Cloudflare speeds up post‑quantum plans

Cloudflare has moved its quantum-security deadline up to 2029, and that date tells you what changed: this is no longer a vague “someday” research project for internet infrastructure companies. In a post published on April 7, 2026, Cloudflare said it now aims to make its entire platform post-quantum secure by 2029, including authentication systems that control who gets in, not just encryption that hides data in transit. (blog.cloudflare.com) To understand why that matters, start with the kind of cryptography the internet uses today. Systems such as Rivest-Shamir-Adleman, usually called RSA, and elliptic curve cryptography protect website certificates, virtual private networks, software updates, secure shell login keys, and many of the digital signatures that prove a message or file came from the right sender. (techzine.eu) Those systems are built on math problems that are impractical for ordinary computers to solve at scale. A powerful quantum computer, using Shor’s algorithm, could solve those problems much faster, which means the same machine could one day decrypt protected traffic or forge signatures that current systems would trust. (arxiv.org) For years, the most familiar quantum-security warning was “harvest now, decrypt later.” That phrase means an attacker can copy encrypted traffic today, store it for years, and wait for a future quantum machine to unlock it, which is especially dangerous for medical records, government files, intellectual property, and any data that must stay secret for a long time. (blog.cloudflare.com) Cloudflare has already spent several years hardening the encryption side of that problem. The company says it began preparing for post-quantum migration in 2019, enabled post-quantum encryption for all websites and application programming interfaces on its network in 2022, and now sees more than 65% of human traffic to Cloudflare using post-quantum encryption. (blog.cloudflare.com) But encryption is only half the story. Authentication is the lock on the front door: certificates, login keys, identity systems, and code-signing tools all depend on cryptography too, and if those mechanisms remain quantum-vulnerable, an attacker may not need to decrypt anything at all because they could impersonate a trusted user, server, or software publisher. (blog.cloudflare.com) That is why Cloudflare’s announcement put unusual emphasis on post-quantum authentication. The company said its work is not finished until authentication is upgraded, and Techzine reported that Cloudflare plans post-quantum authentication support in 2026, broader rollout in 2028, and post-quantum-secure defaults across all services by 2029 at no extra cost to customers. (blog.cloudflare.com) The immediate trigger was a cluster of new research results rather than one dramatic hardware launch. Cloudflare pointed to Google’s recent disclosure that it had significantly improved the quantum algorithm needed to break elliptic curve cryptography, along with a zero-knowledge proof instead of a full public release, and to new Oratomic research estimating that some attacks on RSA-2048 and P-256 could require far fewer qubits than older planning assumptions suggested. (blog.cloudflare.com) Cloudflare’s blog describes the Oratomic estimate for breaking P-256 on a neutral-atom machine as “shockingly low” at 10,000 qubits. The underlying paper says a time-efficient architecture could compute a discrete logarithm on the P-256 elliptic curve in a few days with 26,000 physical qubits, while lower-qubit tradeoffs remain possible with longer runtimes. (blog.cloudflare.com) That does not mean a machine capable of breaking the web exists in April 2026. Cloudflare explicitly says cryptographically relevant quantum computers do not exist yet, but it also argues that progress is now happening across three fronts at once—hardware, error correction, and algorithms—and that the combined effect pulls the risk window closer than many organizations expected. (blog.cloudflare.com) The date 2029 also matters because Cloudflare is not moving alone. Cloudflare says Google accelerated its own migration timeline to 2029 after the recent research, and Cloudflare cites comments from IBM Quantum Safe’s chief technology officer that “moonshot attacks” against high-value targets cannot be ruled out as early as 2029. That does not prove 2029 is the year of a real-world break, but it shows major infrastructure players are now planning around that possibility instead of treating it as a distant edge case. (blog.cloudflare.com) For companies that run websites, application programming interfaces, corporate networks, or identity systems, the practical problem is migration time. Swapping out encryption in one protocol is hard enough, but replacing authentication touches certificate authorities, hardware security modules, software update chains, third-party identity providers, embedded devices, and long-lived keys that may sit in production for years. (techzine.eu) There is another complication: partial upgrades can create downgrade paths. Cloudflare says legacy cryptography has to be fully disabled to avoid downgrade attacks, which means many organizations will need inventories, dependency maps, and staged cutovers rather than a single switch flipped at the end of the decade. (techzine.eu) That is the real message in Cloudflare’s roadmap. The company is turning post-quantum security from a research topic into a dated product plan, and once an infrastructure provider that sits in front of a large share of the web puts “authentication by 2029” on the calendar, platform teams that promise long-lived confidentiality or trusted access have a reason to start planning now rather than waiting for a future “Q-Day” headline. (blog.cloudflare.com)