Google warns that banks, governments, and technology providers need to be prepared for quantum computer hackers capable of breaking most existing encryption systems by 2029. The encryption currently used to keep information confidential and secure could easily be broken by a large-scale quantum computer in coming years, posing a significant threat to current cryptographic standards before the end of the decade. This has prompted Google to adjust its threat model to prioritize post-quantum cryptography migration for authentication services and recommends other engineering teams follow suit. The timeline suggests engineering teams should consider measures to protect sensitive data by migrating to more advanced encryption systems now, though it remains unclear how many organizations have already started this process.
Quantum computers are a nascent technology with great potential and significant obstacles to being widely usable. Google, Microsoft, and universities across the UK and the US are building systems that harness quantum mechanics to perform extremely sophisticated mathematical calculations. Most quantum computing systems are prohibitively difficult to build, requiring massive amounts of helium to cool to near-absolute zero temperatures or weeks aligning lasers, and current working quantum computers are too small to perform the tasks that most excite the scientific community. Constructing a very powerful quantum computer with hundreds of thousands or millions of stable qubits will require overcoming physical and technological challenges due to the fragile nature of quantum systems.
We've adjusted our threat model to prioritize post-quantum cryptography migration for authentication services – an important component of online security and digital signature migrations. We recommend that other engineering teams follow suit.
Google has adjusted its threat model to prioritize post-quantum cryptography migration for authentication services and recommends other engineering teams follow suit. The company's timeline suggests engineering teams should consider measures to protect sensitive data by migrating to more advanced encryption systems now.
Expert skepticism about Google's timeline has emerged, with alternative projections suggesting a longer timeframe. Leonie Mueck says Google's statement does not necessarily suggest there will definitely be a working quantum computer capable of breaking encryption by 2029. Most timelines for a cryptographically relevant quantum computer range from the 2030s to the 2050s.
Google's statement does not necessarily suggest that there will definitely be a working quantum computer capable of breaking encryption by 2029.
Governments and the intelligence community are already preparing for the eventuality that data stored to today's encryption standards will be exposed when quantum technology sufficiently advances. The intelligence community has been thinking about the threat of quantum hacking for probably more than a decade. The UK's National Cyber Security Centre urged organisations to guard their systems against quantum hackers by 2035.
We're basically seeing in the intelligence community already that for probably more than a decade, they've been thinking about this threat.