On March 25, Google released a blog post titled “Quantum frontiers may be closer than they appear.” Here’s how it starts:
“Google presents a 2029 timeline to secure the quantum era with the migration of post-quantum cryptography (PQC).
“Last month, we made a call to save quantum time before a quantum computer can destroy the current process.” This new timeline reflects the migration needs of the PQC era in light of advances in the development of quantum computing devices, quantum error correction and quantum factoring devices.”
In a related Google blog post with more information on securing cryptocurrencies that was released on March 31, they explained:
“Google has been leading the responsible revolution in post-quantum cryptography since 2016. In a new report, we show that in the future quantum computers can break the elliptic curve cryptography that protects cryptocurrencies and other applications with fewer qubits and gates than previously thought. post-quantum cryptography (PQC), which is resistant to quantum attacks.
“To share this research responsibly, we collaborated with the US government and developed a new way to explain these vulnerabilities with proof of ignorance, so that they can be verified without providing a road map for evildoers. We encourage other research groups to do the same to keep people safe. Research, and the Ethereum Foundation.”
PQC’S CYBER RESOURCES
Commenting on these announcements, DigiCert CEO Amit Sinha, who recently moderated a PQC discussion on the topic at the RSA Conference, said:
“Google’s updated schedule of 2029 is certainly a wake-up call, but it is not new information. Gartner pointed to 2029 as the most important milestone in 2024, and the industry has already lost an important moment. What changes now is that when a company like Google confirms that urgency, many organizations may start to act.
“At the RSA conference last week, I had the opportunity to moderate a group with leaders like Michele Mosca, Bruno Couillard and Taher Elgamal about the future of PKI in the post-quantum world. One thing was clear: The discussion has moved from if mass disruption is coming to how quickly organizations can change their trust models.
“But we are already seeing the first movement: About 40 percent of the most popular websites now support post-quantum key exchange”.
“What is often overlooked is that the same measures required for quantum readiness (ie: cryptographic inventory, automation and crypto agility) are also important as the certificate lifetime approaches 47 days. So the challenge is no longer awareness; it is action before these pressures collide.”
Drew Todd wrote this piece in the same PQC session for SecureWorld:
Google has been investing in post-quantum security across its products for several years. Chrome has supported PQC key exchange methods, Google Cloud has provided PQC capabilities to enterprise customers, and internal communication systems have been converted to quantum-safe protocols.
“The latest concrete thing: Android 17 will integrate digital PQC protection using ML-DSA, which is compatible with the latest standards of the US Institute of Standards and Technology (NIST).
“For corporate security personnel, 2029 is close enough to warrant immediate planning.” The PQC migration is not a lift and shift process; they require cryptographic inventory, dependency mapping, algorithm selection consistent with NIST standards, and integration testing across complex, often legacy architectures. pipelines that PQC changes will require…”
SEND THIS TO PQC
I’ve been talking about the upcoming reality of Q-Day on this blog for a few years now. Michael McLaughlin said this in a previous interview in 2023, which seems even more relevant today:
“First, on Q-Day, networks secured using old encryption methods will be vulnerable to being hacked by the country.” Due to recent breaches by Chinese actors such as Marriott-Starwood, Equifax and the Office of Personnel Management, it is clear that there is a capable country that is currently developing a large amount of computer data and automation.
Second – and this is very important – any data that has been compromised at any time leading up to Q-Day, whether encrypted or not, will be read. in case of violation.
“To reduce both of these events, companies should migrate their network architecture to cryptography that is resistant to multiple methods. Fortunately, there are several business solutions on the market today that are available for adoption.”
ADD THE END
As I explained last week in my summary of the RSA Conference, the word “AI” has become the ubiquitous “pixie dust” that every company is now selling their new products and services. It was difficult, but not impossible, for RSAC to hear about PQC-focused products and roadmaps to address the issue.
But Google’s recent announcements, along with other stories that support the number, seem to make the top 2026 security industry predictions at PQC come true. As a reminder, I wrote this as a top industry trend this year:
“Shift to Post-Quantum Security: Organizations must accelerate the transition to post-quantum cryptography to protect against “harvest now, decrypt later” from sophisticated adversaries.”
#PostQuantum #Cryptography #Awareness #Implementation