Google Sets 2029 Deadline as Quantum Computers Threaten Encryption
Google sets 2029 deadline for post-quantum cryptography migration ahead of quantum computing threats.
Summary
Google has accelerated its post-quantum cryptography (PQC) transition to 2029, ahead of NSA (2031) and US government (2035) targets, citing new research showing quantum computers could break current RSA encryption faster than previously thought. The company is rolling out quantum-resistant protections starting with Android 17 and Chrome, using NIST-developed ML-DSA signatures, while warning of "store-now-decrypt-later" attacks where adversaries steal encrypted data today to decrypt later with quantum computers. The 2029 deadline aligns with a concurrent shift toward 47-day SSL/TLS certificate lifespans, requiring industry-wide cryptographic agility.
Full text
SecurityGoogle Sets 2029 Deadline as Quantum Computers Threaten Encryption Google fast-tracks post-quantum cryptography with a 2029 deadline as researchers warn quantum computers could break current encryption sooner than expected. byDeeba AhmedMarch 27, 20263 minute read Google has dramatically accelerated its timeline to protect the world’s data, setting a 2029 deadline to fully secure its systems against the next generation of supercomputers. The move to post-quantum cryptography (PQC) is a direct response to warnings that the era of quantum hacking is arriving much faster than expected. This 2029 target is a massive leap ahead of official guidance, and effectively blows past the NSA’s 2031 goal and the wider US government’s 2035 benchmark. Why the sudden urgency? Google’s security chiefs, including VP of Security Engineering Heather Adkins and senior cryptologist Sophie Schmieg, noted in the official announcement that the goalposts have shifted. Today’s cryptographic keys, which are the complex strings of data that act as digital locks for everything from your banking to private chats, rely on math that is too hard for current computers to crack. However, quantum machines use different physics. Google’s security engineers explained that these future computers could easily break current encryption, turning what are now secure vaults into open doors. Further investigation by the Google Quantum AI team revealed that a machine using one million noisy qubits (quantum bits) could crack a standard 2,048-bit RSA key in less than a week. Previously, it was thought that a billion precise parts were needed. According to the team, what once felt like a distant science experiment has become a pressing “engineering problem with a foreseeable solution.” The Harvest Now threat It must be noted that the danger isn’t just in the future. Google’s researchers warned of “store-now-decrypt-later” attacks, where hackers steal and save encrypted data today, simply waiting for the day a Cryptographically Relevant Quantum Computer (CRQC) is powerful enough to unlock it. To fight back, Google is putting these new defences into the hands of users starting with Android 17. The update will use a signature system called ML-DSA, developed with the National Institute of Standards and Technology (NIST), to verify that apps haven’t been tampered with. A challenge to the industry By sticking to a 2029 deadline, Google is trying to lead by example and force other tech firms to wake up. The company has already started rolling out these updates across Google Chrome and its Cloud services. However, Google isn’t the only one pushing for a total transition; many other companies are already making moves. Such as, Apple has recently introduced similar protections to iMessage, and Microsoft and Amazon (AWS) have begun integrating quantum-resistant tools into their cloud platforms. This shift comes as the industry prepares for a major change in how website security certificates are managed. In a comment shared with Hackread.com, Jason Soroko, Senior Fellow at Sectigo, explained the broader impact: “Google’s announcement of a 2029 timeline for post‑quantum cryptography migration reinforces how quickly the cryptographic landscape is evolving. That same year, the CA/Browser Forum will reduce the maximum SSL/TLS certificate lifespan to just 47 days, a 12× increase in renewal frequency that fundamentally changes how organizations must operate. “Right now, our research shows that 90% of organizations see a direct overlap between preparing for short‑lived certificates and preparing for PQC adoption. These parallel 2029 deadlines are not coincidental; they represent two sides of the same challenge: preparing for a world where cryptography must be updated far more frequently and with far greater agility.” Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts CybersecurityEncryptionGooglePrivacyQuantum ComputingVulnerability Leave a Reply Cancel reply View Comments (0) Related Posts Read More Security Crypto Cyber Attacks Google Account Sync Vulnerability Exploited to Steal $15M According to reports, a Google Account Sync vulnerability was exploited to carry out a voice phishing scam that led to the theft of $15 million from Fortress Trust. byHabiba Rashid Read More Security Scams and Fraud Hackers Use Fake PoCs on GitHub to Steal WordPress Credentials, AWS Keys SUMMARY Datadog Security Labs’ cybersecurity researchers have discovered a new, malicious year-long campaign from a threat actor identified… byDeeba Ahmed Security Malware Microsoft OLE flaw lets malware infected PowerPoint files evade antivirus detection Microsoft PowerPoint is the latest platform used by cyber criminals for delivering malware. Reportedly, there is a vulnerability… byUzair Amir Read More Hacking News Crypto Data Breaches Security Bybit Hack: $1.4B Stolen from World’s 2nd Largest Crypto Exchange In a major cybersecurity incident, Bybit, the world’s 2nd-largest crypto exchange suffered a $1.4 billion ETH hack from… byWaqas