← Back to blog
5 min read News

Google Warns: Quantum Computers Could Break Encryption by 2029

Google bumps up Q-day estimate to 2029 - five years earlier than expected. Why this matters for banks, governments, and anyone storing encrypted data.

newscryptographysecuritygoogle

Google just moved the timeline for cryptographically relevant quantum computers from “sometime in the 2030s-2050s” to 2029. That’s five years closer than most conservative estimates - and it means organizations need to migrate to post-quantum cryptography now, not later.

The company’s security engineering team published a warning this week stating that quantum computers “will pose a significant threat to current cryptographic standards” before the end of the decade. They’re specifically calling out risks to digital signatures and encryption - the foundation of secure communications across banking, government, and enterprise systems.

Why 2029? What Changed?

Most timelines for cryptographically relevant quantum computers (CRQCs) - machines powerful enough to break RSA and ECC encryption - have ranged from the 2030s to 2050s. Google’s new estimate assumes that error rates continue improving and error correction techniques scale successfully.

The math is straightforward but unforgiving: breaking 2048-bit RSA requires roughly 20 million noisy physical qubits or about 4,000 logical qubits with good error correction. We’re nowhere near that today - current systems have hundreds of qubits with ~0.1-1% error rates. But if error correction reaches the surface code threshold (~0.5-1% physical error rates) and qubit fabrication scales as planned, 2029 becomes plausible.

Scott Aaronson, quantum computing scientist and professor at UT Austin, told Semafor he agrees: “It would be wise to transition to post-quantum cryptography by 2029, because effective quantum computers could plausibly arrive by then.”

That “plausibly” is doing a lot of work. We don’t know if error correction will scale cleanly or if physical qubits will hit the required thresholds. But uncertainty cuts both ways - you don’t want to find out you were wrong about the timeline after your encrypted data gets compromised.

The “Store Now, Decrypt Later” Problem

Here’s why this matters right now, not in 2029: adversaries are already intercepting and storing encrypted data today, planning to decrypt it once quantum computers become available. This attack model - called “harvest now, decrypt later” - is particularly dangerous for:

  • Government classified documents - 10-year-old intelligence is still highly sensitive
  • Financial records - bank transactions, investment strategies, customer data
  • Healthcare data - patient records under lifetime privacy requirements
  • Trade secrets - intellectual property with multi-decade value

If you’re encrypting sensitive data with RSA or ECC today, assume it could be decrypted by 2029-2035. That means organizations with long-term confidentiality requirements need to start migrating to quantum-resistant cryptography immediately.

What Google Recommends (And Who Should Listen)

Google’s specific recommendation: prioritize post-quantum cryptography migration for authentication services and digital signature systems. These are critical because they verify identity and transaction integrity across the internet.

The National Institute of Standards and Technology (NIST) finalized post-quantum cryptographic standards in 2024, including algorithms like CRYSTALS-Kyber (key encapsulation) and CRYSTALS-Dilithium (digital signatures). These algorithms are designed to resist both classical and quantum attacks.

Who needs to act on this?

  1. Banks and financial institutions - already moving on this. JPMorgan Chase established a quantum-secured crypto-agile network (Q-CAN) connecting data centers. Over 15 global banks including Goldman Sachs, HSBC, and BBVA are preparing for post-quantum transitions.

  2. Government agencies - the UK’s National Cyber Security Centre warned organizations to prepare by 2035. Google’s timeline makes that deadline feel optimistic.

  3. Healthcare providers - HIPAA compliance requires protecting patient data, but current encryption won’t hold against quantum attacks.

  4. Cloud providers and SaaS platforms - if you’re storing customer data encrypted with RSA, start planning your migration.

  5. Anyone building long-lived systems - if your infrastructure will still be running in 2029, it needs quantum-resistant crypto.

What This Doesn’t Mean

Let’s be clear about what Google isn’t saying:

  • Not claiming quantum computers will definitely break encryption by 2029 - they’re saying it’s plausible enough to plan for
  • Not suggesting quantum computers are here today - current systems are nowhere near the scale needed (thousands of logical qubits vs. today’s hundreds of physical qubits)
  • Not claiming quantum computers will break all encryption - symmetric encryption (AES-256) is still quantum-resistant if you double the key length

This is a planning timeline, not a doomsday prediction. The uncertainty range is still wide - CRQCs could arrive in 2029, 2035, or 2045. But prudent organizations don’t wait for certainty when the cost of being wrong is catastrophic.

The Migration Challenge

Transitioning to post-quantum cryptography isn’t a simple software update. It requires:

Inventory and assessment - identify every system using RSA/ECC
Testing quantum-resistant algorithms - verify performance and compatibility
Phased rollout - avoid service disruptions during migration
Vendor coordination - ensure partners/suppliers are also migrating
Long-term support - some systems can’t be upgraded and need replacement

Leonie Mueck, formerly chief product officer at Riverlane (a Cambridge quantum startup), told The Guardian: “National security documents from 1920 are not relevant today. But stuff from 10 years ago is much more relevant, and should not get into the wrong hands in the future.”

That’s the calculation: if your data encrypted today still matters in 5-10 years, you need quantum-resistant protection now.

What To Do Next

If you’re a technical decision-maker:

  1. Audit current cryptography - where are you using RSA, ECC, Diffie-Hellman?
  2. Identify high-value targets - what data has long-term confidentiality requirements?
  3. Test NIST-approved PQC algorithms - CRYSTALS-Kyber and Dilithium are production-ready
  4. Plan phased migration - start with highest-risk systems
  5. Build internal expertise - train your security team on post-quantum crypto

If you’re a business leader:

  1. Ask your CTO/CISO: “Are we vulnerable to harvest-now-decrypt-later attacks?”
  2. Budget for migration - this is a multi-year infrastructure project
  3. Track vendor readiness - ensure your suppliers are also preparing
  4. Consider quantum-safe backups - re-encrypt archived data with PQC

If you’re just watching:

This is happening. The quantum threat to encryption isn’t theoretical anymore - major tech companies, governments, and financial institutions are taking it seriously enough to spend significant resources on migration. The timeline uncertainty means acting sooner rather than later.

Sources & Further Reading

Primary sources:

Context & analysis:

For deeper understanding:

  • Quantum Brief: Understanding error correction and why scaling to CRQCs is hard
  • Quantum Brief: Timeline analysis for fault-tolerant quantum computers