Google’s Quantum-Safe Cloud KMS to Drive PQC Migration to the Cloud

On February 21, Google announced it would be integrating FIPS 204 (ML-DSA) and FIPS 205 (SLH-DSA), two of the U.S. National Institute of Standards and Technology’s (NIST) most recently standardized Post-Quantum Cryptography (PQC) algorithms, into its Cloud Key Management Service (KMS). In a first instance, these will be enabled for software-based keys, using the open-source cryptographic libraries BoringCrypto and Tink. In time, Google plans to enable PQC for its Cloud Hardware Security Module (HSM) hardware-based service offering as well, working with various HSM vendors for support at the hardware level. Currently, Google Cloud Platform’s (GCP) Cloud HSM is powered by Marvell’s LiquidSecurity, a FIPS 140-3 Level 3-certified HSM that already supports ML-KEM, ML-DSA, and SLH-DSA, as well as LMS and XMSS. This support should significantly speed the time to market for a Google PQC-ready Cloud HSM offering.

The global migration to PQC is already underway, but ABI Research expects it to be long and complex, burdened by myriad implementation challenges. Most of these will be due to the limitations of the current Information and Communication Technology (ICT) infrastructure, which, in its current state, will not be able to effectively leverage the new algorithms. High computational overhead, latency issues, and packet size restrictions, among other challenges, will result in poor performance initially. Migration will require workarounds until more adapted hardware can support quantum-safe applications. However, if cloud providers implement PQC in their service offerings now, this will go a long way in easing some of those migration burdens, as they will need to make the necessary hardware and software changes to support the new algorithms and protocols. Importantly, it means that organizations can spend less time and fewer resources on updating and upgrading their existing tools and systems by transitioning directly to PQC-ready infrastructure.

More than anything, solutions like Google’s Cloud KMS will not just entice organizations to offload some of that PQC migration to third parties, but will drive it to the cloud. Hyperscalers have the necessary skillset and resources to thoroughly update their infrastructure so that it is quantum-safe, extending trust that their broader cloud offerings can support PQC (and not just the KMS and associated cryptographic applications). For organizations looking to replace in-house applications with quantum-safe ones, the easier choice will be to simply move from Capital Expenditure (CAPEX) to Operational Expenditure (OPEX), so that they don’t need to think as much about integration with the rest of their business applications. This will undoubtedly accelerate cloud migration generally, especially in industries where there are security, data privacy, and confidentiality concerns.

Google isn’t the only cloud provider on the PQC warpath. IBM already offers quantum-safe Transport Layer Security (TLS) for IBM Key Protect in its IBM Cloud service. Both Amazon Web Services (AWS) and Azure have announced plans to integrate PQC into their KMS and HSM offerings. AWS published in December 2024 its PQC migration plan, which includes implementing FIPS 203, 204, and 205 in AWS KMS, Secrets Manager, and Certificate Manager through its open-source library (AWS-LC) and TLS (s2n). Microsoft is including FIPS 203, 204, 205, and LMS into SymCrypt, its own cryptographic library that is used across Azure and Windows products. PQC enablement is quickly going to become a standard feature of hyperscaler offerings, but for the moment, it remains a differentiator.

Key to attracting migrants to the cloud will be to ensure crypto-agility in PQC migration within KMS, and that PQC algorithms used in the necessary applications (such as signing) can be used across the various cloud use cases—firmware and software, but also for session-based authentication. This may also mean that providers will need to make a decision when there is still no consensus in the industry, such as support for hybrid schemes in Application Programming Interfaces (APIs)—something that Google won’t yet commit to, but that AWS, for example, is already pioneering, with plans to incorporate the Internet Engineering Task Force’s (IETF) finalized TLS protocol standard into its s2n-tls. In order to take advantage of that PQC-driven cloud migration, hyperscalers will need to make difficult decisions, but standing back and waiting for stakeholders to coalesce around consensus is unlikely to be the right move.