[Sls-sea-dls] Google Publishes PQC Deadline and ECC Research

[Howard.Weiss at parsons.us]

FYI re: PQC efforts from Google:

Google Publishes PQC Deadline and ECC Research
(March 25-27 & 31, 2026)

On March 25, 2026, Google proposed 2029 as a new target for migrating to post-quantum cryptography (PQC), and announced added support for the Module-Lattice-Based Digital Signature Algorithm (ML-DSA) in Android 17 beta. The US National Institute of Standards and Technology (NIST) standardized ML-DSA in August 2024 to protect against quantum computing threats. While 2029 is "ambitious," in Google's words, similar deadlines have been put forth in recent years: NIST estimated in 2016 that a "Cryptographically Relevant Quantum Computer" (CRQC) capable of breaking RSA encryption in hours could be possible as early as 2030; in 2022 the NSA recommended exclusive use of CNSA 2.0 (a suite of post-quantum algorithms) by 2030 or 2033 depending on the system; Microsoft aims for full PQC transition by 2033; and the UK's National Cyber Security Centre proposes PQC readiness by 2035. According to Google, asymmetric encryption, digital signatures, and certain other techniques may become vulnerable to "store-now-decrypt-later" attacks using CRQCs, but symmetric cryptography is unlikely to be affected. Two non-peer-reviewed white papers published in March 2026 — one by CalTech researchers and one by Google — suggest that elliptic curve cryptography (ECC), implemented for cryptocurrency among other uses, could be breakable by a quantum computer with resources smaller by orders of magnitude than previously theorized. Google has not publicly released the details of its improvements to Shor's algorithm due to "escalating risk that detailed cryptanalytic blueprints could be weaponized by adversarial actors." Google's paper and secrecy have drawn criticism for alarmism, focus on cryptocurrency over other PQC priorities, and conflict with their own strict disclosure policies.

Editor's Note

[Frost<https://click.email.sans.org/?qs=eyJkZWtJZCI6IjllNzYyZDA5LTFmMzQtNGNmOC05NzVkLWRiMWM1MWQ5OGIzOCIsImRla1ZlcnNpb24iOjEsIml2Ijoib2FGS0NNMm5YU3k2ZU5YZGRlb05yZz09IiwiY2lwaGVyVGV4dCI6IkdQcE1tdlovRXkza25wVHZ3OWlnRVl2MG9DbUx4ekNTSDNTbDJwK05vMmhDbi9DV255K1hRekRDbnZ4VFRQOGg5NWFVRCtWa3ZJVGFVUk16RGpIbzBHRVNvN2hvSUZhaG9Vb0l6YWRkTExwNDFkMTE2ZzJ1IiwiYXV0aFRhZyI6ImhOcFJFek1PTWVqUVlSS2p1R2dnVmc9PSJ9>]
Our guidance in our consultancy is to advise everyone to move to OpenSSH 10 at a minimum and TLS 1.3. It will be harder with Windows endpoints than others, however; start the process now. We still see clients using TLS 1.0. We have been fortunate that TLS hasn’t been able to be widely exploited but those days are slowly ending.

[Honan<https://click.email.sans.org/?qs=eyJkZWtJZCI6IjUyZmFkMTUxLWMzMzItNDEyNC1hMGVkLTQyNWMyZWZlMDIwYyIsImRla1ZlcnNpb24iOjEsIml2IjoiVkJ5VWREQTJMOGtWamNYNDFtT3dWdz09IiwiY2lwaGVyVGV4dCI6Ik9WNmo4RUNnam5YNERTUm9SM2ZlYU4rcHRYUForcmJ6Sk1ySk9VL25wMmtWV0lBTGhDNGg4UDJWWlg5Vjh4NzA2b08vRXhDdHpscnEwZFN5Y2NGczFScm1iSkdUbG14VUhKUjBNRFl2eVJXTnhmaldZN0JYIiwiYXV0aFRhZyI6Ild1clIxTEp4d1d6Vkd1WnNrWk9XYkE9PSJ9>]
This is a useful reminder that organisations should not treat post-quantum cryptography as a distant problem. While some of the timelines discussed remain speculative, the “store now, decrypt later” risk is very real today. Organisations, particularly those that are regulated for example by the EU GDPR etc., should start planning for post-quantum cryptography migration rather than waiting for firm deadlines.

