Google is dramatically shortening its lead time for the arrival of Q-Day, the point at which existing quantum computers can break the public-key cryptography algorithms that protect decades of secrets belonging to militaries, banks, governments and almost every individual on the planet.
in a mail Posted on Wednesday, Google said it will give itself until 2029 to prepare for this event. The post went on to warn that the rest of the world should follow suit and adopt PQC (short for post-quantum cryptography) algorithms to augment or replace elliptic curves and RSA, both of which will break.
The end is near
“As pioneers in both quantum and PQC, it is our responsibility to lead by example and share an ambitious timeline,” wrote Heather Adkins, vice president of security engineering at Google, and Sophie Schmieg, senior cryptography engineer. “By doing this, we hope to provide the clarity and urgency needed to accelerate digital transitions not only for Google, but also for the entire industry.”
Separately, Google detailed its timeline for making Android quantum-resistant, the first time the company has publicly discussed PQC support in the operating system. Starting with the beta version, Android 17 will be supported ML-DSAa digital signature algorithm standard advanced by the National Institute of Standards and Technology. ML-DSA will be added to the Android hardware root of trust. The move will allow developers to have PQC keys to sign their applications and verify other software signatures.
Google said it now has ML-DSA built into Android’s verified boot library, which protects the boot sequence from tampering. Google engineers are also starting to move remote certification to PQC. Remote attestation is a feature that allows a device to demonstrate its current state to a remote server to, for example, demonstrate to a server on a corporate network that it is running a secure version of the operating system.
