When Will “Q-Day” Happen, Really? Google Says Be Ready With Encryption Transition by 2029

Q-Day may no longer be 10 years away, according to a new warning from Google. The company has merely announced that it is upping its own internal timeline to expect the end of current encryption methods in 2029, but it recommends that others do the same.

Google does not share much of its detailed rationale for this jump, but does name its internal view on progress in several areas: quantum computing hardware development, quantum error correction, and quantum factoring resource estimates. The general estimates for when Q-Day will take place have steadily decreased over the years, but a running joke has been that it is perpetually 10 years away.

Google urges organizations to speed up encryption changeover

The saga of Q-Day started in the 1990s, a little before the first real quantum computer was built. It was determined that the computing power of these emerging devices would eventually be such that the current standard of RSA encryption would be trivial to break, but the actual date has always been a matter of uncertain speculation.

In recent years, the expectation has been that organizations should be ready within about 10 years. But preparations have been tough to make until recently, with NIST only formally settling on the first three approved post-quantum encryption standards less than a year ago. Even as NIST continues to finish up this process, Google now says that the timeline is far shorter and serious work on transition must begin immediately.

Q-Day can also have different meanings depending on who is using it. In more alarmist and mainstream articles, it is essentially the day that all the encryption underpinning the modern internet and keeping of digital secrets becomes broken. The reality is likely more complex and will be more drawn-out than that. It depends to a great degree on who develops viable technology first and how they use it, and dominos will likely fall more slowly over time rather than everything being broken overnight.

But, as Google warns, organizations should expect that at minimum threat actors that have already stolen encrypted materials will potentially be able to start cracking them with these techniques by 2029.

Q-Day’s likely first victim will be “store now, decrypt later” files

Numerous companies, such as Apple and Cloudflare, have been quietly implementing new encryption standards in various parts of their operations in anticipation of Q-Day. Google now announces that Android 17, expected in June, will incorporate the NIST-approved ML-DSA for digital signature protection. But these tweaks are far from comprehensive solutions to all the possible problems, nor are they enough to cover risks to individual organizations simply by updating products to the latest version.

Will all present encryption standards be useless in 2029? Given that most experts working on this were surprised by Google’s proclamation, probably not. But a threat actor may well be cracking files they have previously stolen by then. Previous estimates from legitimate expert sources have already put this possibility as early as 2030, so Google is not really saying anything too radical here.

Unfortunately, not much can be done about data that has already been stolen. Ideally this information has been inventoried and an assessment of damage mitigation strategies has already been done; on the subject of inventories, this is also an excellent time for organizations to take stock of all of their uses of encryption and form plans for transitioning to the “Q-Day-proof” alternatives that are becoming available.