Cloudflare shifts post‑quantum timing

The lock on most internet connections is built from two parts: one part agrees on a secret key, and the other part proves the server is really who it claims to be. Cloudflare said on April 7 that it now wants both parts to be post‑quantum by 2029, not on a slower timetable. (blog.cloudflare.com) “Post‑quantum” means using new math that is designed to survive a future quantum computer, the kind of machine researchers hope could crack today’s public‑key systems such as Rivest‑Shamir‑Adleman and Elliptic Curve Cryptography. The U.S. National Institute of Standards and Technology published its first post‑quantum standards in August 2024, including Module‑Lattice‑Based Key‑Encapsulation Mechanism for setting up shared secrets. (csrc.nist.gov) A key‑encapsulation mechanism is the digital version of two people agreeing on a fresh padlock key in public without showing the key itself. National Institute of Standards and Technology says Module‑Lattice‑Based Key‑Encapsulation Mechanism is meant to keep that exchange secure even against an attacker with a quantum computer. (csrc.nist.gov) Cloudflare has already pushed that first part pretty far. The company said it enabled post‑quantum encryption for all websites and application programming interfaces on its network in 2022, and that more than 65% of human traffic on Cloudflare is already using post‑quantum encryption. (blog.cloudflare.com) The harder part is the identity check. Cloudflare says its work is “not done until authentication is also upgraded,” because a quantum attacker that can forge signatures would not need to read old traffic first; they could impersonate servers or sign malicious updates directly. (blog.cloudflare.com) The timing changed after Google moved first. Google said on March 25 that it was setting a 2029 migration timeline for post‑quantum cryptography and was now prioritizing authentication services, with Android 17 adding Module‑Lattice‑Based Digital Signature Algorithm protection for signatures. (blog.google) Cloudflare’s research team said Google’s move was triggered by new quantum factoring estimates and an unpublished algorithmic advance that Google backed with a zero‑knowledge proof instead of full disclosure. Cloudflare then said those developments, plus separate work from Oratomic, pushed it to expedite its own “Q‑Day readiness” timeline. (blog.cloudflare.com) “Q‑Day” is the industry’s name for the day a cryptographically relevant quantum computer can break the public‑key systems that protect logins, certificates, and software signatures today. Cloudflare wrote that such machines do not exist yet, but it now sees a serious enough chance that the danger arrives around 2030 to treat the migration as urgent. (blog.cloudflare.com) The official standards clock is also ticking. CSO Online reported on April 9 that the National Institute of Standards and Technology has set 2030 as the date to deprecate legacy public‑key algorithms and 2035 as the planned retirement date, which means vendors are now trying to finish years of plumbing work before the formal cutoff. (csoonline.com) Cloudflare’s new roadmap puts concrete dates on that plumbing. The company says it wants post‑quantum authentication between its network and origin servers by mid‑2026, post‑quantum certificates for browser connections in 2027, and full post‑quantum security across its products in 2029. (blog.cloudflare.com) For a small side project, this does not mean ripping out transport layer security this weekend. It means avoiding designs that hard‑wire one algorithm forever, because Google, Cloudflare, and the National Institute of Standards and Technology are all signaling that crypto upgrades are turning from a research project into a shipping deadline. (blog.google)