Google Calls for Action to Secure the Quantum Era

The world is on the cusp of a quantum revolution, promising breakthroughs in fields like drug discovery and materials science. However, this same technological leap also brings a significant security challenge. Google is sounding the alarm, outlining its commitments to post-quantum cryptography (PQC) and urging policymakers to take decisive action to protect our digital future.

What Happened

While quantum computers hold immense potential, they also pose a profound threat: their ability to bypass current digital locks, specifically public-key cryptosystems. These systems currently safeguard everything from bank transfers and private chats to classified information. Concerningly, malicious actors are likely already engaging in "store now, decrypt later" attacks, collecting encrypted data with the intention of decrypting it once Cryptographically Relevant Quantum Computers (CRQCs) become available.

The good news is that the security community hasn't been idle. Experts have developed post-quantum cryptography (PQC) – new algorithms designed to withstand future quantum attacks. After a multi-year international process, America's National Institute of Standards & Technology (NIST) announced the first set of these PQC standards in 2024. Google has been proactively preparing for a post-quantum world since 2016, conducting pioneering PQC experiments, rolling out these capabilities into its products, and openly sharing its expertise through threat models and technical papers.

Why It Matters

Securing the quantum era is not just an IT problem; it's a societal imperative. The potential for quantum computers to compromise critical infrastructure, disrupt AI systems, and undermine trust in our digital economy is immense. Google is committed to leading by example, confirming it is on track to safely complete its PQC migration within NIST’s current guidelines. The company has already begun implementing PQC within its infrastructure for internal operations and products.

Google's PQC migration strategy focuses on three critical areas:

1. Crypto agility: Ensuring cryptographic algorithms can be updated or replaced without disrupting services.
2. Securing critical shared infrastructure: Protecting the foundational digital systems we all rely on.
3. Facilitating ecosystem shifts: Working to enable broader adoption of PQC across the digital landscape.

What's Next: A Call to Action

Google believes that securing this future requires a collaborative, "all-hands-on-deck" approach. They've issued five key recommendations for policymakers to prepare for the quantum era:

1. Drive society-wide momentum: Encourage efforts beyond public sector networks, focusing on vital sectors like energy, telecommunications, and healthcare.
2. Ensure AI is built with PQC in mind: As AI systems become more prevalent, their underlying security must be quantum-resilient.
3. Reduce global fragmentation: Promote the widespread adoption of NIST standards to create a unified, scalable, and secure benchmark, as highlighted on the Google Research Blog.
4. Promote Cloud-first modernization: Encourage governments to prioritize migrating legacy systems to the cloud, taking advantage of PQC enablement work by providers like Google Cloud.
5. Engage with experts: Maintain ongoing dialogue with research institutions and groups like Google's Quantum AI team to stay ahead of emerging threats.

This collaborative effort is essential to ensure the quantum era is defined by groundbreaking advancements, not security breakdowns.

Read more:

Learn more about Google's vision for securing the future at The Quantum Era: Are We Ready to Secure It?