John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Google just set its internal post-quantum cryptography migration deadline at 2029. That’s not a research projection. That’s an operational target from the company running the largest internet infrastructure on the planet.
Why the acceleration? Faster-than-expected progress in quantum hardware stability, advances in error correction, and Chinese quantum research that has US executives visibly nervous. The White House has been discussing pushing federal PQC migration to 2030. Google’s target is ahead of even that.
Here’s what should keep you up at night: “harvest now, decrypt later” is not theoretical. Nation-state intelligence services are already collecting encrypted traffic, banking on quantum computers eventually cracking it. If you encrypted sensitive data with RSA-2048 or ECDHE and it needs to stay secret for ten years, you may have already lost that bet. Health records, IP, financial data, diplomatic communications. The clock started the day the ciphertext was captured.
NIST finalized the standards in 2024. The algorithms exist. The question was always about when organizations would start using them. Google just answered for itself.
Cryptographic migrations are brutal, touching everything from TLS certs to HSMs. The SHA-1 to SHA-256 transition took nearly a decade, and that was just swapping hash functions. This is bigger. If your organization handles data that needs to stay confidential for more than three years, the planning window is now. Not next quarter. Now.
Read the full analysis on Google’s 2029 deadline and what it means for your encryption