Cloudflare aims to achieve full post-quantum security by 2029.

Cloudflare has set a goal of accelerating its transition to post-quantum (PQ) security and achieving full protection, including post-quantum authentication, by 2029. Due to the rapid industry developments and research reports in recent years, which suggest that the 'Q-Day' threat—where quantum computers break current cryptography—may arrive sooner than anticipated, Cloudflare is accelerating its roadmap.

Cloudflare targets 2029 for full post-quantum security
https://blog.cloudflare.com/post-quantum-roadmap/

Cloudflare began offering free universal SSL in 2014, and has been preparing for the post-quantum transition since 2019, enabling post-quantum cryptography on all its websites and APIs by 2022. As of the time of writing, over 65% of human traffic through Cloudflare is post-quantum encrypted, but Cloudflare believes that encryption alone is insufficient and that the transition will not be complete unless authentication is also switched to post-quantum compatible.

This is driven by independent advancements in three areas of quantum computing: hardware, error correction, and software. Particularly significant turning points include Google's substantial improvement of quantum algorithms for breaking elliptic curve cryptography and Oratomic's publication of estimates for the number of qubits needed to decipher RSA-2048 and P-256 using a neutral-atom computer. The neutral-atom approach demonstrates astonishing efficiency, requiring only 3 to 4 physical qubits per logical qubit.

These developments have brought the timing of Q-Day forward significantly from the previous view of 2035 or later. Google now believes a 'moonshot attack' against a high-value target could occur by 2030, and the CTO of IBM Quantum Safe has not ruled out the possibility of it happening as early as 2029.

Google significantly moves up the deadline for preparing for 'Q Day,' the expected start of the quantum cryptography era, to 2029, stating that 'it may arrive sooner than expected' - GIGAZINE

Up until now, the industry has prioritized post-quantum encryption to prevent 'harvest now, decrypt later (HNDL)' attacks, where communications are stolen and collected for later decryption. However, as Q-Day approaches, the situation changes, and authentication breaches, where attackers with quantum computers can impersonate servers or forge access credentials, become a more serious threat. Overlooked quantum-vulnerable remote login keys can become entry points, and even automated software update mechanisms can become pathways for remote code execution, which is why Cloudflare considers authentication updates a top priority.

The authentication migration is more complex than the encryption migration. Cloudflare explains that simply adding post-quantum cryptography is not enough; the quantum-vulnerable cryptographic methods themselves must be disabled to prevent downgrade attacks. Furthermore, after the switch, passwords and access tokens that may have been exposed in the previous quantum-vulnerable environment must also be rotated.

Because these processes involve third-party verification and fraud monitoring, the transition will take several years, not just a few months. The roadmap outlines supporting post-quantum authentication (ML-DSA) for connections from Cloudflare to origins in mid-2026, enabling visitor connections to Cloudflare using Merkle Tree Certificates in mid-2027, adding post-quantum authentication to the Cloudflare One SASE suite in early 2028, and aiming to achieve full post-quantum security, including authentication, across the entire product family by 2029.

The PDF advises companies to include post-quantum support in their procurement requirements, identify critical systems and vendors that use long-term keys early on, and assess the potential impact on their operations if they are slow to respond. It also states that companies should consider not only those with whom they directly communicate encrypted, but also indirect third-party dependencies such as financial services and public infrastructure.

Furthermore, government agencies are being asked to leverage existing international standards and to designate a leading body to facilitate the transition with a clear timeline. For Cloudflare customers, users will not need to take individual mitigation measures for Cloudflare services, and post-quantum compatibility will continue to be enabled by default, although browser, application, and origin-side updates will still be required. These post-quantum features will be provided at no additional cost with all plans.