Cloudflare announced yesterday that it’s accelerating its post-quantum cryptography migration with a hard 2029 deadline for full deployment. The timeline moved up by years in response to quantum computing breakthroughs that dramatically lowered the barrier to breaking current encryption. In March, Google cut the required qubits for cracking elliptic curve cryptography by 20-fold, while research from Oratomic showed that P-256—the encryption protecting most HTTPS connections—could be broken with just 10,000 qubits on a neutral atom quantum computer.
The quantum threat isn’t theoretical anymore. It’s a five-year countdown, and Cloudflare is racing to secure the internet before encryption breaks.
What Triggered the Acceleration
Three major developments in March 2026 forced the timeline shift. First, Google published a whitepaper on March 30 revealing a dramatic algorithmic improvement: what previously required 10 million qubits to break Bitcoin’s elliptic curve encryption now needs only 500,000. The new resource estimate drops to as low as 1,200 logical qubits plus 90 million Toffoli gates—a 20-fold reduction that moved quantum threats from “someday in the distant future” to “plausibly within five years.”
Google shared the discovery via zero-knowledge proof, a responsible disclosure method that lets researchers verify the breakthrough without publishing a roadmap for attackers. Meanwhile, that same week, Oratomic published resource estimates showing P-256 elliptic curve cryptography requires roughly 10,000 qubits on a neutral atom quantum computer, with RSA-2048 needing around 102,000 qubits and 97 days of computation. Notably, neutral atom systems have a major advantage: they need only 3-4 physical qubits per logical qubit, compared to roughly 1,000 for noisy superconducting quantum computers.
Consequently, the industry consensus shifted overnight. Google moved its own post-quantum migration target to 2029. IBM Quantum Safe leadership couldn’t rule out “moonshot attacks” as early as 2029. The timeline for Q-Day—when quantum computers break current encryption—narrowed from “maybe decades away” to a 3-7 year window ending in 2030. Furthermore, the immediate threat is “Harvest Now, Decrypt Later” attacks, where adversaries collect encrypted data today and decrypt it once quantum computers arrive.
Cloudflare’s Phased 2029 Roadmap
Cloudflare’s migration focuses on authentication, the harder problem. The company enabled post-quantum encryption across all websites and APIs back in 2022, and over 65% of traffic already uses it. Encryption was relatively straightforward—a “one big push,” in Cloudflare’s words. However, authentication involves long dependency chains with third-party validation, fraud monitoring systems, and legacy infrastructure that can’t auto-upgrade.
The roadmap runs through 2029 in phases. By mid-2026, Cloudflare will add ML-DSA support to origin connections. Mid-2027 brings post-quantum connections from end users to Cloudflare using Merkle Tree Certificates. Early 2028 targets the Cloudflare One SASE product suite for post-quantum authentication. Finally, the hard deadline is 2029, when Cloudflare will complete full deployment and disable quantum-vulnerable cryptography to prevent downgrade attacks.
The technical swap replaces RSA-2048 and P-256 elliptic curve cryptography—used everywhere in TLS, digital signatures, and authentication—with ML-DSA, short for Module-Lattice-Based Digital Signature Algorithm. Formerly known as CRYSTALS-Dilithium, ML-DSA was standardized by NIST in FIPS 204 last August. It’s based on lattice math problems that quantum computers can’t solve efficiently. The trade-off: signatures and public keys are significantly larger than their quantum-vulnerable counterparts.
Nevertheless, every upgrade will be free for all Cloudflare customers, including those on free plans. Cloudflare positions post-quantum security as essential infrastructure, comparing it to how free TLS certificates encrypted the web. The cost is on Cloudflare, not on users.
What Developers Need to Do
If you’re on Cloudflare, your edge layer gets upgraded automatically. Making post-quantum the default at the CDN layer means millions of sites will transition without anyone making a conscious decision. That passive deployment sidesteps developer inertia entirely—a strategic advantage Cloudflare is leveraging hard.
However, internal systems are a different story. The harder problem, as one Hacker News commenter put it, is “internal service mesh, mTLS between services.” Legacy systems with old TLS stacks and long-lived certificates won’t auto-upgrade. Moreover, developers need to identify every application, system, and piece of hardware using pre-quantum encryption, then map third-party cryptographic dependencies. Cloudflare warns the timeline is “years, not months.”
Additionally, hardware and IoT devices present an ongoing challenge. Many embedded systems can’t be patched or upgraded remotely. Organizations will need to replace hardware in some cases, particularly devices lacking proper cryptographic support. Those devices become security liabilities once quantum computers arrive.
Meanwhile, the broader cloud ecosystem is already moving. AWS deployed ML-KEM across KMS, S3, CloudFront, and load balancers by late 2025. Microsoft integrated ML-KEM and ML-DSA into SymCrypt, the cryptographic library underpinning Windows, Azure, and Microsoft 365. Google Cloud launched quantum-safe key encapsulation in Cloud KMS preview last October, using X-Wing KEM—a hybrid combining classical X25519 with post-quantum ML-KEM-768.
Furthermore, government mandates are accelerating adoption. NSA’s CNSA 2.0 framework requires all new national security systems to be quantum-safe by January 2027. The FBI, NIST, and CISA designated 2026 the “Year of Quantum Security,” pushing organizations to start migrations now.
Is 2029 Realistic?
The security community is divided. On one hand, Cloudflare, Google, NIST, and NSA align on the 2029-2030 window for Q-Day. They point to the dramatic compression in resource requirements over the past year—what once required 20 million qubits now needs fewer than one million for RSA, potentially fewer than 100,000 under newer architectures. Harvest Now, Decrypt Later attacks are already happening. As a result, migration takes years, so starting now is barely enough time.
On the other hand, skeptics argue the threat is overblown. Blockstream CEO Adam Back insists a cryptographically relevant quantum threat is 20-40 years away, not a few years. Some developers worry that the risks of a rushed upgrade might outweigh the risks of actual quantum breaks, particularly given that post-quantum algorithms haven’t been field-tested for long. In fact, premature implementation could introduce new vulnerabilities during migration.
Nevertheless, the pragmatic take is clear: even if Q-Day is 10 years away instead of five, migration is still a multi-year process. Cloudflare’s hybrid approach mitigates risk by maintaining classical protection while adding a post-quantum layer. Moreover, the free rollout eliminates the biggest barrier to adoption—cost. There’s no downside to starting now, and considerable downside to waiting. When it comes to fundamental internet security, “better safe than sorry” isn’t just a cliché. It’s the only rational strategy.
