Google Cloud has introduced new post-quantum encryption capabilities to its Key Management Service (Cloud KMS), currently available in preview. The update adds support for post-quantum Key Encapsulation Mechanisms (KEMs), a class of encryption designed to withstand attacks from future quantum computers capable of breaking today’s cryptographic systems.

Cloud KMS is a managed service used to create, manage, and rotate encryption keys for data and applications hosted on Google Cloud. It is widely adopted by organisations that depend on identity and access management (IAM) frameworks to secure sensitive information and meet regulatory requirements.

This enhancement targets a growing concern known as “Harvest Now, Decrypt Later.” In this scenario, attackers collect encrypted data today with the intention of decrypting it later when quantum computing becomes powerful enough to do so.

Brent Muir, a principal consultant at Google Cloud, highlighted the importance of acting early, noting that protecting data with long-term sensitivity is critical—even if the quantum threat has not yet fully materialised.

However, moving from traditional encryption methods such as RSA to post-quantum KEMs introduces technical complexity. Unlike classical approaches, where a sender encrypts a pre-generated shared key, KEMs create the shared secret during the encapsulation process itself. As a result, organisations cannot simply replace existing encryption functions and may need to redesign parts of their systems.

To support this transition, Google recommends adopting Hybrid Public Key Encryption (HPKE), a standardised framework that combines classical and post-quantum cryptography. HPKE is already supported through Google’s open-source Tink library.

Another important consideration is size. Post-quantum keys and ciphertexts are significantly larger than traditional ones. For instance, an ML-KEM-768 key is about 18 times larger than a P-256 key, which could impact performance in environments with limited bandwidth, memory, or storage.

Cloud KMS now includes several new cryptographic options:

ML-KEM-768 and ML-KEM-1024, based on the US National Institute of Standards and Technology’s (NIST) standard for module lattice-based KEMs (FIPS 203)

X-Wing (Hybrid KEM), which combines the classical X25519 algorithm with ML-KEM-768 to provide a balanced approach suitable for general use

Google Cloud plans to incorporate post-quantum cryptography across its infrastructure by 2026. Its open-source cryptographic libraries, BoringCrypto and Tink, already support these algorithms, with broader HPKE support expected soon across Java, C++, Go, and Python.

Despite growing awareness, many organisations are still not prepared for the shift to quantum-safe security. Toyosi Kuteyi, a privacy and compliance specialist at Actalent, noted that only a small percentage of organisations have developed a post-quantum roadmap. Research from Bain & Company, PwC, and Microsoft suggests that most organisations are still in the early evaluation stage, with some underestimating their risk exposure.

According to Google, integrating these new quantum-resistant KEMs into existing security workflows can be done relatively easily through the Cloud KMS API.