Google has dramatically accelerated its timeline to protect the world’s data, setting a 2029 deadline to fully secure its systems against the next generation of supercomputers. The move to post-quantum cryptography (PQC) is a direct response to warnings that the era of quantum hacking is arriving much faster than expected. This 2029 target is a massive leap ahead of official guidance, and effectively blows past the NSA’s 2031 goal and the wider US government’s 2035 benchmark.
Why the sudden urgency?
Google’s security chiefs, including VP of Security Engineering Heather Adkins and senior cryptologist Sophie Schmieg, noted in the official announcement that the goalposts have shifted. Today’s cryptographic keys, which are the complex strings of data that act as digital locks for everything from your banking to private chats, rely on math that is too hard for current computers to crack.
However, quantum machines use different physics. Google’s security engineers explained that these future computers could easily break current encryption, turning what are now secure vaults into open doors.
Further investigation by the Google Quantum AI team revealed that a machine using one million noisy qubits (quantum bits) could crack a standard 2,048-bit RSA key in less than a week. Previously, it was thought that a billion precise parts were needed. According to the team, what once felt like a distant science experiment has become a pressing “engineering problem with a foreseeable solution.”
The Harvest Now threat
It must be noted that the danger isn’t just in the future. Google’s researchers warned of “store-now-decrypt-later” attacks, where hackers steal and save encrypted data today, simply waiting for the day a Cryptographically Relevant Quantum Computer (CRQC) is powerful enough to unlock it.
To fight back, Google is putting these new defences into the hands of users starting with Android 17. The update will use a signature system called ML-DSA, developed with the National Institute of Standards and Technology (NIST), to verify that apps haven’t been tampered with.
A challenge to the industry
By sticking to a 2029 deadline, Google is trying to lead by example and force other tech firms to wake up. The company has already started rolling out these updates across Google Chrome and its Cloud services. However, Google isn’t the only one pushing for a total transition; many other companies are already making moves. Such as, Apple has recently introduced similar protections to iMessage, and Microsoft and Amazon (AWS) have begun integrating quantum-resistant tools into their cloud platforms.
This shift comes as the industry prepares for a major change in how website security certificates are managed. In a comment shared with Hackread.com, Jason Soroko, Senior Fellow at Sectigo, explained the broader impact:
“Google’s announcement of a 2029 timeline for post‑quantum cryptography migration reinforces how quickly the cryptographic landscape is evolving. That same year, the CA/Browser Forum will reduce the maximum SSL/TLS certificate lifespan to just 47 days, a 12× increase in renewal frequency that fundamentally changes how organizations must operate.
“Right now, our research shows that 90% of organizations see a direct overlap between preparing for short‑lived certificates and preparing for PQC adoption. These parallel 2029 deadlines are not coincidental; they represent two sides of the same challenge: preparing for a world where cryptography must be updated far more frequently and with far greater agility.”
