Originally reported by Google Online Security
TL;DR
Google is implementing post-quantum cryptography in Android 17, integrating ML-DSA signatures into verified boot, keystore APIs, and Google Play app signing. This proactive migration aims to secure the platform against future quantum computer threats that could break current public-key cryptography.
This represents a significant proactive security enhancement preparing for future quantum threats, but poses no immediate exploitable vulnerability or active threat.
Google announced plans to integrate post-quantum cryptography (PQC) standards into Android 17, marking the first phase of the platform's transition away from quantum-vulnerable encryption methods. The implementation focuses on the Module-Lattice-Based Digital Signature Algorithm (ML-DSA), one of the recently finalized NIST post-quantum standards.
Android Verified Boot (AVB) will integrate ML-DSA to provide quantum-resistant digital signatures during the boot sequence. This upgrade ensures the software loaded at startup remains protected against unauthorized modification, even as quantum computing capabilities advance.
Android 17 begins transitioning Remote Attestation to a fully PQC-compliant architecture. Google is updating KeyMint's certificate chains to support quantum-resistant algorithms, allowing devices to securely prove their state to relying parties in a post-quantum environment.
The Android Keystore will receive new KeyPairGenerator API support for quantum-resistant cryptography. This enables developers to implement post-quantum authentication and identity verification without building proprietary cryptographic implementations.
Google emphasized that these updates establish "a new era of identity and authentication for the app ecosystem" while maintaining backward compatibility during the transition period.
Google Play will handle quantum-safe ML-DSA signing key generation for both new applications and existing apps that opt into the upgrade. The implementation uses hybrid signatures that preserve current trust mechanisms while adding post-quantum defenses.
During the Android 17 release cycle, Google Play will automatically generate quantum-safe signing keys independent of application target API levels. Later phases will allow developers to choose their own classical and ML-DSA signing keys for hybrid implementation.
Google also announced plans to prompt developers to upgrade signing keys at least every two years as part of security best practices.
The post-quantum migration represents a multi-year initiative that Google has been developing since 2016. Android 17 testing begins with the next beta release, followed by general availability in the production version.
Future roadmap items include integrating post-quantum key encapsulation into KeyMint, Key Attestation, and Remote Key Provisioning to secure the complete identity lifecycle from hardware-level measurements to remote attestation servers.
The migration addresses the potential for large-scale, fault-tolerant quantum computers to break current public-key cryptography systems. While such systems do not yet exist at scale, security researchers have long emphasized the need for proactive migration to quantum-resistant algorithms before the threat materializes.
Google's approach focuses on establishing a quantum-resistant chain of trust that secures the platform from boot-time through application execution, rather than addressing individual applications or protocols in isolation.
Originally reported by Google Online Security