After Google updated its timeline and revealed that it is working to build post-quantum cryptography (PQC) features in the next version of its Android mobile operating system, cyber experts have welcomed signs that the pace of moving towards a safe, secure PQC is accelerating, but they have also emphasized that the data security risks posed by quantum computers should not be ignored today.
Google’s goal of moving to PQC by 2029, three years from now, is a blowout from the migration schedule of others, including the US Commercial National Security Algorithms (CNSA) 2.0 migration schedule. Ping Identity, head of access control engineering Suman Sharma said: “Google is accelerating its timeline to 2029 highlighting the growing awareness in the industry that the window to be ready for the world after the number is smaller than many expected.
“We are already in the midst of the biggest evolution of the internet in decades, and hybrid quantum-resistant standards have been rolled out across browsers and mainstream devices,” he said.
“High security features are rapidly progressing to fully secure systems, but much of the wider environment is still operating at a temporary level,” Sharma said. “This latest step confirms that leading technology providers no longer see end-to-end security as an afterthought. It is now an immediate priority, and the pace of adoption will continue to accelerate.”
According to Mark Pecen, chairman of the Quantum Technologies Committee at the European Telecommunications Standards Institute (ETSI), Google’s fast turnaround time shows the transition from trying to predict Q-Day to the preventive management of today’s risks.
“The real concern is not when quantum computers arrive, it’s that adversaries are already collecting encrypted data today to decrypt it later,” Pecen said. “The existing public key systems that secure internet and wireless transactions, Rivest-Shamir-Adelman (RSA) and Elliptic Curve Cryptography (ECC) are classic cryptosystems, developed in the 1970s and 1980s respectively.
“These algorithms are getting weaker every year as technology advances, so post-quantum cryptography is being considered as the next generation of data security.
In addition, new and faster “quantum decryption” algorithms are already being developed,
Its developers say that given the right tools, come Q-Day, JVG can break RSA in 11 hours.
“By moving ahead of the government’s timeline, Google is effectively forcing the industry to treat quantum migration as an operational priority rather than a future exercise,” said Pecen.
Harvest now, delete later
At the moment, many worries are caused by the growth shown in the so-called harvesting now, the latest cyber attacks (HNDL) where the threat actors produce encrypted data now and keep it ready for the moment when the latest algorithms fail, and Simon Pamplin, chief technology officer Certes – PQC specialist – said that for many organizations the daily risk is not the right time. now.
“Enemies are already running HNDL campaigns: generating encrypted data today with the goal of unlocking it once it’s a cryptographically linked quantum computer. [CRQC] it is there,” he said.
“If your organization still relies on RSA, TLS or traditional PKI to protect sensitive data in transit, that data is already at risk, regardless of whether Q-Day lands in 2029 or 2035,” Certes added.
“With data flowing across legacy systems, multi-cloud environments, AI and the edge, the potential risk organizations face today is real, and very serious if left unchecked.”
Next steps
Matt Campagna, chairman of ETSI’s working group on Quantum-Safe Cryptography, said that Google’s priority of adversarial digital signatures has shown significant industry leadership in the field, and hailed the great progress in the field that ETSI has been championing for 13 years.
“Organizations that use information technology tools should pay attention,” he said. “Understanding local PQC migration timelines, as set by customers and regulators, is now critical. Businesses must develop their own PQC migration strategies and actively engage with vendors and suppliers to ensure compliance.”
Certes’ Pamplin agreed with this view. “Moving to post-quantum is a multi-year project for many organizations, and with Gartner predicting that CRQC could be reached by 2029, the gap between where most businesses are and where they need to be is closing fast – and steps need to be taken today,” he said.
Some of the upcoming challenges that business technology leaders will have to face in the near future include legacy systems that may prove impossible to natively upgrade to PQC, a multi-cloud environment that creates problems due to inconsistent security practices and data privacy policies, and gaps around the user and network.
Pamplin said: “Companies need to look for end-to-end PQC solutions that can protect data across any device, any device, anywhere. In particular, solutions that guarantee independent, crypto-agile PQC security, where only the owner of the data controls the key, from server to server, and where security persists through data, not infrastructure.
“Quantum readiness is not about predicting the date,” he said. “It’s about eliminating long-term exposure before that day becomes worthless.”
#PQC #downtime #highlights #urgent #risk #data #security #Computer #Weekly