Google Sets 2029 Deadline for Quantum-Safe Cryptography

APPLICATION SECURITY IDENTITY & ACCESS MANAGEMENT SECURITY CYBERSECURITY OPERATIONS CYBER RISK NEWS Google Sets 2029 Deadline for Quantum-Safe Cryptography The post-quantum future may be coming sooner than you think, as Google plans to have PQC migration in place by 2029. Alexander Culafi,Senior News Writer,Dark Reading March 27, 2026 4 Min Read SOURCE: ALES UTOUKA VIA ALAMY STOCK PHOTO The post-quantum future appears to be on its way, and some believe that future may be as soon as a few years out.  Google on Wednesday announced that it would aim to integrate post-quantum cryptography (PQC) into its systems, products, and services by the end of 2029. The migration timeline was announced in a blog post authored by Heather Adkins, vice president of security engineering, and Sophie Schmieg, senior staff cryptography engineer at Google.  The announcement follows a call to action the tech giant published last month, in which the company said quantum computers were going to revolutionize the sciences but also break current authentication and encryption methodologies. And as quantum computation becomes more available, threat actors will similarly be able to take advantage of the technology. This is why vendors like Google and Apple, as well as the public sector, have placed emphasis on getting PQC in place with cryptographic algorithms designed to resist future quantum computers. The US government's National Institute Standards & Technology (NIST) published its first standards on PQC in 2024, which companies like Google are using as a road map for the future. Related:AI-Powered Dependency Decisions Introduce, Ignore Security Bugs Google's Impending Post-Quantum Migration In the February blog post, Google described its migration as follows. "We are on track to complete a PQC migration safely within NIST's current guidelines and we've begun rolling out PQC within our infrastructure for internal operations and products. To successfully migrate to a safer post-quantum state we're focused on three key areas: Crypto agility, securing critical shared infrastructure, and facilitating ecosystem shifts, which can create a long-term and more robust security infrastructure," the post read.  NIST continues to make a big push for PQC migration into hardware, software, and products, and other public sector entities have also shown interest in the technology. Although quantum computing in a security context is usually devoted to encryption as the key issue (Google warned of attacks where threat actors would steal data to decrypt a few years from now), the new blog post emphasizes authentication as a foremost topic of concern. "Quantum computers will pose a significant threat to current cryptographic standards, and specifically to encryption and digital signatures. The threat to encryption is relevant today with store-now-decrypt-later attacks, while digital signatures are a future threat that require the transition to PQC prior to a Cryptographically Relevant Quantum Computer (CRQC)," Adkins and Schmieg wrote. "That's why we've adjusted our threat model to prioritize PQC migration for authentication services — an important component of online security and digital signature migrations. We recommend that other engineering teams follow suit." Related:Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit Alongside the 2029 commitment, Google mentioned that Android 17 is integrating PQC digital signature protection using Module-Lattice-Based Digital Signature Algorithm (ML-DSA), which comes in addition to previously announced support for post-quantum technologies in Google Chrome and Cloud.  Preparing for the Quantum Era Melina Scotto, a cybersecurity executive adviser and longtime chief information security officer (CISO), tells Dark Reading the 2029 deadline is manageable and presents a proactive security posture on Google's part. Although not every organization can be as well resourced as Google, Scotto urged organizations to prioritize implementing robust salting techniques. "Salts add a vital layer of randomness to our cryptographic processes, significantly impeding attackers' efforts to leverage precomputed attacks," she says. "This approach increases the effort, cost, and time required for adversaries to compromise our data, effectively buying us valuable protection as we work toward comprehensive encryption solutions. Staying ahead of these threats with layered, strategic defenses is essential to safeguarding our critical information now and into the future." Related:How AI Coding Tools Crushed the Endpoint Security Fortress NIST's Dustin Moody says that for organizations, the risk of not preparing for quantum computing goes beyond external threats to data and authentication systems. It can also cause interoperability issues with partners in the future that do prioritize PQC. However, for smaller organizations, the response should be to prioritize preparedness over panic.  "Begin by building awareness and conducting an inventory of where cryptography is used. Because smaller organizations typically rely on third-party solutions, the most important step is engaging your service providers — cloud platforms, VPN vendors, and software partners — to confirm their post-quantum migration plans," he says. "Organizations should also be mindful of crypto agility, ensuring their systems can adapt as standards evolve. Concern should be highest for systems that protect long-lived sensitive data and require confidentiality well into the future." About the Author Alexander Culafi Senior News Writer, Dark Reading Alex is an award-winning writer, journalist, and podcast host based in Boston. After cutting his teeth writing for independent gaming publications as a teenager, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere. In his spare time, Alex hosts the weekly Nintendo podcast Talk Nintendo Podcast and works on personal writing projects, including two previously self-published science fiction novels. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like APPLICATION SECURITY Trump Administration Rescinds Biden-Era Software Guidance by Alexander Culafi JAN 29, 2026 APPLICATION SECURITY Red Hat Investigates Widespread Breach of Private GitLab Repositories by Rob Wright OCT 02, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 APPLICATION SECURITY Oracle Cloud Users Urged to Take Action by Jai Vijayan, Contributing Writer MAR 31, 2025 Editor's Choice CYBERSECURITY OPERATIONS Why Stryker's Outage Is a Disaster Recovery Wake-Up Call byJai Vijayan MAR 12, 2026 5 MIN READ CYBER RISK What Orgs Can Learn From Olympics, World Cup IR Plans byTara Seals MAR 12, 2026 THREAT INTELLIGENCE Commercial Spyware Opponents Fear US Policy Shifting byRob Wright MAR 12, 2026 9 MIN READ Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST More Webinars White Papers Autonomous Pentesting at Machine Speed, Without False Positives Fixing Organizations' Identity Security Posture Best practices for incident response planning Industry Report: AI, SOC, and Modernizing Cybersecurity The Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks. Explore More White Papers GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE