Google just revised its ‘Q-Day’ timeline: Quantum computers could break existing encryption techniques within three years – and enterprises are nowhere near ready

Google has warned that “Q-Day”, the point where a quantum computer is powerful enough to crack current encryption techniques, could come as soon as 2029.

The new timeline comes in light of progress in quantum computing hardware development, quantum error correction, and quantum factoring resource estimates.

Quantum computers pose a particular threat to encryption and digital signatures, according to the company, and attackers are already stealing encrypted data they believe they'll be able to decrypt some time in the future.

Digital signatures, meanwhile, will also be under threat, requiring a transition to post-quantum cryptography (PQC) before the development of Cryptographically Relevant Quantum Computers (CRQCs).

"As a pioneer in both quantum and PQC, it’s our responsibility to lead by example and share an ambitious timeline," warned Heather Adkins, VP, security engineering, and Sophie Schmieg, senior staff cryptography engineer

"By doing this, we hope to provide the clarity and urgency needed to accelerate digital transitions not only for Google, but also across the industry."

Most firms aren't prepared for Q-Day

Estimates of when Q-Day is likely to arrive have varied widely, but most experts have suggested dates in the mid-2030s.

In 2025, the UK’s National Cyber Security Centre (NCSC) urged organizations to carry out PQC migration activities by 2031, and to have completed migration to PQC of all systems, services, and products by 2035.

NCSC CTO Ollie Whitehouse said at the time this transition will be a “complex change programme that makes fixing the Millennium Bug look easy”.

Research from Bain & Company in January this year found that 90% of organizations don’t yet have systems in place to defend against quantum security threats.

This was despite the fact that 71% expected quantum-enabled attacks within five years, with a third predicting them within three.

Notably, only one-in-ten said they had a roadmap in place to address the risks, with most waiting to see what happens and hoping a third party solves the problem first.

Google moving fast on PQC

Alongside its Q-Day warning, Google has announced that it's integrating PQC digital signature protection using ML-DSA into Android 17.

The tech giant said the proactive move aligns with recommendations outlined by the National Institute of Standards and Technology (NIST).

In a blog post confirming the move, Eric Lynch, Android product manager, and Dom Elliot, group product manager at Google Play, said the update aims to "establish a new, quantum-resistant chain of trust".

"This chain of trust secures the platform continuously—from the moment the OS powers on, to the execution of applications distributed globally. Android is swapping today’s digital locks for advanced encryption to help enhance the security of every app you download — no matter how powerful future supercomputers get.”

FOLLOW US ON SOCIAL MEDIA

Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.