Google has announced a significant acceleration in its timeline for addressing the quantum computing threat, setting a new internal deadline of 2029 to prepare for Q Day. This event marks when quantum computers could break current public-key cryptography, jeopardizing security for militaries, financial institutions, governments, and individuals worldwide. In a recent post, the company emphasized the need for rapid adoption of post-quantum cryptography (PQC) algorithms to replace vulnerable systems like elliptic curves and RSA.
Heather Adkins, Google’s VP of security engineering, and Sophie Schmieg, a senior cryptography engineer, stated, “As a pioneer in both quantum and PQC, it’s our responsibility to lead by example and share an ambitious timeline. By doing this, we hope to provide the clarity and urgency needed to accelerate digital transitions not only for Google, but also across the industry.” This move aims to spur global action, warning that without PQC implementation, decades of encrypted data could become exposed.
In a separate disclosure, Google outlined its plans to integrate quantum-resistant features into Android, marking the first public discussion of PQC support for the operating system. Starting with the beta version, Android 17 will incorporate ML-DSA, a digital signing algorithm standardized by the National Institute of Standards and Technology. This algorithm will be embedded into Android’s hardware root of trust, enabling developers to use PQC keys for app signing and software verification.
Google has already integrated ML-DSA into the Android verified boot library, which protects the boot sequence from tampering. Additionally, engineers are transitioning remote attestation processes to PQC. Remote attestation allows devices to prove their security state to remote servers, such as verifying a secure OS version on corporate networks, enhancing overall system integrity against quantum-based attacks.
The 2029 deadline represents a substantial shortening from previous estimates, reflecting advancements in quantum computing and heightened risk assessments. Google’s proactive stance underscores the critical need for industry-wide PQC adoption to mitigate potential cryptographic breaches. As quantum technology evolves, this timeline serves as a benchmark for other organizations to follow, ensuring a coordinated defense against emerging threats.