[Pescatore<https://click.email.sans.org/?qs=eyJkZWtJZCI6ImUwMzEyNjQ2LTJhNGEtNGJhYS04MDE4LWY5NzZlMDRiNTg1NiIsImRla1ZlcnNpb24iOjEsIml2IjoiWmhNL0MzeVEzNFJnc2JDR2JaY0g2Zz09IiwiY2lwaGVyVGV4dCI6IjVRZ1J4ZFo0V3dQVnNlQkxrVzR6cnNta1NPQ3lOV1pMRHI2MjdJbS8yeDFuZFhmUEpPMXdKYVFtaVdCbEVLMjdyNzlpQlRmR29qOXNXVE1lY2d0YTF6QjRJaFFaYmQ1bUV6OExmSkRmaEdDeHNJWnRsd2ZxIiwiYXV0aFRhZyI6IlAyeFpNeDV5QzFyWE1IZ2lGQmx0M2c9PSJ9>]
Google’s emphasis on prioritizing PQC migration for authentication services is definitely timely and appropriate. We don’t want to end up with strong authentication relying on trivial encryption – remember the early risks of NTLM over the Internet?

[Elgee<https://click.email.sans.org/?qs=eyJkZWtJZCI6Ijk3ZmY1ODE2LWFkN2UtNDU4Zi1hOTY5LTcwOWUwMmNhYjQ5OCIsImRla1ZlcnNpb24iOjEsIml2IjoiYnduQm9jSEJmSVRzRml5NTJoZytjUT09IiwiY2lwaGVyVGV4dCI6InA0eFdYc1VRMjVkUGgxdUpuVzVwOTAydXAxazVFWWtPTWRoZ0J1Z1RQaUx5ejQ2T0dFZjNiOWgzMWZodFNVQTdvaGo1MTBrVUNOWEVhN0xXcHJCekVGc2Vxbmp2MmdSdkNjR2h3Y0Y4aE93V0xMbmFHRDV4IiwiYXV0aFRhZyI6IjFjUnJzdGFtc0hNUVd4NnFlTy9hQkE9PSJ9>]
For most people, this is interesting but not compelling; updates will come. If, however, you work in a highly sensitive industry where store-now-decrypt-later presents measurable business risk, challenge your developers to move to PQC algorithms quickly.

[Dukes<https://click.email.sans.org/?qs=eyJkZWtJZCI6ImI1NTQxMzlmLTE0MDctNGY4Yy1iZjM5LTE3MGE5YmM1YTNlZiIsImRla1ZlcnNpb24iOjEsIml2IjoiYTBBS1g4WUpCb0Izc0owOVZVN2d0Zz09IiwiY2lwaGVyVGV4dCI6IjUvM0J5eFZHdWdjV3hYcURMRDgwNUgrTDBlbVZoczNkTXpaa0YvUzNXVjl6a3NxN2xlSDFjbEJSNVQ0TDArc1lXSzBMN2xHdEIvVXlPNktzTzJJVCtBOU8xZkVqaUJ4clFBcGZ4Z2tHZ0hld25UMVZUdUMyIiwiYXV0aFRhZyI6IjlUSTdvcXc3WWhQNEQwN1Y4U09JSEE9PSJ9>]
The threat of a CRQC is becoming real given the announcement by GOOG. As pointed out in their research paper, the threat to ECC based cryptographic systems is nearer than originally thought. Organizations that have systems based on ECC should start planning for migration to PQC based algorithms now.

