The quantum era is coming. Are we ready to secure it

Your browser does not support the audio element.

The world is on the threshold of solving impossible problems in drug discovery, materials science, energy, and beyond.

That's because of quantum computers - computers capable of solving problems that even the most powerful classical supercomputers can't. They're able to identify and consider different options at the same time. Concerningly, their unique ability to unravel scientific mysteries will also allow them to bypass our current digital locks, like the public-key cryptosystems that protect things like bank transfers, private chats, trade secrets and even classified information.

To put that plainly: The encryption currently used to keep your information confidential and secure could easily be broken by a large-scale quantum computer in coming years.

And while we're not there yet, malicious actors are not waiting until a Cryptographically Relevant Quantum Computer (CRQC) is ready. They are likely already carrying out "store now, decrypt later" attacks and collecting encrypted data, just waiting for the day when a quantum computer can unlock it.

So what do we do about that? In short: Get ready.

Over the last decade, quantum computing research has reduced by orders of magnitude the estimated resources required to solve problems like breaking 2048-bit RSA encryption (left) and simulating useful molecules (right).

Today, we are sharing an update to our work to keep users safer in the quantum era, and making a few suggestions for how policymakers can help everyone be more secure.

First, some context: The security community hasn't been sitting idly by as bad actors harvest data for future quantum-powered decryption attacks.

Cryptography experts have already developed post-quantum cryptography (PQC) based on algorithms designed to be resistant to future large-scale quantum computers. After a multi-year international process, America's National Institute Standards & Technology (NIST) announced the first set of these standards in 2024.

And with quantum computing hardware and software continuing to progress, Google isn't taking current transition guidelines for granted. We have been preparing for a post-quantum world since 2016, conducting pioneering experiments with post-quantum cryptography, rolling out post-quantum capabilities in our products, and sharing our expertise through threat models and technical papers.

Since 2016, we've been working towards the transition to PQC, focusing on "crypto agility," updating or replacing cryptographic algorithms without disrupting services.

Preparing for the quantum era requires a dual commitment to research and action. We're all in on both fronts, so let's take each of these in turn:

Researching and updating PQC timelines: Where consistent with security considerations, we'll share findings from our research that provide insights on the latest requirements needed to break public-key cryptography including asymmetric encryption and digital signatures. This research helps to show the impact on PQC migration timelines and how a CRQC will affect individual sectors like health and finance.

Completing PQC migrations: We are on track to complete a PQC migration safely within NIST's current guidelines and we've begun rolling out PQC within our infrastructure for internal operations and products. To successfully migrate to a safer post-quantum state we're focused on three key areas: Crypto agility, securing critical shared infrastructure, and facilitating ecosystem shifts, which can create a long-term and more robust security infrastructure.

These commitments reflect our deep investment in the long-term integrity of our digital economy. But as we zoom out, we know that even in the quantum era, security will be a team sport. Here are five recommendations to help policymakers manage the shift.

Five actions policymakers can take to prepare for the quantum era

1. Drive society-wide momentum, especially for critical infrastructure: Policymakers' efforts should extend beyond public sector networks, to addressing gaps and barriers (including workforce challenges) in vital sectors like energy, telecommunications and healthcare. Protecting the trust infrastructure behind digital systems is also key and calls for dedicated efforts together with certificate authorities. We need to accelerate progress.
2. Ensure AI is built with PQC in mind: Cryptography secures AI systems, and the more we rely on AI, the more we need to secure its foundation. Let's treat PQC as a necessary foundation for the enduring economic potential of AI innovation.
3. Reduce global fragmentation: We need a unified approach. Helpfully, the NIST standards for quantum-proof cryptography provide a globally agreed, scalable and secure benchmark - if widely adopted, they can help us move more quickly, avoiding partial, insecure solutions.
4. Promote Cloud-first modernization: Transitioning to new cryptographic standards will be a heavy lift and PQC provides another compelling reason to migrate to the Cloud. Rather than investing public budgets to update legacy systems and hard-coded cryptography, governments should prioritize migrating those systems to the cloud, taking advantage of the work providers like Google Cloud are doing now to enable PQC across their global networks.
5. Lean on the experts to avoid strategic surprise: A CRQC is not "forever a decade away." While no one knows precisely when it will arrive, ongoing dialogue with experts from research institutions and groups like Google's Quantum AI team will help policymakers stay ahead of emerging threats.

Here's the bottom line: We believe quantum computing can help shape a brighter tomorrow - but we need an all-hands-on-deck approach to make sure the quantum era is defined by breakthroughs, not breakdowns. Working together we can prepare today and promote greater security tomorrow.

• Safety & Security
• Google Research
• Public Policy