Skip to main content
TechnologyApr 9, 2026· 5 min read

Cloudflare Sets 2029 for Full Post-Quantum Security: What Has Changed in Recent Weeks

Cloudflare has also advanced its deadline to achieve complete post-quantum security: the new goal is now 2029, with a roadmap that for the first time includes post-quantum authentication across its entire product suite. This move follows a similar announcement from Google, made at the end of March, and comes at a time when two independent research studies have drastically reduced estimates of the timeframe in which quantum computers might be able to break the encryption used today on the internet, which underpins many mechanisms for data security and privacy.

Three Converging Fronts

Breaking public key cryptography with a quantum computer requires simultaneous advancements in three separate fronts: hardware, error correction, and quantum software. The novelty of early 2026 is that all three have seen significant accelerations at the same time, with effects that amplify each other.

On the hardware front, neutral atom architectures have proven to be much more competitive than expected. The company Oratomic published an estimate of the necessary resources to break RSA-2048 and P-256 on a neutral atom computer, arriving at a number of qubits that surprised the community: about 10,000 physical qubits would be sufficient for P-256. The reason is technical but crucial: neutral atoms, due to their high connectivity, allow for enormously more efficient error correction codes compared to superconductors. In practice, only 3-4 neutral physical qubits are needed for each logical qubit, compared to about 1,000 physical qubits required by current neighbor-only connectivity superconducting computers.

On the same day as Oratomic's publication, Google announced that it had drastically improved the quantum algorithm for compromising elliptic curve cryptography. Google did not publish the algorithm but provided only a zero-knowledge proof, a cryptographic demonstration of its existence without revealing its content. This choice, in itself, says something about the state of the field. As computer scientist Scott Aaronson anticipated at the end of 2025, there would soon come a time when researchers would stop publishing detailed estimates of the resources needed to break cryptographic systems to avoid giving too much advantage to adversaries. According to Cloudflare's blog, that time has already passed.

From Q-Day After 2035 to Q-Day 2029

The combined effect of these advancements has significantly shifted projections for the so-called Q-Day, the day when a sufficiently powerful quantum computer will be able to break today’s public key cryptography. Timelines that until recently placed this scenario beyond 2035 no longer hold up to updated data. An article published by Nature in recent days confirms that two independent research groups have produced new estimates that considerably shorten the temporal horizon. The CTO of IBM Quantum Safe has publicly stated that he cannot exclude "moonshot attacks" on high-value targets as early as 2029.

Both Google and Cloudflare responded by aligning their roadmaps with that same year. Google, which had already migrated its services to post-quantum key exchange via ML-KEM (the NIST standard finalized in August 2024), is now focusing on migrating authentication and digital signatures. NIST plans to deprecate RSA with 112 bits of security (2048-bit keys) by 2030 and ban all legacy RSA algorithms by 2035.

Shift in Priorities: From Encryption to Authentication

For nearly a decade, the post-quantum cryptography debate has focused on Harvest Now, Decrypt Later (HNDL) attacks: adversaries collecting encrypted traffic today counting on decrypting it in the future with sufficiently powerful quantum computers. Cloudflare began addressing this risk in 2022 when it enabled hybrid post-quantum key agreement for all sites and APIs on its network. Today, over 65% of human traffic that passes through Cloudflare’s infrastructure already uses post-quantum encryption for key exchange operations.

The acceleration of Q-Day shifts priorities. With Q-Day approaching, the problem is no longer just to protect encrypted traffic, but to secure authentication. An adversary with a functioning quantum computer can forge access credentials, compromise software signing keys, and impersonate servers. Every remote login key vulnerable to qubits becomes a potential entry point; every software automatic update mechanism becomes a potential vector for remote code execution attacks. Long-lived keys, such as root certificates, API auth keys, and code-signing certificates, are the most exposed: compromising one guarantees persistent access until it is revoked or detected.

Sharon Goldberg, Senior Product Director at Cloudflare, described the company’s approach as a "blanket upgrade" across its entire product suite: no exceptions, no additional costs, available to customers on any plan including the free one. The parallel with the 2014 decision to distribute universal and free TLS certificates is explicit in the company’s official blog.

The Roadmap with Intermediate Milestones

Cloudflare has articulated its roadmap in concrete stages. By mid-2026, support for post-quantum authentication via ML-DSA is expected on connections to origin servers. By mid-2027, end-to-end connections from users to Cloudflare will use Merkle Tree Certificates. By early 2028, it will be Cloudflare One, the company’s SASE suite. The completion of the entire product suite is set for 2029, with automatic activation requiring no action from customers.

The migration to post-quantum authentication is fundamentally more complex than that of key exchange. It is not enough to add PQC support: to prevent downgrade attacks, quantum-vulnerable encryption must also be disabled. Once done, all previously exposed secrets (passwords, access tokens) must be rotated. In federated systems like the public web, the problem becomes further complicated because not all clients will immediately support post-quantum certificates: during the transition period, servers must continue to support legacy clients. Cloudflare points to "PQ HSTS" and certificate transparency as protection measures against downgrades in the meantime.

More Vulnerable Sectors and Supply Chain

Due to its position in the global internet infrastructure, Cloudflare has a privileged view of the state of readiness in entire sectors. The most advanced in the transition are governments, financial services, and telecommunications, while the lagging sectors are healthcare, technology, and consumer services. But those Goldberg identified as most exposed are those relying on systems that are hard to upgrade: automotive, utilities, satellites, and consumer electronics. For these, the recommended strategy is to route legacy traffic through quantum-safe tunnels.

An often-overlooked element is the cryptographic supply chain: even an organization that completes its internal PQC migration remains exposed if its critical vendors do not update. Cloudflare recommends including post-quantum support among procurement requirements and immediately starting an assessment of key vendors' impact in the event of lack of updates. For governments, the company suggests appointing a lead agency to coordinate the migration on a clear timeline, avoiding fragmentation among standards and jurisdictions that could slow down the entire process.

Claude Managed Agents in Public Beta: Farewell to Sandbox, Orchestration, and DIY State ManagementDENZA Debuts in Europe: Z9GT and D9 Bring Flash Charging of 1,500 kW and e3 Platform