Google cut six years off its post-quantum cryptography migration timeline on March 25, moving the deadline from 2035 to 2029. The announcement, authored by VP of Security Engineering Heather Adkins and Senior Staff Cryptography Engineer Sophie Schmieg, cited faster-than-expected progress in quantum computing hardware, error correction, and factoring resource estimates as the reason for the acceleration.
The federal government's own 2035 target now looks sluggish by comparison. Google, which builds the 105-qubit Willow quantum processor, is betting that private industry cannot afford to wait that long.
For blockchain networks that rely on the same elliptic curve cryptography Google is racing to replace, 2029 is no longer a theoretical horizon. It is a shipping deadline.
Why Google Moved the Clock Forward
The original 2035 timeline tracked the U.S. National Institute of Standards and Technology (NIST) guidance for federal agencies. Google's new position is that this schedule underestimates the pace of quantum hardware development, particularly after recent breakthroughs in Chinese quantum computing research on error correction and factoring.
"This new timeline reflects migration needs for the PQC era in light of progress on quantum computing hardware development, quantum error correction, and quantum factoring resource estimates," Adkins and Schmieg wrote. "As a pioneer in both quantum and PQC, it's our responsibility to lead by example."
Google is already deploying NIST-vetted post-quantum algorithms across its stack. Android 17 integrates ML-DSA for digital signature protection. Chrome has supported post-quantum key exchange since 2024. Google Cloud is rolling out PQC solutions for enterprise customers.
The company is also emphasizing "crypto agility," the ability to swap cryptographic algorithms across services without downtime. That concept does not translate easily to decentralized networks, where protocol changes require coordinated consensus upgrades across thousands of nodes.
The $700 Billion Bitcoin Exposure
The quantum threat to cryptocurrency splits into two categories.
The first is "harvest now, decrypt later." Adversaries can capture encrypted traffic today and store it until quantum computers are powerful enough to crack it. This threatens privacy and confidential transaction data, but it requires patience.
The second is direct signature forgery. Bitcoin and Ethereum both use ECDSA (Elliptic Curve Digital Signature Algorithm) to prove ownership and authorize transactions. If a quantum computer can forge an ECDSA signature, it can drain wallets.
Chaincode Labs estimates that approximately 50% of all Bitcoin, roughly $700 billion at current prices (BTC at $69,978 as of March 26, 2026), sits in addresses vulnerable to quantum signature attacks. These are addresses where the public key has been exposed on-chain, either through spending transactions or through legacy address formats that reveal the key directly.
The remaining 50% uses hashed public keys (P2PKH and newer formats), which add an extra layer of protection. A quantum attacker would need to break both the hash function and the signature scheme to steal from those addresses.
How Bitcoin and Ethereum Are Preparing
Neither network is sitting idle.
Bitcoin developers have proposed BIP360, a preemptive upgrade designed to transition the network to quantum-resistant signature schemes. The proposal's authors have adopted the motto "prepared, not scared," acknowledging that most researchers place cryptographically relevant quantum computing eight to twelve years out rather than three.
The gap between "eight to twelve years" and Google's 2029 deadline is where the tension sits. If Google, with billions in R&D resources, believes three years is the right migration window, it implies either that the quantum threat is closer than academic consensus suggests, or that migration itself is so complex it needs to start now regardless.
Ethereum Foundation published a four-pronged quantum readiness roadmap also targeting 2029 completion. The roadmap covers signature scheme migration, account abstraction as a transition mechanism, proof system upgrades for Layer 2 networks, and new self-custody wallet standards that can support post-quantum key pairs.
Vitalik Buterin has previously discussed quantum readiness as part of Ethereum's long-term roadmap, noting that account abstraction (EIP-4337) gives Ethereum users the ability to upgrade their signature schemes without moving funds to new addresses, an advantage Bitcoin's UTXO model does not share.
What This Means for Wallet Security Today
No quantum computer currently exists that can break ECDSA. Google's Willow chip at 105 qubits is orders of magnitude below the estimated 4,000+ logical qubits needed. The threat is not imminent.
But the migration itself is the problem. Coordinating a cryptographic upgrade across a decentralized network with billions of dollars in locked value takes years. Bitcoin's Taproot upgrade, which was far less invasive than a signature scheme replacement, took two years from proposal to activation.
For users holding crypto in hardware wallets or self-custody solutions, the practical concern is straightforward: at some point in the next decade, you may need to move funds from a quantum-vulnerable address format to a quantum-resistant one. Wallets that support this migration path will be worth more than those that do not.
The "harvest now, decrypt later" threat is also relevant for anyone whose on-chain activity could be deanonymized. Transaction patterns encrypted or obscured today could become readable if the underlying cryptography breaks.
Overview
Google accelerated its post-quantum cryptography migration deadline from 2035 to 2029, citing breakthroughs in quantum hardware and error correction. The company is already deploying NIST-vetted post-quantum algorithms across Android 17, Chrome, and Google Cloud. For crypto, the pressure falls on Bitcoin (BIP360 proposal) and Ethereum (four-pronged quantum roadmap) to replace ECDSA before quantum signature forgery becomes feasible. Chaincode Labs estimates $700 billion in Bitcoin sits in quantum-vulnerable addresses. No quantum computer can break current crypto today, but the migration window just got six years shorter.
