Google sets 2029 deadline for post-quantum cryptography migration across systems and infrastructure

Android 17 rollout, BIP 360 proposal, and Ethereum Foundation initiative outline early responses to quantum risk

TL;DR

• Google targets 2029 for full post-quantum cryptography migration across its systems
• Bitcoin and Ethereum rely on digital signatures that could be affected by future quantum advances
• Early responses include Android 17 PQC integration, BIP 360, and Ethereum’s new security hub

We’ve launched the all-new COIN360 Perp DEX, built for traders who move fast!

Trade 130+ assets with up to 100× leverage, enjoy instant order placement and low-slippage swaps, and earn USDC passive yield while climbing the leaderboard. Your trades deserve more than speed — they deserve mastery.

Google has set a firm 2029 deadline to complete its transition to post-quantum cryptography, citing accelerating advances in quantum computing capabilities that could compromise existing encryption and digital signature systems. The timeline was detailed in a March 25, 2026 update, where Google security engineers Heather Adkins and Sophie Schmieg wrote that quantum developments “may be closer than they appear,” referencing ongoing improvements in quantum hardware, error correction, and factoring resource estimates.

The company defined two parallel threat vectors tied to quantum computing. One involves immediate exposure through “store now, decrypt later” attacks, where encrypted data is harvested and held until it becomes vulnerable. The second focuses on future risks to digital signatures, which underpin authentication systems and blockchain ownership models, and would be vulnerable once a Cryptographically Relevant Quantum Computer becomes operational.

Google confirmed it is integrating post-quantum protections into multiple layers of its ecosystem, including Google Cloud, Chrome, and internal infrastructure, while also deploying ML-DSA, a NIST-standardized quantum-resistant signature algorithm, into Android 17. The company stated it aims to “lead by example and share an ambitious timeline,” adding that the objective is to create “clarity and urgency” for the broader industry.

Bitcoin and Ethereum were identified as systems that rely on cryptographic signatures to authorize transactions and verify ownership. These mechanisms form the basis of wallet control and transaction validation within blockchain networks.

Bitcoin’s upgrade path remains constrained by its decentralized governance structure, requiring coordination across miners, developers, exchanges, and users to implement protocol-level changes. A proposal known as BIP 360 has been merged into the Bitcoin Improvement Proposal repository, introducing a quantum-resistant address format called Pay-to-Merkle-Root, though the proposal does not activate protections without further adoption and implementation across the network.

Jameson Lopp, co-founder and chief security officer at Casa, said that while quantum computing remains distant in practical terms, migration timelines for Bitcoin could extend between five to 10 years, noting that ecosystem-wide transitions involve moving funds and upgrading infrastructure across millions of participants. Lopp added that the industry is still “several orders of magnitude away” from a viable quantum threat and that progress may remain “more than a decade, and possibly several decades” from reaching that level.

Ethereum has taken steps to accelerate preparation efforts, with the Ethereum Foundation launching a post-quantum security resource hub on March 25 to coordinate research and development. Additional reporting indicates Ethereum developers are aligning protocol-level upgrades with a 2029 target timeline, reflecting parallel planning with Google’s migration benchmark.

Solana developers introduced a quantum-resistant vault in January 2025, designed to generate new cryptographic keys for each transaction as a mitigation strategy against signature compromise. The design focuses on limiting exposure windows for any single key, reducing vulnerability under future quantum attack scenarios.

Some projections referenced in the broader discussion place quantum risk further out, including estimates extending to 2035, though Google’s migration target establishes the most recent operational benchmark. The company emphasized that waiting for definitive proof of a quantum breakthrough is not a viable strategy given current data collection risks and the time required for system-wide upgrades.

This article has been refined and enhanced by ChatGPT.