Google has moved its internal estimate for 'Q Day' — the moment a quantum computer becomes powerful enough to break widely used public-key encryption — forward to 2029, far sooner than the industry had broadly anticipated, according to a report by Ars Technica.
The warning carries significant weight. RSA and elliptic curve (EC) cryptography underpin the security of virtually every sensitive digital transaction on the internet today, from banking to government communications to private messaging. Google's revised timeline suggests the window for safe migration may be measured in years, not decades.
Why 2029 Changes Everything
Previous mainstream estimates placed Q Day somewhere between 2030 and 2040, with some researchers suggesting the mid-2030s as the most likely point of risk. Google's acceleration of that estimate by as much as a decade represents a material shift in how urgently organisations must act.
The concern is not just about future breaches. Security researchers have long warned about a strategy known as 'harvest now, decrypt later' — where adversaries collect encrypted data today with the intention of decrypting it once quantum capability matures. Sensitive data transmitted in 2025 could be exposed in 2029 if this threat model proves accurate.
The window for safe migration may be measured in years, not decades.
Governments have already begun responding to this risk. The U.S. National Institute of Standards and Technology (NIST) finalized its first set of post-quantum cryptographic standards in 2024, after nearly a decade of evaluation. Those standards — including algorithms such as CRYSTALS-Kyber for key exchange and CRYSTALS-Dilithium for digital signatures — are designed to resist attacks from both classical and quantum computers.
The Scale of the Migration Problem
Migrating away from RSA and EC cryptography is not a simple software update. It requires changes across hardware security modules, certificate authorities, communication protocols, and legacy infrastructure that in some cases has been running untouched for decades.
For large enterprises, a full cryptographic migration can take three to five years to complete, according to industry assessments from organizations including the Cloud Security Alliance. If Google's 2029 estimate is accurate, organizations that have not yet started that process are already behind schedule.
The human stakes extend well beyond corporate IT departments. Medical records, financial histories, and communications protected by current encryption standards could become vulnerable. A 2023 study by the Hudson Institute estimated that a successful cryptographic break could expose financial systems representing tens of trillions of dollars in value, though the precise figures depend heavily on how broadly quantum capability is deployed and by whom.
What Google Is Asking the Industry to Do
Google's warning is not merely predictive — the company is actively calling on the broader technology industry to accelerate migration timelines. According to the Ars Technica report, Google is urging organizations to move off RSA and EC cryptography more quickly, treating 2029 not as a hard deadline but as a credible near-term risk horizon.
This positions Google alongside a growing chorus of voices that includes NIST, the Cybersecurity and Infrastructure Security Agency (CISA), and the UK National Cyber Security Centre (NCSC), all of which have issued guidance in recent years pushing for faster adoption of post-quantum cryptography.
Migration complexity is compounded by the fact that quantum-resistant algorithms generally require larger key sizes and more computational overhead than their classical counterparts. For resource-constrained environments — Internet of Things (IoT) devices, embedded systems, and older network hardware — that tradeoff can be technically challenging and costly.
A Credibility Test for Quantum Timelines
Skeptics have long pointed out that quantum computing timelines have historically been subject to significant over-optimism. Estimates for commercially relevant quantum computers have slipped repeatedly over the past two decades, leading some security professionals to treat Q Day warnings with caution.
However, Google's credibility as a source matters here. The company operates one of the world's leading quantum computing research programs and produced the Willow quantum chip in late 2024, which demonstrated benchmark performance gains that Google described as exponential improvements in error correction — a critical barrier to building cryptographically relevant machines.
Whether 2029 proves accurate or not, the directional signal is clear: the gap between today's quantum hardware and cryptographically dangerous quantum hardware is closing faster than most public-facing forecasts have assumed.
What This Means
Any organization handling sensitive data with a lifespan beyond three to four years needs to begin post-quantum cryptographic migration immediately — waiting for certainty on Q Day's exact timing is itself a security risk.