Advances in quantum computing could render traditional encryption methods obsolete by 2029, Google has warned.
Quantum computing will use quantum mechanics to solve problems which today’s traditional binary computers simply can’t understand. The technology has the potential to revolutionize scientific and medical research, data analysis, machine learning and more.
But it also poses a risk to cybersecurity as we know it, because quantum computers will be capable of breaking the public-key cryptography algorithms employed by most encryption systems used today.
This puts sensitive information held by businesses, banks, governments, technology vendors and others, currently protected by traditional encryption methods, at risk of being accessed or stolen if traditional encryption is broken by adversaries.
Consensus on when ‘Q-Day’ – the moment when quantum computers will be able to break existing cryptographic algorithms – will arrive is divided.
Read More on ‘Q-Day’ Countdown: HSBC Unveils Strategies to Secure Banking Systems
The UK’s National Cyber Security Centre (NCSC) has suggested that organizations must be prepared to apply post-quantum cryptography by 2035, while the US National Security Agency (NSA) has set a deadline of 2033 for its security systems to be post-quantum resilient. Microsoft has also said by 2033 it aims to make its products post-quantum safe.
Post‑Quantum Cryptography Deadline Could Hit by 2029
Google has recently said the deadline to secure the quantum era with post-quantum cryptography (PQC) migration could come as early as 2029.
“Quantum computers will pose a significant threat to current cryptographic standards, and specifically to encryption and digital signatures,” the company said in a blog post, authored by Heather Adkins VP of security engineering and Sophie Schmieg, senior staff cryptography engineer.
“The threat to encryption is relevant today with store-now-decrypt-later attacks, while digital signatures are a future threat that require the transition to PQC prior to a Cryptographically Relevant Quantum Computer (CRQC)”
Store-now-decrypt-later attacks (also known as harvest-now-decrypt later) see threat actors steal sensitive data that’s currently encrypted but have plans to break that encryption when quantum computing technology allows them to do so. If Google is correct, this could now be as early as 2029.
“This new timeline reflects migration needs for the PQC era in light of progress on quantum computing hardware development, quantum error correction, and quantum factoring resource estimates,” the company said.
To help counter the potential security threat posed by encryption-breaking quantum computing, Google’s upcoming Android 17 operating system will be equipped with PQC digital signature protection using ML-DSA in alignment with the National Institute of Standards and Technology (NIST).
Mark Pecen Chair of Technical Committee on Quantum Technologies at the European Telecommunications Standards Institute (ETSI) commented, “Google’s accelerated 2029 deadline reflects a shift from trying to predict Q-day to managing pre-Q-day risk.”
“By moving earlier than government timelines, Google is effectively forcing the industry to treat post-quantum migration as an immediate operational priority rather than a future compliance exercise,” he added.
