Google has established a timeline to integrate post-quantum cryptography (PQC) across its systems, products, and services by the end of 2029. Detailed in a recent announcement by Heather Adkins, vice president of security engineering, and Sophie Schmieg, senior staff cryptography engineer at Google, the migration aims to safeguard digital infrastructure against the evolving capabilities of quantum computation.
While quantum computers promise significant advancements in science, they also introduce risks to current authentication and encryption methodologies. As this technology becomes more accessible, unauthorized parties may use it to bypass existing security controls. To protect users and data, organizations like Google, Apple, and various public sector entities are prioritizing cryptographic algorithms designed to resist quantum computation. This transition is guided by the National Institute of Standards and Technology (NIST), which published its first finalized PQC standards in 2024.
Google's post-quantum migration strategy
Google’s transition focuses on safely migrating to a post-quantum state within NIST’s current guidelines. The company has already begun rolling out PQC within its internal operations and products, centering its efforts on three areas: maintaining crypto agility, securing critical shared infrastructure, and supporting ecosystem-wide shifts to create a more resilient long-term security architecture.
A key detail in Google's updated threat model is the specific prioritization of authentication services. While encryption faces immediate exposure from "store-now-decrypt-later" data collection—where unauthorized parties gather encrypted data today to decrypt it once quantum technology matures—digital signatures represent a future risk that requires a transition to PQC before a Cryptographically Relevant Quantum Computer (CRQC) is developed. Google recommends that engineering teams prioritize PQC migration for authentication services to protect digital signatures and online security.
Supporting this 2029 commitment, Android 17 will integrate PQC digital signature protection using the Module-Lattice-Based Digital Signature Algorithm (ML-DSA). This addition expands upon previously announced post-quantum support within Google Chrome and Google Cloud.
Preparing systems for the quantum transition
Security experts emphasize that a 2029 timeline is manageable and represents a proactive security posture. Melina Scotto, a cybersecurity executive adviser and chief information security officer, notes that while not every organization has Google's resources, engineering teams can prioritize intermediate protective measures, such as implementing strong salting techniques. Adding this layer of randomness to cryptographic processes increases the effort, cost, and time required for unauthorized parties to compromise data using precomputed methods, providing valuable interim protection while comprehensive encryption solutions are finalized.
Dustin Moody from NIST advises that falling behind on quantum preparation introduces broader risks, including future interoperability issues with partners who prioritize PQC. For organizations beginning this process, Moody recommends focusing on methodical preparedness rather than urgency.
Teams can strengthen their posture by taking the following steps:
Conduct a cryptographic inventory: Build awareness by identifying exactly where and how cryptography is currently used within the environment.
Engage service providers: Since many organizations rely on third-party solutions, engage with cloud platforms, VPN vendors, and software partners to confirm their specific post-quantum migration plans.
Design for crypto agility: Ensure systems are built to adapt as cryptographic standards evolve over time.
Protect sensitive data: Assign the highest priority to systems that protect long-lived sensitive data requiring confidentiality well into the future.