Q-Day sooner than expected? Google accelerates quantum security

The internet giant Google is setting an ambitious timeline for the transition to Post-Quantum Cryptography (PQC). Researchers in Mountain View apparently now expect significant progress towards a cryptographically relevant quantum computer (CRQC) as early as 2029 and are accelerating the transition of their products and services. Digital signatures are a particular focus.

Google sees itself as a pioneer in quantum computing, but also in post-quantum cryptography. In fact, the Google Quantum AI research department announced a paradigm shift just a few days ago: instead of only working on superconducting qubits, they will also research quantum computers using neutral atoms. In a self-imposed role model, Google is streamlining its timeline – “in light of progress in hardware, error correction, and resource estimation of quantum computer factorization,” as stated in an article.

By 2029, Google's encryption is expected to be quantum-safe, even ahead of the recent recommendation from the German Federal Office for Information Security (BSI). The BSI has issued a recommendation for the end of 2031. To achieve its own ambitious goal, Google is working on the quantum security of several products: Android 17 will get post-quantum signature methods. Google Cloud and its in-house browser Chrome already have PQC support.

Nervous Security Researchers

The announcement has the community buzzing. While a well-informed observer of the international crypto scene, in a background conversation with heise security, perceived a certain nervousness, PKI luminary Filippo Valsorda goes a step further. He has revised his position from last year and now believes that post-quantum key exchange should have been implemented “yesterday” and that quantum-safe signatures are urgently important. Designing or even rolling out non-quantum-safe crypto systems is now superfluous, according to Valsorda in a Mastodon post.

(cku)