"Google Cloud recently announced a new capability in its Key Management Service (Cloud KMS), introducing support for post-quantum Key Encapsulation Mechanisms (KEMs) in preview. With the support of Google Cloud, organizations can prepare for the inevitable threat posed by cryptographically relevant quantum computers (CRQCs), which could potentially break today's standard public-key cryptography. The company aims with the new feature to specifically address " Harvest Now, Decrypt Later" attacks,"
"The migration from classical asymmetric encryption (like RSA) to post-quantum KEMs presents developers with non-trivial architectural and performance challenges. Unlike classical encryption, where the sender chooses and encrypts a symmetric key, a KEM inverts this model. The shared secret is a fresh, random value generated as an output of the encapsulation process itself, which means developers cannot simply replace a traditional Encrypt() function."
Google Cloud KMS now offers preview support for post-quantum Key Encapsulation Mechanisms (KEMs) to help organizations defend against cryptographically relevant quantum computers (CRQCs). The capability targets harvest-now-decrypt-later attacks in which adversaries store encrypted data today to decrypt later once quantum capabilities exist. Quantum-safe KEMs enable organizations with long-term confidentiality needs to begin migration. Migration requires architectural and performance adjustments because KEMs invert classical key selection: encapsulation generates the shared secret. Adoption guidance includes using standards like Hybrid Public Key Encryption (HPKE, RFC 9180) and libraries such as Tink to simplify integration.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]