[Murray<https://click.email.sans.org/?qs=eyJkZWtJZCI6ImQzYzZmZGFjLTA0NzEtNGY4OC1hNzc2LWY1ZjBjMTQ2NzMxZiIsImRla1ZlcnNpb24iOjEsIml2IjoiVG15bjc5Q2ppY1RwSkZaeE0wSXZ2QT09IiwiY2lwaGVyVGV4dCI6ImJCOTd5cEFxRFh0S3NwT0k0cU5ib09YUHFvRHZNLzRzNXNCanNHYmkrQ011TENBY0s1MDJmU3IrTnhUQ2RNZUZkV0h1NU5Ncy9wcEpZOXNaZm1JTXR4bTJmVERVa0U5T2JLZnYwS09KeE9ra1ZuRXpRaSs4IiwiYXV0aFRhZyI6Im1rbGoyeGwrWWd5M0diWjlNTlNRVHc9PSJ9>]
A little proportionality is indicated here. PQC is for highly sensitive, long-lived data where "store now decrypt later" (SNDL) attacks are likely to be efficient. Most of the data that we encrypt has a very short life. While nation states will clearly employ quantum computing for cryptanalysis, its use will be sparse and expensive for at least another decade. Even with quantum computing, Google talks about solving for an RSA private key in hours to days. Think about the number of RSA keys that we create every day, much less the number that are already in use. RSA will continue to be useful, efficient, and used for a very long time. If you are not already aware that your data is vulnerable to SNDL attacks, then it is almost certain that it is not.

