Google has announced plans to migrate to post-quantum cryptography (PQC) by 2029, moving up its timeline given recent progress in the field and emerging threat vectors.
In February, the web giant called on the industry to act on quantum security before the dreaded ‘Q-Day’ on which a yet-to-be-built quantum computer will break current encryption standards permanently.
It said its new timeline reflected the pace of developments in areas such as quantum hardware development, error correction, and factoring resource estimates.
“As a pioneer in both quantum and PQC, it’s our responsibility to lead by example and share an ambitious timeline. By doing this, we hope to provide the clarity and urgency needed to accelerate digital transitions not only for Google, but also across the industry,” said Google vice president of security engineering, Heather Adkins.
It is by now common knowledge that quantum computing poses a threat to encryption and digital standards, a threat that is relevant today with the spread of harvest-now-decrypt-later attacks, but digital signatures, said Google, are an emerging future threat that means the transition to PQC must take place before a cryptographically relevant quantum computer (CRQC) exists.
Hence, it is now adjusting its threat model to prioritise PQC migration for authentication services, which are an important component of online security and digital signature migrations.
The US National Institute for Standards and Technology’s (NIST) timeline for PQC migration states it plans to deprecate the use of RSA digital signature algorithms with 112 bits of security (2048-bit keys), alongside many other widely-used algorithms, in 2030, and is proposing to disallow all legacy RSA algorithms by 2035.
In the UK, the National Cyber Security Centre (NCSC) aims to have key sectors and organisations transitioned to PQC in line with NIST’s final countdown.
PQC already in reach
The good news, said Google, is that advanced PQC technology is already in reach for end-users.
In parallel with its new timeline, it also announced that testing of PQC enhancements for its Android mobile operating system (OS) is beginning in the next Android 17 beta, with general availability slated for the stable production release – which is widely-expected to take place in June 2026.
As part of this, Android is receiving a comprehensive architectural upgrade that puts the the NIST-endorsed Module-Lattice-Based Digital Signature Algorithm (ML-DSA) PQC standard at the platform’s heart.
Two significant use cases within Android will be protecting the Android Verified Boot (AVB) library to ensure the software loaded during the device’s boot sequence can resist unauthorised modification, and transitioning Remote Attestation to a fully-compliant architecture that enables devices to securely prove their state to relying parties.
Google also plans to introduce features to safeguard its ecosystem of third-party Android application developers, and their wares.
“We’re establishing a new, quantum-resistant chain of trust. This chain of trust secures the platform continuously – from the moment the OS powers on, to the execution of applications distributed globally,” wrote Android product manager Eric Lynch and Google Play group product manager Dom Elliot.
“Android is swapping today’s digital locks for advanced encryption to help enhance the security of every app you download – no matter how powerful future supercomputers get.”
