Google’s security team announced on March 25 that it has a 2029 deadline to complete the transition to post-quantum cryptography (PQC) and encouraged organizations that rely on authentication and digital signature systems to follow the same timeline.
The announcement was posted on Google’s security blog by Heather Adkins, vice president of security engineering, and Sophie Schmieg, senior cryptographic engineer. This statement is not just an internal goal. This is a clear recommendation for the industry.
“With this, we hope to provide the clarity and urgency needed to accelerate the digital transition, not just at Google but across the industry,” Adkins and Schmieg said. Google is one of the most influential companies in the world’s digital security standards, and the publication deadline from Google’s side works as follows: Reference signals for organizations People who don’t have a migration plan yet.
The report’s central argument is that quantum threats are not uniform; There are two types of risks due to different calendars.:
- The first affects data encryption and is already up to date. This is due to the following attack. «Save-now-decrypt-later»“Collect now, decrypt later.” This practice allows malicious attackers to capture and store communications encrypted with current standards, waiting to be decrypted by quantum computers in the future. This means that sensitive data being exchanged today could be retroactively exposed when the technology matures. Adkins and Schmieg said they have “adjusted our threat model to prioritize PQC migration for authentication services” and recommend that other engineering teams do the same.
- The second one affects digital signatures and is in the future.However, before there is a cryptographically relevant quantum computer (CRQC), a machine powerful enough to break current cryptographic standards, a preemptive transition is needed.
Google experts say the technical foundation for the transition is a standard published by the U.S. National Institute of Standards and Technology (NIST) in 2024 after years of consideration by the international cryptographic community.
How Google is already making progress with Android and quantum hardware
As reported by CriptoNoticias, Google announced on March 25th: Android 17 enhances verified system boot and authentication mechanisms using post-quantum cryptographyapplications such as cryptocurrency wallets will be able to perform post-quantum signatures directly from the device’s secure hardware.
Android 17 Post-Quantum Shield is locked into NIST’s native ML-DSA (Post-Quantum Cryptographic Signature) support. Enable applications to use signatures that are secure against quantum attacks Encryption can be performed directly from the device hardware without requiring developers to implement their own cryptographic solutions.
With the announcement of Google Quantum AI, the 2029 deadline becomes even more urgent. The team said it is “increasingly confident” that commercially relevant quantum computers will be available by the end of this century. This is the first time the company has set such a specific period..
Impact on Bitcoin
Two risks we identified apply directly to Bitcoin. malicious actor You can now get your Bitcoin public key starting today It is then stored so that it can be decrypted in the future when quantum computers have access to it.
Addresses that expose their public keys on-chain, such as P2PK and some P2PKH-style addresses, are most vulnerable to this strategy because the data needed for future attacks is already permanently and publicly recorded on the network.
The second risk affects the mechanism by which users authorize transactions. Bitcoin uses ECDSA (Elliptic Curve Digital Signature Algorithm) for users to prove ownership of their funds. A sufficiently powerful quantum computer Private key can be derived from public keyAllows an attacker to sign transactions on behalf of any user. That risk is future, but requires advance preparation.
To combat both, the Bitcoin developer community is analyzing BIP-360, a technical proposal that was incorporated into the official Bitcoin repository on February 11, as reported by CriptoNoticias.
The proposal introduces a new type of address called Pay-to-Merkle-Root (P2MR), which can be identified by the prefix bc1z and whose public key is hidden under a hash while funds are stored.
Therefore, the attacker: No data to process today to perform future attacks. BIP-360 is in draft and review stages. Its publication does not imply immediate activation, but rather the beginning of the process of technical discussions and consensus among developers necessary for changes to the Bitcoin protocol.
(Tag Translate) Quantum Computing
