By ByteBot
Google accelerated its post-quantum cryptography timeline to 2029, warning that quantum computers capable of breaking RSA and ECC encryption could emerge within three years. The threat isn’t hypothetical: “harvest now, decrypt later” attacks mean encrypted data transmitted today could be stored by adversaries and decrypted in 2029. Every developer using encryption faces a cryptographic cliff with a known deadline.
The U.S. Department of Homeland Security, UK’s National Cyber Security Centre, EU Cybersecurity Agency, and Australian Cyber Security Centre confirm adversaries are currently capturing and storing encrypted traffic to decrypt when quantum computers mature.
Unlike ransomware where you patch after discovery, quantum breaks require proactive migration before the threat materializes. There’s no warning when stored data gets decrypted—it’s a passive attack. Financial records, corporate secrets, healthcare data, and personal communications transmitted in 2026 become vulnerable in 2029.
Every HTTPS request, SSH session, Git push, and API call—if adversaries capture that encrypted traffic today, they decrypt it in three years. The shelf life of sensitive data makes this particularly dangerous. Medical records don’t expire. Trade secrets remain valuable. Military intelligence keeps strategic importance.
Google announced Android 17 as the first mobile OS with comprehensive quantum-resistant encryption in March 2026. Boot security uses ML-DSA quantum-resistant signatures. Remote attestation transitions to post-quantum architecture. The KeyPairGenerator API makes quantum-resistant crypto available without custom implementations.
Chrome enabled hybrid key exchange by default in November 2024. Every TLS 1.3 handshake combines classical X25519 with quantum-resistant ML-KEM-768, protecting against both current and future threats with minimal overhead (10-20ms per handshake).
Google set a 2029 internal deadline for migrating all systems. When a company this size commits to a three-year migration timeline, that signals genuine urgency.
IBM plans 200 reliable logical qubits by 2029, capable of 100 million+ quantum operations. But breaking RSA-2048 requires approximately 4,000 logical qubits. The gap is enormous.
Gartner projects RSA and ECC unsafe by 2029, broken by 2034. U.S. agencies (NIST/NSA) warn Q-Day could arrive by 2030. Conservative researchers suggest 15-20 years, though error correction breakthroughs could accelerate dramatically.
Consensus: 2029 is possible under optimistic scenarios, mid-2030s more realistic. However, uncertainty itself is the risk. Better early than catastrophically late.
ECC requires fewer qubits than RSA—the “first domino to fall.” Many modern systems prefer ECC for efficiency, meaning elliptic-curve cryptography could break before RSA-2048.
Audit cryptographic dependencies: identify all RSA, ECC, ECDSA, and ECDH usage. Check TLS libraries, certificate handling, API authentication.
Upgrade to OpenSSL 3.5+ for post-quantum hybrid key exchange support—prerequisite for testing.
Implement hybrid cryptography: X25519+ML-KEM-768 for key exchange, ECDSA/Ed25519+ML-DSA-65 for signatures. Hybrid schemes protect against both classical and quantum threats simultaneously.
Test TLS handshakes with Wireshark: validate post-quantum algorithms by looking for x25519mlkem768 in supported_groups extensions.
Plan certificate infrastructure updates: X.509 certificates will need dual algorithms (classical + post-quantum). Rebuild CSR generators, CAs, browser integration.
Compliance deadlines approaching: NSA CNSA 2.0 mandates PQC by 2030. NIST FIPS 203/204/205 require federal compliance by 2030. Google’s internal deadline is 2029.
NIST published three finalized post-quantum standards in August 2024: FIPS 203 (ML-KEM key encapsulation), FIPS 204 (ML-DSA digital signatures), FIPS 205 (SLH-DSA hash-based signatures). These algorithms use lattice problems and hash functions with no known efficient quantum solutions.
The “standards aren’t ready” excuse died 19 months ago. Google deployed these to billions of devices through Android 17 and Chrome. OpenSSL 3.5+ supports them. Cloud providers (AWS, GCP, Azure) are adding PQC support.
The migration window is closing. Three years feels distant, but large enterprises need two to five years for cryptographic migrations at scale. Small teams have agility but less cryptographic expertise.
You can’t patch your way out. The quantum threat requires proactive migration before quantum computers cross the capability threshold. Once they do, every system using RSA or ECC becomes simultaneously vulnerable. There’s no phased rollout—it’s a step function, not gradual degradation.
Start now, or explain in 2029 why your organization’s encrypted communications from 2026 are being published by adversaries who had the patience to wait.
