TL;DR: Google has dramatically accelerated its timeline for securing its infrastructure against quantum computing threats, setting a 2029 deadline for full readiness – years ahead of most government and industry targets. The announcement has surprised cryptography experts, representing the company's clearest signal yet that it anticipates the arrival of "Q Day" – when quantum machines could break current encryption standards – sooner rather than later.
The announcement came this week in a blog post detailing Google's migration plan to post-quantum cryptography, a new generation of algorithms designed to withstand attacks from quantum computers.
"As a pioneer in both quantum computing and PQC, it's our responsibility to lead by example and share an ambitious timeline," wrote Heather Adkins, Google's vice president of security engineering, and Sophie Schmieg, a senior cryptography engineer. "By doing this, we hope to provide the clarity and urgency needed to accelerate digital transitions not only for Google, but across the industry."
Until now, most organizations had relied on milestones set by the US government and defense agencies, which generally target 2030 to 2033 for full quantum readiness. "That is certainly a significant acceleration/tightening of the public transition timelines we've seen to date, and is accelerated over even what we've seen the US government ask for," said Brian LaMacchia, a cryptography engineer who led Microsoft's post-quantum transition between 2015 and 2022 and now works at Farcaster Consulting Group, in an interview with Ars Technica. "The 2029 timeline is an aggressive speedup but raises the question of what's motivating them."
Google did not specify the reasons behind the shorter deadline. However, the company's research has repeatedly revised expectations for how soon current cryptographic systems could fail under quantum attacks.
Last year, Google scientists led by Craig Gidney published findings suggesting that a 2,048-bit RSA key could be broken in under a week by a quantum computer with one million noisy qubits. That estimate sharply reduced the previously accepted threshold, which in 2019 was believed to require roughly 20 million qubits.
Alongside its broader announcement, Google outlined its first comprehensive plan to make Android quantum-resistant. According to a separate post, the company will add support for ML-DSA – a digital signature algorithm standardized by the US National Institute of Standards and Technology – starting with the Android 17 beta release. ML-DSA will integrate into Android's hardware root of trust, allowing developers to use post-quantum cryptography keys for app signing and verification.
Google said ML-DSA has already been added to the Android Verified Boot library, ensuring that the operating system's startup sequence cannot be tampered with. Engineers are also transitioning Android's remote attestation – a mechanism for proving device integrity to corporate or cloud servers – to PQC.
Future updates will extend ML-DSA support to the Android Keystore, enabling secure on-device key generation, and eventually to the Play Store and its app-signing processes.
That migration will require significant changes for developers, who will need to update signing, verification, and authentication workflows. For Google, these efforts are part of what it calls a necessary shift to "prioritize PQC migration for authentication services – an important component of online security and digital signature migrations."
For cryptographers, Q Day has been a moving target for decades. Since mathematician Peter Shor revealed in the 1990s that a sufficiently powerful quantum computer could factor large integers exponentially faster than classical systems, the timeline for breaking RSA encryption has fluctuated, with the required quantum resources steadily decreasing over the years.
Despite the uncertainty, cybersecurity planners have treated the quantum threat as urgent. The NSA currently aims to transition national security systems to post-quantum cryptography (PQC) algorithms by 2033, with earlier deadlines for specific applications set for 2030 and 2031. Software vendors such as Signal, Cloudflare, and Apple have already begun incorporating NIST-approved PQC algorithms, including CRYSTALS-Kyber and ML-KEM-768, into their products, albeit often in a limited scope.
Google framed its internal timeline as both an engineering directive and a public warning. Whether the rest of the industry shares Google's assessment of the timeline remains uncertain. By setting a firm 2029 deadline, however, Google has effectively signaled that the race to outpace Q Day is no longer theoretical.