Read more in:
- blog.google<https://click.email.sans.org/?qs=eyJkZWtJZCI6IjVjZDMxMzAxLTJmYmYtNGQ0Ni04NTA4LThkZGE2NzExMTQyNyIsImRla1ZlcnNpb24iOjEsIml2IjoiR21pdTFtTDNSMDFJcnFkcm9oK3hDZz09IiwiY2lwaGVyVGV4dCI6Im5jUjdJNFhXdXltUi9HN3ZGQ3h3UE5rb3hwN3cvRDNYcldQVHZnY01PeSsyR1dyTmp4UmEzYzVLMkdzalgveFNGZ2M5bnNwZnIzK2xuV3IyNDNBc1A0ZTVaRGxaUVlFYWFLN1dZdmRIVFVpdXAydWlIN0VLIiwiYXV0aFRhZyI6ImY2V2RhdmJqY0N3L2g3bGtPVmxCZ1E9PSJ9>: Quantum frontiers may be closer than they appear
- www.darkreading.com<https://click.email.sans.org/?qs=eyJkZWtJZCI6IjJlZTY2ZDNlLTI1MDQtNDRhZC04ZGFmLWNiYjhiOWExNDNkOCIsImRla1ZlcnNpb24iOjEsIml2IjoiZ2NIeGFHNlptcWJ4WFI0TzBZdHhGdz09IiwiY2lwaGVyVGV4dCI6Ijg0ZzlyYmIya0V4RFBpWlBxYXo3Mzc2VFhZb1lvZ2VGWTJWSC9yMm00d3FveGZmVFNUcmNtei9Eam5QVFh4M3UzMXFFTUkyY3FtM1EzcGc3QWpXTGZVMHF6aVVtQzIrQndmRm9icG1hcHZGZEhnN1JpM0VYIiwiYXV0aFRhZyI6ImJkRGVtRHNDTll0OVRTck9KU1lMYnc9PSJ9>: Google Sets 2029 Deadline for Quantum-Safe Cryptography
- arstechnica.com<https://click.email.sans.org/?qs=eyJkZWtJZCI6IjJiZGY0ZmUwLTc4NmItNGI2MS1iODc2LTU2NTY4N2Q1YzJhNSIsImRla1ZlcnNpb24iOjEsIml2IjoiTFk3NFFuNnkxV3A2WDArWUJaSGdEZz09IiwiY2lwaGVyVGV4dCI6IkE3ajZhUFFrcWVTTXZjNUNSeUtPb3BnQWtKUEp3OExqb2xsM1JROS9BY1RqVnZHMlBtTGtWWmkyblEybnpvMzN0Qlk2Q21ibU01QWhSM0NXZ0dSZ1ZtdWlYeldTd1lFdGp2aENmckxWYW5wZlQ1Z0ZrZUFPIiwiYXV0aFRhZyI6ImtDRkhjSmFBWkdCV2E2SmZOWkxCZ1E9PSJ9>: Google bumps up Q Day deadline to 2029, far sooner than previously thought
- www.infosecurity-magazine.com<https://click.email.sans.org/?qs=eyJkZWtJZCI6IjVmZTE3NjEwLWE5YTktNDZlYy04MGYyLTc3YjkxY2U2OGVjMyIsImRla1ZlcnNpb24iOjEsIml2IjoiUjArWTRid3dwY3lyZHVYMkF2T0JBUT09IiwiY2lwaGVyVGV4dCI6IjFQbnVKc0x5Uk9CTGVPZGU4cTNBSWV5cGE1R0RDamRvVERvSjBrZnl5YmcrMmp6S3p1WnVmMis5SlhROEpYQjFuRUtaVGU2UGNLV3JFTE5hc2RSMzFqOTZMQks3ZzlKSFQ1amh2RENsekt0MjVmWUM4NEVCIiwiYXV0aFRhZyI6InBhc1FzMXF4MUhmV1Azb3NFcnVEMGc9PSJ9>: Quantum Computing Threat to Encryption Is Closer Than Expected, Warns Google
- arstechnica.com<https://click.email.sans.org/?qs=eyJkZWtJZCI6IjhmNTRhYjZmLWY0NmUtNDlmZi1hYjIzLTk5MTZkZGFlMWM3NyIsImRla1ZlcnNpb24iOjEsIml2IjoiQ21lRDJ5Vi8weVUzMzRwME51NWk0dz09IiwiY2lwaGVyVGV4dCI6Ild6YlZEWUsxN1hyWS9UTGt6U3ErUnBWWm5CbmNjMXQ5N1krdWpjVE5mSjBqSXNmeDNtT3d4RWwxdWNKZVFuM1h2Q1dQakI0Wjdra2N4WXBicmNzWGVveGFwV2JEcXdNS1o0UGJKWC9USlRmZmluUTI3bUxqIiwiYXV0aFRhZyI6IlNSekZpbHV0eXhkNmpGcWxac09yQXc9PSJ9>: Quantum computers need vastly fewer resources than thought to break vital encryption
- www.securityweek.com<https://click.email.sans.org/?qs=eyJkZWtJZCI6IjgwNzM4ZjBhLTM0NjItNGY1MC04ZDY3LTVlYWFkMzViYjQyNCIsImRla1ZlcnNpb24iOjEsIml2IjoiMnpLRExPUHNiSDVxRk9oUkw5bWxMQT09IiwiY2lwaGVyVGV4dCI6ImJFdklvVmV2TlNramFzZWIvTWlxY2FTRHJ3SE9uWDNVbmNOdXpZQ2dvN0M2UjU3YVJlQWptQ0NEM2R5bGZXc3p5Zk92eHEyYmt3WDBFcmhVeTMxZkQxV3NwTkxCQmFyYk1vTXM0K3hzZm1vVTZGRXYyYVVzIiwiYXV0aFRhZyI6IkJmUVN1RlRMZlY4UFZheWswc0VGcWc9PSJ9>: Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption



----------



HOWARD WEISS, CISSP

howard.weiss at parsons.<mailto:howard.weiss at parsons.com>us (new email address)

443-494-9087 (mobile)



[cid:4424760b-3e66-4749-be3f-554877014076]



"NOTICE: This email message and all attachments transmitted with it may contain confidential information, including information that is privileged or protected by, and proprietary to, Parsons Corporation, and is intended solely for the use of the addressee for the specific purpose set forth in this communication. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited, and you should delete this message and all copies and backups thereof. The recipient may not further distribute or use any of the information contained herein without the express written authorization of the sender. If you have received this message in error, or if you have any questions regarding the use of the proprietary information contained therein, please contact the sender of this message immediately, and the sender will provide you with further instructions."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ccsds.org/pipermail/sls-sea-dls/attachments/20260406/c4a987c7/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outlook-qdvz0dxx.png
Type: image/png
Size: 7704 bytes
Desc: Outlook-qdvz0dxx.png
URL: <http://mailman.ccsds.org/pipermail/sls-sea-dls/attachments/20260406/c4a987c7/attachment-0001.png>