Google bumps up Q Day deadline to 2029, far sooner than previously thought

Key Points:

• Google has accelerated its deadline to prepare for Q Day—the point when quantum computers can break current public-key cryptography—to 2029, urging the global adoption of post-quantum cryptography (PQC) algorithms to replace vulnerable elliptic curves and RSA systems.
• The company announced plans to integrate PQC into Android 17, including support for the ML-DSA digital signing algorithm in the hardware root of trust, verified boot library, remote attestation, and the Android Keystore, with intentions to transition the Play Store and app developer signatures to PQC.
• This accelerated timeline surprised many experts, as it is more aggressive than previous government-set deadlines, with no detailed rationale provided by Google for the shift.
• Research led by Google has significantly lowered the quantum computing resources required to break RSA encryption, estimating that 1 million noisy qubits could factor a 2048-bit RSA key in under a week, intensifying urgency around PQC adoption.
• While PQC algorithms have begun to appear in various products and protocols, Google stresses the critical need to prioritize migration for authentication services to counter both current and future quantum threats.