Telephone: 1-844-NETIZEN
Tel: 1-844-NETIZEN
Email: team (at) Netizen.net
slider

Netizen: Monday Security Brief (2/24/2024)

Posted on 24 Feb 2025 at https://www.Netizen.net/news Source Link: https://blog.netizen.net

Today’s Topics:

  • Google Cloud Introduces Quantum-Safe Digital Signatures to Strengthen Encryption
  • Microsoft’s Majorana 1 Chip and the Implications for Quantum Decryption
  • How can Netizen help?

Google Cloud Introduces Quantum-Safe Digital Signatures to Strengthen Encryption

Google Cloud has announced the introduction of quantum-safe digital signatures in its Cloud Key Management Service (Cloud KMS), marking a significant step toward post-quantum cryptographic security. Currently available in preview, this update aligns with the National Institute of Standards and Technology’s (NIST) post-quantum cryptography (PQC) standards, addressing concerns over future quantum computing threats.

Cloud KMS is a widely used encryption key management tool designed for securely generating, storing, and managing cryptographic keys for data encryption and digital signatures. Until now, it has relied on conventional public-key cryptography methods such as RSA and ECC, which remain vulnerable to potential quantum computing attacks.

A growing concern in the cybersecurity world is the “harvest now, decrypt later” (HNDL) strategy, where attackers collect encrypted data today, anticipating future quantum computers capable of breaking classical encryption. With Microsoft’s recent breakthrough in Majorana qubits—a key development toward scalable quantum computing—organizations must begin adopting quantum-resistant security measures.

To mitigate these risks, Google Cloud has now integrated two quantum-resistant digital signature algorithms into Cloud KMS and its Cloud HSM (Hardware Security Modules):

  • ML-DSA-65 (FIPS 204) – A lattice-based digital signature algorithm.
  • SLH-DSA-SHA2-128S (FIPS 205) – A stateless hash-based digital signature algorithm.

These new cryptographic mechanisms are designed to future-proof digital security, allowing customers to sign and verify signatures with quantum-resistant algorithms in the same way they would with traditional cryptography.

In addition, Google is ensuring transparency by making these cryptographic implementations open-source via the BoringCrypto and Tink libraries, allowing independent audits and security reviews.

Google Cloud’s quantum-safe encryption initiative is particularly critical for industries handling sensitive data, including financial institutions, government agencies, and critical infrastructure operators. The introduction of PQC in Cloud KMS will help organizations prepare for the post-quantum era while maintaining secure data encryption and integrity.

Google is inviting businesses and security teams to begin testing and integrating these algorithms into their existing security infrastructure and provide feedback to refine the technology before its full rollout. With quantum computing advancing rapidly, early adoption of PQC solutions is becoming an essential part of long-term cybersecurity strategies.

Microsoft’s Majorana 1 Chip and the Implications for Quantum Decryption

Post Quantum Cryptography and Quantum Resistant Cryptography – PQC – New Cryptographic Algorithms That Are Secure Against Quantum Computers – Conceptual Illustration

Microsoft has unveiled the Majorana 1, the world’s first quantum processing unit utilizing topological qubits, which it claims can scale to one million qubits on a single chip. While this represents a significant technical breakthrough, security experts are now questioning whether it accelerates the timeline for quantum computing—bringing us closer to the moment when quantum machines will be powerful enough to break public-key encryption (PKE).

Quantum computing has the potential to revolutionize industries by solving complex problems beyond the reach of classical computers. It could lead to breakthroughs in medicine, agriculture, material science, and artificial intelligence. However, before these innovations materialize, the first and most immediate concern for cybersecurity professionals is the threat to encryption.

Current cryptographic standards rely on PKE, which is mathematically difficult to break using classical computers. Quantum computers, however, could use Shor’s algorithm to quickly factor large numbers and decrypt data that was once considered secure. This is why security researchers have been warning of a “harvest now, decrypt later” (HNDL) approach, where adversaries collect encrypted data today in anticipation of breaking it once a cryptanalytically relevant quantum computer (CRQC) becomes available.

Most quantum computing research has focused on superconducting or trapped ion qubits, but these approaches suffer from high error rates due to environmental noise. Topological qubits, like those used in Majorana 1, offer a more stable and error-resistant alternative by encoding information in the topology of a physical system rather than in individual particles.

This increased stability means fewer error-correcting qubits are required, potentially paving the way for more scalable quantum computers. Microsoft has described the Majorana 1 as a “topoconductor”, effectively a transistor for the quantum computing era, and claims that it can fit a million qubits on a single, palm-sized chip.

The key question is whether this breakthrough accelerates the development of a cryptanalytically relevant quantum computer—one capable of breaking classical encryption.

Troy Nelson, CTO at Lastwall, suggests that the technology could rival the silicon transistor, which transformed modern computing. However, he warns that scalability and economic viability remain significant challenges.

Rebecca Krauthamer, CEO of QuSecure, acknowledges that error correction and infrastructure development still need to be addressed. However, she believes that if Microsoft can demonstrate a path to scalability, it could significantly shorten the timeline for quantum decryption.

Carl Froggett, CISO at Deep Instinct, notes that Microsoft’s announcement accelerates the collision between quantum computing and AI, which could disrupt traditional cybersecurity practices.

However, some experts remain skeptical. Scott Aaronson, a quantum computing researcher at the University of Texas, argues that topological qubits are only now reaching the stage where traditional qubits were 20–30 years ago. Unless they prove vastly superior in reliability, they may struggle to leapfrog existing approaches.

While the timeline for quantum decryption remains uncertain, one thing is clear: organizations need to start migrating to quantum-resistant encryption now.

Phil Venables, Google Cloud’s CISO, warns that even if quantum computing is still seven to ten years away, organizations should not delay migration to post-quantum cryptography (PQC). The transition will be complex, and waiting too long could leave critical data exposed.

Marc Manzano, General Manager for Cybersecurity at SandboxAQ, echoes this urgency: “As we approach the ‘quantum cliff’, organizations must identify and secure cryptographic assets before scalable quantum machines break today’s encryption. The window for migration is shrinking, and a reactive approach is not an option.”

Microsoft’s Majorana 1 chip represents a major technical milestone in quantum computing, but its direct impact on the timeline for quantum decryption remains uncertain. While the technology shows promise in stabilizing qubits, whether it will outpace existing quantum approaches is still unclear.

However, one fact remains unchanged—the need for organizations to prepare for quantum threats today. The migration to quantum-safe cryptographic standards is already critical, and businesses that fail to act now risk being caught unprepared when quantum computing reaches a breakthrough.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

News and Updates

Sign up to get the latest news and threat briefs:

Get in Touch

Telephone: 1-844-NETIZEN
Email: Team (at) Netizen.net
Office Locations:
Allentown, PA (Headquarters)
 Arlington, VA (DC Region)
 Charleston, SC (Southeast Region)

Connect With Us

    Facebook
    Twitter
    LinkedIn
    Instagram
    GitHub
    YouTube

Copyright © Netizen Corporation. All Rights Reserved.