On March 25, Google made two separate announcements signaling the urgency for quantum-safe encryption – (1) it has officially set its timeline for Post-Quantum Cryptography (PQC) migration for 2029, and (2) is beginning tests of PQC enhancements in the next Android 17 beta, followed by general availability in the Android 17 production release.
The 2029 timeline
The 2029 is a significant shortening of the usual 2035 deadline promoted by organisations such as the US National Institute of Standards and Technology (NIST). According to Google, this new timeline reflects migration needs for the PQC era in light of progress on quantum computing hardware development, quantum error correction, and quantum factoring resource estimates. By doing this, Google hopes to provide the clarity and urgency needed to accelerate digital transitions not only for Google, but also across the industry.
In its blog post, Google said quantum computers will pose a significant threat to current cryptographic standards, and specifically to encryption and digital signatures, and is adjusting its threat model to prioritize PQC migration for authentication services — an important component of online security and digital signature migrations.
PQC enhancements to Android
For Android, the objective extends beyond patching individual applications or transport protocols. The imperative is to ensure that the entire platform architecture is resilient for the decades to come.
To that end, Google is beginning tests of PQC enhancements starting in the next Android 17 beta, followed by general availability in the Android 17 production release. This deployment introduces a comprehensive architectural upgrade that is being rolled out across the operating system, which will integrate the finalized NIST PQC standards deep into the platform.
As quantum computing advances, adversaries could potentially forge digital signatures to bypass these foundational integrity checks. To secure the platform against this looming threat, Android 17 introduces two major post-quantum cryptographic (PQC) upgrades:
- Upgrading Android Verified Boot (AVB): The AVB library is integrating the Module-Lattice-Based Digital Signature Algorithm (ML-DSA). This provides quantum-resistant digital signatures, ensuring the software loaded during the boot sequence remains highly resistant to unauthorized modification.
- Migrating Remote Attestation: Android 17 begins the transition of Remote Attestation to a fully PQC-compliant architecture under the current standards. By updating KeyMint’s certificate chains to support quantum-resistant algorithms, devices can securely prove their state to relying parties, maintaining trust in a post-quantum environment.
More about the Android updates here.
