Cloudflare announced on Monday that it is accelerating its post-quantum (PQ) cryptography roadmap, aiming to achieve full platform-wide post-quantum security—including critical post-quantum authentication—by 2029.
This shift is a direct response to recent breakthroughs in the field of quantum computing. Last week, Google disclosed significant progress in cracking elliptic curve cryptography, providing zero-knowledge proofs to substantiate its findings. Simultaneously, research published by Oratomic revealed that on neutral-atom quantum computers, the number of qubits required to break RSA-2048 and P-256 algorithms is far lower than previously estimated, requiring only 10,000 qubits.
In light of these developments, Cloudflare has significantly advanced its internal timeline for "Q-Day"—the point at which quantum computers will possess the capability to compromise existing encryption systems. While a quantum computer with such capabilities does not yet exist, the pace of technological evolution has far outstripped early industry projections.
Industry Security Defenses Face Restructuring
Cloudflare researcher Bas Westerbaan noted that although more than 65% of the company's human-generated traffic is already protected by post-quantum encryption, this only mitigates "harvest now, decrypt later" attacks. Upgrading to post-quantum authentication is the final line of defense against future quantum threats.
Google has recently set its own post-quantum migration deadline for 2029, prioritizing authentication security. In contrast, the CTO of IBM Quantum Safe has taken a more cautious stance, suggesting that "quantum moonshot attacks" targeting high-value assets could potentially occur as early as 2029.
Progress in quantum computing relies on synergistic breakthroughs across hardware, error correction, and software. Quantum computing scientist Scott Aaronson warned in late 2025 that as estimates for cracking encryption systems become increasingly precise, technical details may begin to vanish from the public domain to prevent competitors from gaining critical intelligence. Cloudflare believes that this turning point has now arrived.
As research into quantum algorithms shifts from open collaboration to closed-door development, businesses must treat quantum security as an urgent engineering challenge. Cloudflare stated that it will continue to push forward with its post-quantum migration for the TLS protocol, ensuring that critical systems are upgraded well before quantum threats become a reality.
