Cloudflare announced it is targeting 2029 to complete post-quantum security across its entire product suite, including post-quantum authentication. The company is following a revised roadmap that Google also adopted after announcing that it had improved the quantum algorithm used to break elliptic curve cryptography. Google stopped short of publishing the algorithm, disclosing only a zero-knowledge proof of its existence.
The same day, a company called Oratomic published a resource estimate for breaking RSA-2048 and P-256 on a neutral atom quantum computer. The estimate for P-256 put the qubit requirement at roughly 10,000, a number researchers in the field described as unexpectedly low.
Three engineering fronts converging
Breaking public-key cryptography with a quantum computer requires advances on three separate fronts: hardware architecture, error correction, and quantum software. Progress on each compounds the others.
On the hardware side, neutral atom machines have become more competitive than many researchers expected a few years ago. Oratomic’s disclosure showed that highly connected neutral atom qubits enable substantially better error correcting codes than previously demonstrated. In practice, that means only around 3 to 4 physical neutral atom qubits are required per logical qubit, compared to roughly 1,000 physical qubits per logical qubit for noisy superconducting quantum computers with neighbor-only connectivity. Google’s algorithmic improvement to crack P-256 compounds the hardware and error correction gains by reducing how much computation is needed in the first place.
These advances prompted Google to accelerate its post-quantum migration timeline to 2029, and IBM Quantum Safe’s CTO has stated publicly that quantum moonshot attacks could arrive as early as that same year.
Authentication replaces encryption as the primary concern
For most of the past decade, the industry’s post-quantum focus centered on encryption: specifically, stopping adversaries from harvesting encrypted traffic now and decrypting it later once quantum computers become capable enough. Cloudflare began addressing that risk in 2022, when it announced that websites and APIs served through its network support post-quantum hybrid key agreement. The company said it secured connections to origins and many internal connections in 2023, and that over 50% of human traffic now uses post-quantum key agreement.
Authentication is a different problem. An adversary with a working quantum computer can forge access credentials, which means any quantum-vulnerable remote login key becomes a potential entry point. Software update mechanisms become remote code execution vectors. Long-lived keys, including root certificates, API authentication keys, and code-signing certificates, carry the greatest exposure because compromising one provides persistent access until discovery or revocation.
Sharon Goldberg, Senior Product Director at Cloudflare, told Help Net Security that the company is treating the upgrade as universal. “We’re approaching this as a blanket upgrade that has to be accomplished across our entire product suite, and that will be available to all of our paying and free customers,” she said.
Goldberg noted that attackers working with expensive, scarce early-generation quantum computers will look for efficiency. “Threat actors will always look for the lowest common denominator to exploit,” she said. “Why leverage quantum computers when there are still unpatched zero-days or employees who will click a malicious link?” The implication is that first-generation quantum attacks will be selective, targeting the highest-value keys. Later generations of more scalable machines change that calculus.
Sector gaps in readiness
Cloudflare sits in a position to observe post-quantum readiness across a broad cross-section of Internet traffic. Goldberg said governments, financial services firms, and telecommunications companies have made more progress on the post-quantum cryptography transition than other sectors. Healthcare, technology, and consumer industries are further behind.
The sectors Cloudflare considers most exposed are those that depend on systems that are difficult to update or replace: automotive, utilities, satellites, and consumer electronics. Goldberg said a compensating approach for these industries is to route legacy traffic over quantum-safe tunnels.
“In every industry, the focus thus far has been on post-quantum encryption to protect against adversaries that harvest data now, in order to decrypt it later once powerful quantum computers become available,” Goldberg said. “This focus is now going to change as vendors increasingly start offering solutions for post-quantum authentication.”
Cloudflare’s intermediate milestones
Cloudflare laid out a series of milestones toward its 2029 target. The company plans to add support for post-quantum authentication using ML-DSA to origin connections by mid-2026. By mid-2027, it aims to have post-quantum connections from end users to Cloudflare using Merkle Tree Certificates. Its Cloudflare One SASE product suite is targeted for post-quantum authentication by early 2028.
The company said post-quantum upgrades will be available to all customers at no additional cost, including those on free plans.
Migrating to post-quantum authentication is more complex than migrating encryption. Disabling quantum-vulnerable cryptography is necessary to prevent downgrade attacks, and once that is done, all previously exposed secrets, including passwords and access tokens, require rotation. Cloudflare noted that federated systems like the public web present particular challenges because not every client will support post-quantum certificates immediately, meaning servers must continue supporting legacy clients during the transition period. The company said “PQ HSTS” and certificate transparency offer downgrade protection for HTTPS in the interim.
Organizations with third-party dependencies face an additional layer of exposure. Quantum-vulnerable cryptography in a supply chain can undermine a fully upgraded internal system. Cloudflare recommended that businesses make post-quantum support a requirement in procurement decisions and prioritize assessing the impact of critical vendors failing to upgrade.
Secure by Design: Building security in at the beginning
