Cloudflare accelerates post‑quantum rollout

The lock on most internet traffic was designed for ordinary computers, not quantum computers, and Cloudflare now says half of the human web traffic crossing its network is already using a newer lock built to survive that future machine. Cloudflare set a new target of 2029 to finish the job across its products, including the harder part: proving identity, not just hiding data. (blog.cloudflare.com) Today’s web connection does two separate jobs in the first few milliseconds. One job scrambles the conversation so outsiders cannot read it, and the other job checks that the server on the other end is really the bank, store, or app you meant to reach. (blog.chromium.org) Quantum computers threaten both jobs because Shor’s algorithm can break the math behind widely used public-key systems such as Rivest–Shamir–Adleman and elliptic-curve cryptography if a large enough machine is built. That is why the National Institute of Standards and Technology spent years running a competition and then approved three post-quantum standards in August 2024. (csrc.nist.gov 1) (csrc.nist.gov 2) The first of those standards, Federal Information Processing Standard 203, covers key establishment, which is the step where two machines agree on a shared secret at the start of a session. The other two, Federal Information Processing Standards 204 and 205, cover digital signatures, which are the cryptographic equivalent of a wax seal proving who sent something. (csrc.nist.gov) Cloudflare started on the easier half first. In 2023 it rolled out hybrid post-quantum key exchange for customer traffic and for many connections from Cloudflare’s edge to origin servers, which meant it could add a quantum-resistant method without throwing away the older method browsers already understood. (blog.cloudflare.com) (www.cloudflare.com) That “hybrid” label matters because it means two locks are used at once during setup: one classical and one post-quantum. If either lock holds, the session key still stays safe, which lets browsers and servers migrate without betting everything on brand-new code on day one. (security.googleblog.com) Browsers have already been feeling the strain of that migration. Google enabled post-quantum key agreement by default in Chrome, first with a Kyber draft and then with the final National Institute of Standards and Technology version called Module-Lattice-Based Key-Encapsulation Mechanism, creating compatibility problems for some older middleboxes and servers that did not expect the larger handshake. (security.googleblog.com) (chromeenterprise.google) Cloudflare’s new roadmap says the remaining bottleneck is authentication. A stolen encrypted file is a “read it later” problem, but a forged digital signature is a “log in now, ship malware now, impersonate the update server now” problem, which is why Cloudflare says post-quantum authentication is now the crucial missing piece. (blog.cloudflare.com) This is also why the 52% figure is easy to misread. Cloudflare’s own 2025 year-in-review said 52% of human-generated web traffic on its network was post-quantum encrypted, but encrypted traffic is not the same thing as a fully post-quantum system with quantum-safe certificates, software signing, hardware modules, and long-lived credentials. (blog.cloudflare.com) Google is moving on a similar clock. On March 25, 2026, Google said it was also targeting 2029 for its post-quantum cryptography migration, after citing progress in quantum hardware, error correction, and factoring estimates. (blog.google) The practical consequence is that internet plumbing is changing before most users notice. If you run a browser, a content delivery network, a hardware security module, a certificate authority, a virtual private network, or a software update system, the next few years are no longer about watching standards committees; they are about replacing keys, testing handshake failures, and making sure old clients do not get stranded while the new math moves underneath them. (blog.cloudflare.com) (cloud.google.com)