Google isn’t just responsible for the encryption of a big chunk of the communications on the internet. It is also building its own quantum computers, so it’s well placed to evaluate how close the technology is to fruition.
Until now, the company has been aligned with the NIST timeline, which specifies 2030 for deprecating quantum-unsafe algorithms and their full disallowance by 2035.
But on Wednesday, Google said that 2029 is now the deadline for the migration to post-quantum cryptography (PQC). It also said that it has adjusted its threat model to prioritize PQC migration for authentication services, and urged other engineering teams to follow suit.
Quantum computers increasingly powerful
Quantum computers are expected to break traditional asymmetric encryption, which is used to secure communications, financial transactions, and websites, once they get powerful enough.
That time is coming, says Jordan Kenyon, chief scientist in the quantum practice at Booz Allen Hamilton. “The first version of Shor’s [algorithm] was projected to require 20 million qubits [to break] and recent results have shrunk those requirements down to as a little as around 100,000 qubits.”
It’s not just that the hardware is getting better, she tells CSO. There have also been advances in error correction and algorithms.
“The magnitude of change is tough to deny,” she says.
In 2019, Google estimated that it would take 20 million qubits to break RSA encryption. By May of 2025, Google revised those estimates down to 1 million. And last month, researchers at Australia’s Iceberg Quantum said in a pre-print report that only 100,000 physical qubits were needed.
Fortunately, NIST has already finalized four algorithms that should withstand quantum computing, and has selected a fifth. But unfortunately, according to the Post Quantum Cryptography Coalition, most PQC standards have not achieved broad adoption yet.
Worse yet, says the Trusted Computing Group, its research shows that 91% of businesses do not have a roadmap in place. In addition, 80% say their current crypto libraries and hardware security modules are not ready for PQC integration, and only 39% have begun their PQC compliance readiness assessments.
CSOs can’t afford to watch and wait
Google has upped the ante on PQC migration, Michela Menting, an analyst at ABI Research, tells CSO.
That means that enterprises will also need to step up their transition plans, she says, “to align earlier than what they might have originally thought was acceptable based on the NIST deprecation timelines — especially if they want to keep pace with hyperscalers.”
She expects Microsoft and AWS to set similar migration schedules, and CSOs will need to move their PQC transition plans up the priority list.
“It’s not a side project anymore, with an extended time frame that they can just get to whenever they have extra time to work on it,” she says. “They really can’t afford to watch and wait anymore.”
According to Google, some data is already being collected by attackers. In a post last month, Kent Walker, president of global affairs at Google and Alphabet, wrote, “Malicious actors are not waiting until a cryptographically relevant quantum computer is ready. They are likely already carrying out ‘store now, decrypt later’ attacks and collecting encrypted data, just waiting for the day when a quantum computer can unlock it.”
This means that enterprises need to up their game. According to Gartner, 61% of organizations lack full visibility into their cryptographic systems. The research firm recommends that companies conduct a comprehensive cryptographic inventory, invest in cryptographic agility and visibility, establish a cryptographic center of excellence, and prioritize PQC migration for assets with long-term sensitivity.
No Responses