Google sets 2029 timeline for post-quantum cryptography migration

Google is introducing a 2029 timeline to migrate to post-quantum cryptography. The new timeline reflects migration needs based on progress in quantum computing hardware development, quantum error correction, and quantum factoring resource estimates. The company aims to provide clarity and urgency to accelerate transitions not only for itself but across the industry. Quantum computers will pose a significant threat to current cryptographic standards, specifically to encryption and digital signatures. The threat to encryption is relevant today because of store-now-decrypt-later attacks. Digital signatures represent a future threat that requires the transition to post-quantum cryptography prior to a cryptographically relevant quantum computer. Google has adjusted its threat model to prioritize post-quantum cryptography migration for authentication services. It recommends that other engineering teams follow suit. As an example of its commitments, Android 17 is integrating post-quantum cryptography digital signature protection using ML-DSA in alignment with the National Institute of Standards and Technology. This builds on Google Chrome support for post-quantum cryptography and provides post-quantum cryptography solutions in Cloud along with guidance for leaders on their migration journey.