Google Moves 'Q Day' Deadline to 2029: Quantum Computers to Break RSA and Elliptic Curve Cryptography Sooner Than Expected
Available in: 中文
Google has dramatically shortened its readiness deadline for Q Day — the moment when quantum computers become powerful enough to break RSA and elliptic curve cryptography — to 2029, far sooner than...
The Announcement
Google has dramatically shortened its readiness deadline for Q Day — the moment when quantum computers become powerful enough to break RSA and elliptic curve cryptography — to 2029, far sooner than previous estimates. The warning applies to virtually all encrypted communications on Earth.
What Is Q Day?
Q Day refers to the point when quantum computers can:
- Break RSA encryption: Factor large prime numbers (foundation of TLS/SSL, SSH, PGP)
- Break Elliptic Curve Cryptography (ECC): Solve discrete logarithm problem (used in most modern crypto)
- Compromise decades of stored secrets: Encrypted communications, financial records, military intelligence
The threat isn't just future communications — "Store now, decrypt later" attacks mean adversaries are harvesting encrypted data today to decrypt when quantum computers arrive.
Google's Timeline
Internal Deadline: 2029
- Google gives itself until 2029 to migrate all systems to PQC
- Warns the entire industry to follow suit
- Previous public estimates ranged from 2030-2040+
Android PQC Migration
- Android 17 beta will support ML-DSA (NIST's post-quantum digital signature)
- ML-DSA integrated into hardware root of trust
- PQC keys for app signing and software verification
- Android verified boot, remote attestation, and Keystore all migrating to PQC
- Play Store and all app signatures will transition to PQC
Why The Urgency?
Google hasn't publicly stated its rationale, but experts speculate:
- Advancing quantum capabilities: Quantum error correction improving faster than expected
- State actor threats: China and other nations investing heavily in quantum computing
- "Harvest now, decrypt later": Encrypted data being collected now for future decryption
- Supply chain risk: Hardware and software migration takes years
Previous Estimates
- 2012: Billion physical qubits needed for 2048-bit RSA
- 2019: Estimate lowered to 20 million physical qubits
- 2026: Further reductions as error correction improves
- The trend is clear: the timeline keeps shrinking
What This Means For Everyone
For Developers
- Significant workload: Every Android app will need PQC signature migration
- API changes: TLS libraries, certificate management, key generation
- Testing burden: Dual-stack (classical + PQC) during transition
For Enterprises
- Inventory assessment: Every system using RSA or ECC needs migration planning
- Certificate lifecycle: New certificates, rotation policies, chain of trust updates
- Compliance: Financial, healthcare, government regulations will require PQC
For Individuals
- Most people won't notice — the migration happens at the infrastructure level
- Browser updates will handle most client-side changes
- Older devices may lose support if they can't handle PQC algorithms
The Post-Quantum Landscape
NIST has standardized several PQC algorithms:
- ML-KEM (Kyber): Key encapsulation (replaces RSA key exchange)
- ML-DSA (Dilithium): Digital signatures (replaces ECDSA)
- SLH-DSA (SPHINCS+): Hash-based signatures (stateless, conservative)
- FN-DSA (FALCON): Lattice-based signatures (compact keys)
The industry is moving, but Google's 2029 deadline says it needs to move much faster.
Source: Ars Technica
← Previous: China's Memory Chip Prices Plunge in Cliff-Dive Drop: DRAM and NAND Hit New LowsNext: CoopVPN: Privacy-Focused VPN Built by RiseupVPN Developers Launches as Cooperative Alternative →
0