Google Moves Post-Quantum Encryption Timeline Up To 2029 (cyberscoop.com)
- Reference: 0181131654
- News link: https://it.slashdot.org/story/26/03/27/2123239/google-moves-post-quantum-encryption-timeline-up-to-2029
- Source link: https://cyberscoop.com/google-moves-post-quantum-encryption-timeline-to-2029/
> Google is replacing outdated encryption across their devices, systems and data with new algorithms vetted by the National Institute for Standards and Technology. Those algorithms, developed over a decade by NIST and independent cryptologists, are designed to protect against future attacks from quantum computers. While Google has said it is on track to migrate its own systems ahead of the [3]2035 timeline provided in NIST guidelines , last month leaders at the company teased an updated timeline for migration and called on private businesses and other entities to act more urgently to prepare.
>
> Unlike the federal government, there is no mandate for private businesses to migrate to quantum-resistant encryption, or even that they do so at all. Adkins and Schmieg said the hope is that other businesses will view Google's aggressive timeframe as a signal to follow suit. "As a pioneer in both quantum and PQC, it's our responsibility to lead by example and share an ambitious timeline," they wrote. "By doing this, we hope to provide the clarity and urgency needed to accelerate digital transitions not only for Google, but also across the industry."
[1] https://cyberscoop.com/google-moves-post-quantum-encryption-timeline-to-2029/
[2] https://blog.google/innovation-and-ai/technology/safety-security/cryptography-migration-timeline/
[3] https://news.slashdot.org/story/23/10/28/1655259/how-the-us-is-preparing-for-a-post-quantum-world
Mac OS has already started to pester me (Score:2)
I've started to see warnings in terminal when using keyed SSH, something along the lines of "vulnerable to store-now-decode-later attacks". I assume this is due to not using eliptic-curve codes in my PK generation?
Re: (Score:3)
Elliptic curve crypto is vulnerable to the same kind of theoretical quantum attacks as integer-factorization cryptography. You currently need to use algorithms with unfortunate trade-off (large public keys or large signatures/key agreements) to get resistance to quantum attacks.
Assuming quantum computers ever factor numbers larger than 21 without cheating or falling back to deterministic algorithms, at least.
Re: Mac OS has already started to pester me (Score:3)
The public/private key can be big and slow, as it's only used during the initial handshaking and login anyway. I'm not going to notice any extra couple if tenths of a second logging in.
After that everything is (much much faster) symmetric encryption.
You still need a PQC algorithm here too, though. AES-256 is still considered quantum-resistant, for now, at least, so we're good.
The Horse is Already Gone (Score:3)
I would imagine there are already many encrypted password repositories, acquired through breaches, just waiting to be cracked when the quantum hardware is up to the task. There's not much that the new encryption algorithms can do about that particular issue.
Re: (Score:2)
Unless quantum computing becomes cheap and comparatively widely available quite quickly after becoming viable passwords seem like they'll be a manageable problem. Nobody likes rotating them; but it's merely tedious to do and the passwords themselves are of zero interest unless they are still being accepted. If it does go from 'not possible' to 'so cheap we can just go through through in bulk' overnight that could ruin some people's days; but if there's any interval of 'nope, the fancy physics machine in the
Re:The Horse is Already Gone (Score:4, Insightful)
Quantum hardware may never be up to the task. They cannot even factorize 35 at this time (https://eprint.iacr.org/2025/1237). The whole thing is a mirage and a bad idea that refuses to die.
Incidentally, even if they ever become able to do tasks of meaningful size, QCs are completely unsuitable for reversing hashes and that is what cracking passwords needs.
Re: (Score:3)
This is very true. gweihir is 100% correct: quantum computing isn't computing and is never going to work.
The real tragedy is all the companies and scientists spending so much time and money researching this technology and improving the state of the art. They could all save themselves a whole lot of wasted effort by listening to gweihir and not bothering. A shame.
In other news, that newfangled device Bardeen and Brattain just cooked up is a mere laboratory curiosity and has abysmal gain. Call me when it
Why do we trust the big ones? (Score:5, Insightful)
This looks like shifting the goal posts after realizing that they can't reach the quantum computer. Any 5 years now. Just like fusion, just like AGI, just like selfdriving and colonizing Mars any day now. Show me a practically working one. Show me it's build method scalability. Show me that your machine can do anything more than a few very narrow usecase problemsolving. Haven't seen any proof yet. Until you do the homework, not gonna believe one nonquantum bit of your claims, regardless of your size. It ceases to be magic when you look at the details.
Yeah, butt... (Score:2)
The self-driving thing is sorta happening.
Re: (Score:1)
Post-Quantum means after it happens . The period of time in which people prepare for things is generally before they happen .
What "progress"? (Score:4, Insightful)
They are hallucinating hard. The current actual actual quantum factorization is not even 35 (that attempt failed, overview in [1]https://eprint.iacr.org/2025/1... [iacr.org]).
While crypto-agility is a good idea, there is no threat from Quantum "Computing" and there may never be one.
[1] https://eprint.iacr.org/2025/1237
Gimmick to attract quantum investors? (Score:2)
Google moving the deadline up and saying "because our own quantum tech is progressing faster than we thought"* sounds like using one of their branches to spin another.
* Paraphrased
NIST algorithms (Score:3)
Wasn't NIST shown to have been compromised by the NSA? Is this still the case?
Re: NIST algorithms (Score:2)
NSA pressured NIST to include compromised parts into elliptical curve encryption.
It allowed for a private key (presumably held by the NSA) to greatly reduce the difficulty of breaking things using that part of the suite.
Re: (Score:3)
No idea. But what we have in "post quantum" crypto is all laughably weak against conventional attacks and laughably unverified. We have had finalists of competitions broken with low effort (one laptop) and the like. Moving to these algorithms is an excessively bad idea.