All news with #cloud kms tag

Google Cloud's Roadmap to a Quantum-Safe Infrastructure

🔒 Google Cloud has been migrating its infrastructure toward post-quantum cryptography for nearly a decade to mitigate Store Now, Decrypt Later (SNDL) risks. The company has deployed the standards-based ML-KEM (FIPS 203) for key exchange across internal traffic and the Google Cloud networking stack, and introduced ML-KEM capabilities in Cloud KMS (preview) for key generation, encapsulation, and decapsulation. It also added native support for ML-DSA and SLH-DSA in Cloud KMS to protect long-lived digital signatures, and is phasing quantum-safe certificate support into Certificate Authority Service to enable future PQC-ready PKI. Administrators will receive tooling to opt in, audit cryptographic assets, and manage transitions to hybrid or pure PQC deployments as standards mature.

Google Cloud KMS Adds Quantum-Safe Key Encapsulation

🔐 Google Cloud Key Management Service (Cloud KMS) now offers preview support for post-quantum Key Encapsulation Mechanisms (KEMs), enabling customers to begin migrating to quantum-resistant key exchange. Cloud KMS supports ML-KEM-768, ML-KEM-1024, and the hybrid X-Wing (X25519+ML-KEM-768) option. The preview aims to mitigate "Harvest Now, Decrypt Later" risks and provide HPKE-compatible integrations via Tink and BoringCrypto. Developers are advised to adopt hybrid deployments and plan for larger key and ciphertext sizes that affect bandwidth and storage.