Cloudflare sets 2029 post‑quantum goal

Most internet encryption works like a padlock with two parts: one part helps two computers agree on a secret, and the other part proves who they are. Cloudflare said on April 7, 2026 that it now wants both parts to be resistant to future quantum-computer attacks by 2029, not on some open-ended research timeline. (blog.cloudflare.com) The first part is key exchange, which is the opening handshake that creates a shared secret for a session. The second part is authentication, which is the ID check that tells your browser it is really talking to your bank, your email provider, or Cloudflare and not an impostor. (nist.gov) (csrc.nist.gov) Quantum computers are the problem because the public-key systems behind much of today’s authentication, including Rivest-Shamir-Adleman and elliptic-curve cryptography, are expected to be vulnerable once large enough machines exist. That threat matters before those machines arrive, because an attacker can steal encrypted traffic now and save it for later decryption. (blog.cloudflare.com) (blog.google) Cloudflare has already spent years hardening the first part of the problem. In October 2022 it enabled hybrid post-quantum key exchange for all websites and application programming interfaces on its network, and by late 2025 Cloudflare said 52 percent of human web requests it saw were already using post-quantum protection in transit. (blog.cloudflare.com) (heise.de) The harder piece is authentication, because certificates and signatures sit inside the trust system of the web itself. Cloudflare said the industry still has “not a single public post-quantum certificate” in normal web use, which means the lock on the connection is getting upgraded faster than the ID card behind it. (blog.cloudflare.com 1) (blog.cloudflare.com 2) That is why this week’s announcement is more concrete than it sounds. Cloudflare said “fully post-quantum secure” by 2029 includes post-quantum authentication, which pulls the company into the messy work of certificates, browsers, hardware security modules, and customer migration instead of just faster handshakes. (blog.cloudflare.com) The standards piece is finally in place for companies to start moving. The National Institute of Standards and Technology finalized three federal post-quantum standards in August 2024, including Module-Lattice-Based Key-Encapsulation Mechanism for key exchange and two digital-signature standards called Module-Lattice-Based Digital Signature Algorithm and Stateless Hash-Based Digital Signature Algorithm. (nist.gov) (csrc.nist.gov) Google is pushing on the same calendar from the browser side. In March 2026 Google published its own 2029 migration timeline, and in February 2026 it outlined a Chrome plan for a new quantum-resistant root store and smaller certificate designs meant to keep the web fast while authentication gets heavier. (blog.google) (security.googleblog.com) Cloudflare’s post says recent progress in quantum hardware, error correction, and factoring estimates is what moved its deadline forward. Heise reported the same shift on April 9, 2026, and a Cybersecurity Insiders write-up tied Cloudflare’s urgency to Google’s public warning that current encryption timelines are getting tighter. (blog.cloudflare.com) (heise.de) (cybersecurity-insiders.com) Cloudflare is not starting from zero inside its own product stack. In February 2026 it said Cloudflare One had become the first secure access service edge platform to offer modern standards-compliant post-quantum encryption across the full platform, using hybrid Module-Lattice-Based Key-Encapsulation Mechanism in its Internet Protocol Security product. (blog.cloudflare.com) What changed this week is the scope. Cloudflare is no longer talking about post-quantum cryptography as a lab feature for tunnels and handshakes; it is putting a date on replacing the identity machinery that tells billions of browsers which servers to trust. (blog.cloudflare.com)