Google has announced a formal plan to transition its entire infrastructure to post-quantum cryptography (PQC) by 2029, describing the effort as urgent and warning that quantum computing frontiers “may be closer than they appear.” The announcement was signed by Heather Adkins, Google’s VP of Security Engineering, and Senior Cryptography Engineer Sophie Schmieg. The company cites rapid advances in quantum hardware, error correction, and factoring resource estimates as the driving forces behind the accelerated timeline.
Google identifies two distinct threats motivating the push. The first, already active, involves so-called “harvest now, decrypt later” attacks, in which adversaries collect encrypted data today with the intention of decrypting it once sufficiently powerful quantum machines become available. The second is forward-looking: digital signatures, which underpin authentication across the internet, must be replaced before a cryptographically relevant quantum computer arrives. Both threats, the company argues, require action now rather than later.
As part of the initiative, Google announced that Android 17 will incorporate post-quantum digital signature protection using ML-DSA, an algorithm recently standardized by the U.S. National Institute of Standards and Technology. The company is also extending PQC protections across Google Cloud and internal communications systems. The 2029 target aligns with IBM‘s own roadmap for fault-tolerant quantum systems, and the year 2025 has already marked a turning point in the field, with error correction breakthroughs and a Caltech result trapping more than 6,000 atomic qubits at once shifting expert discussion from possibility to probability.
The implications extend well beyond Google’s own systems, particularly for Bitcoin. Bitcoin relies on elliptic curve cryptography, the same class of mathematics that quantum computers running Shor’s algorithm could theoretically reverse-engineer, deriving a private key from a known public key. Google researchers recently determined that cracking RSA encryption may require 20 times fewer quantum resources than previously thought, compressing the security timeline for systems built on similar mathematical foundations. Earlier estimates placed the qubit count needed to break Bitcoin at around 20 million; researchers at Iceberg Quantum now suggest that figure could fall to roughly 100,000.
The scale of Bitcoin’s exposure is considerable. According to Project Eleven, a cybersecurity startup focused on protecting cryptocurrency from quantum threats, more than 6.8 million Bitcoin โ valued at over $470 billion โ sits in addresses considered vulnerable to quantum attacks, including coins from the network’s earliest days. A separate estimate from Ark Invest and Unchained places approximately 35 percent of the total Bitcoin supply in address types theoretically at risk. Quantum computing power has grown nearly tenfold over the past five years, adding urgency to these projections.
Bitcoin developers have begun responding to the threat, though progress is measured. BIP 360, a proposal introducing a quantum-resistant address format called Pay-to-Merkle-Root, has been merged into Bitcoin’s formal improvement repository. The proposal does not activate any changes but initiates a process that could lead to a significant protocol overhaul. Jameson Lopp, co-founder of Bitcoin custody firm Casa, has noted that even if quantum computers remain years away from posing a genuine threat, upgrading Bitcoin’s protocol and migrating user funds could itself take five to ten years.
Lopp has also cautioned that current quantum computers remain several orders of magnitude short of what would be needed to threaten Bitcoin’s cryptography, and that continued progress at a roughly linear rate could mean the threat is still a decade or more away. Nevertheless, Bitcoin’s decentralized governance structure presents a unique challenge: unlike Google, which controls its own infrastructure and can set internal deadlines, Bitcoin requires miners, wallet developers, exchanges, and millions of individual users to coordinate any meaningful transition. That structural difference is what makes Google’s announcement particularly significant for the cryptocurrency space โ not as an immediate alarm, but as an externally imposed deadline the network must now reckon with on its own terms.
Originally reported by Decrypt.
