Summary
Google just moved the goalposts for quantum risk management. In a low-key blog post on March 25, the company committed to finishing its post-quantum cryptography migration by 2029, beating NIST’s 2030 deprecation and 2035 disallowance timelines. For CISOs, this is a clear signal to treat PQC as a current program, not a future plan, given Google’s reach across Chrome, Android, and Cloud.
Why it matters even more: Google is both setting the migration pace and building the tech that could break today’s crypto. Its Quantum AI team is still targeting a useful, error-corrected quantum computer by 2029. Recent milestones include the Willow chip’s below-threshold error correction, and a 2025 analysis showing RSA-2048 could fall with about 1 million noisy qubits in a week, a 20x reduction from prior estimates.
Fresh research now tightens the screws on elliptic-curve security. A EUROCRYPT 2026 paper from Google’s Rennes team cuts the logical qubit needs for solving ECDLP on common curves to 1,098 for P-256, 1,494 for P-384, and 1,895 for P-521, roughly half previous counts, at the cost of many more gates. Qubits remain the scarcest resource, so these reductions matter. Net takeaway: CRQC may arrive sooner than comfort allows, so accelerate crypto inventory, prioritize long-lived data, enable crypto agility and hybrid modes, and align your PQC roadmap to land no later than 2029.
Read more
See the original article at: https://postquantum.com/security-pqc/google-pqc-migration-2029/