity: people, organizations, tools, events, regulatory bodies, and industries.FIPS 203 is a standard published by NIST that Google's quantum-safe KEMs are based on.
Industries
Key entities and stakeholders, categorized for clarity: people, organizations, tools, events, regulatory bodies, and industries.The finance industry is a key stakeholder as it needs to ensure data security against future quantum threats.
The healthcare industry must transition to quantum-safe cryptography to protect sensitive data.
Government sectors are stakeholders in adopting quantum-safe cryptography to secure their data.
Timeline of Events
Timeline of key events and milestones.This will apply to all connections within Google Cloud.
Google's latest move to integrate quantum-safe Key Encapsulation Mechanisms (KEMs) into its Cloud Key Management Service (Cloud KMS) is a big leap forward in the race to protect data from future quantum computing threats. This isn't just a tech upgrade; it's a strategic shift towards post-quantum cryptography, a necessary defense against the looming "Harvest Now, Decrypt Later" attacks. These attacks are a bit like a ticking time bomb, where adversaries grab encrypted data today, hoping to crack it open in the future when quantum computers become powerful enough to break current encryption methods.
But let's not sugarcoat it—transitioning to post-quantum cryptography is no walk in the park. One of the main hurdles is the architectural overhaul required. Post-quantum KEMs don't just slot in where traditional asymmetric encryption methods used to be. Developers have to wrap their heads around a new cryptographic model where the shared secret is generated during the KEM's encapsulation process, rather than being picked by the sender. This means rethinking how encryption is implemented and managed, which is no small feat.
And then there's the issue of size. Post-quantum cryptography comes with larger public keys and ciphertexts, which can be a real headache for application performance, bandwidth, storage, and memory usage. This is especially tricky for IoT devices, which often operate in resource-constrained environments. To navigate these choppy waters, a hybrid approach is recommended. By combining classical and post-quantum algorithms, organizations can mitigate risks and ensure a smoother transition.
Google's Cloud KMS now features several KEM algorithms, like ML-KEM-768 and ML-KEM-1024, based on the Module-Lattice standard from NIST. For general-purpose applications, a hybrid approach using the X-Wing KEM is suggested, blending classical and post-quantum algorithms. Google is also gearing up its infrastructure to use post-quantum cryptography for connections, with full availability expected by 2026. The message is clear: start preparing now, even though practical large-scale quantum computers are still a few years away. Organizations are urged to boost their cryptographic agility by understanding their current cryptographic usage, regularly testing key rotation, and using abstraction layers like Google's Tink library to ease the transition.
Additional Resources
Enjoyed it?
Get weekly updates delivered straight to your inbox, it only takes 3 seconds!Subscribe to our weekly newsletter DevOpsLinks to receive similar updates for free!
Give a Pawfive to this post!
Share with your friends and followers
Start writing about what excites you in tech — connect with developers, grow your voice, and get rewarded.
Join other developers and claim your FAUN.dev() account now!
FAUN.dev()
FAUN.dev() is a developer-first platform built with a simple goal: help engineers stay sharp without wasting their time.
DevOpsLinks #DevOps
FAUN.dev
@devopslinks
