Cloudflare Joins Google: Two Internet Giants Now Say 2029 for Post-Quantum Migration
Table of Contents
7 Apr 2026 – Cloudflare, the infrastructure company that handles a significant share of global internet traffic, today announced it is accelerating its post-quantum cryptography roadmap and targeting 2029 for full post-quantum security — including, critically, post-quantum authentication.
The announcement, authored by Cloudflare Research’s Bas Westerbaan, explicitly cites last week’s Google Quantum AI ECC-256 resource estimates and Oratomic’s 10,000-qubit Shor’s algorithm paper as the catalysts for the accelerated timeline. Cloudflare states it has moved to match Google’s own 2029 PQC migration deadline, announced on March 25.
Cloudflare reports that over 65% of human-initiated traffic to its network already uses post-quantum encryption, protecting against Harvest Now, Decrypt Later (HNDL) attacks. The company has offered post-quantum key exchange on all websites and APIs since 2022. But the new roadmap addresses the harder problem: post-quantum authentication — digital signatures, certificates, and the identity infrastructure that verifies who you’re talking to.
The blog post also references IBM Quantum Safe CTO Michael Osborne’s assessment that quantum “moonshot attacks” on high-value targets cannot be ruled out as early as 2029, and quotes quantum computer scientist Scott Aaronson’s warning that researchers working on Shor’s algorithm resource estimates may have already stopped publishing their findings.
Cloudflare commits to providing all post-quantum upgrades to customers across every plan at no additional cost, consistent with its 2014 decision to offer free universal SSL certificates.
My Analysis
Two Giants, One Number: Why 2029 Is No Longer Just Google’s Bet
When I wrote about Google’s 2029 PQC migration deadline two weeks ago, I noted that Google occupied a unique dual position — building the quantum computer while simultaneously setting the deadline to defend against it. The obvious question was whether Google’s timeline would remain an outlier or become the benchmark.
We got our answer in thirteen days.
Cloudflare’s decision to match Google’s 2029 target transforms this from a single company’s internal risk calculus into an emerging industry consensus among the companies that actually operate the internet’s infrastructure. These aren’t two vendors issuing marketing roadmaps. Google handles the browser (Chrome), the mobile OS (Android), and a major cloud platform. Cloudflare handles DNS, CDN, DDoS protection, and reverse-proxy services for a substantial fraction of global web traffic. Between them, these two companies touch a staggering share of the internet’s cryptographic surface area.
And they’re saying the same thing: done by 2029. Not started. Done.
The Research That Moved the Needle
Cloudflare’s blog is unusually transparent about what changed their calculus. They name the papers. Last week, Google Quantum AI published resource estimates showing ECC-256 could be broken with fewer than 500,000 physical superconducting qubits in minutes. The same day, Oratomic, Caltech, and UC Berkeley published a neutral-atom resource estimate requiring only about 10,000 physical qubits to run Shor’s algorithm against P-256 — with an encoding rate of roughly 3-4 physical qubits per logical qubit, thanks to the connectivity advantages of reconfigurable neutral-atom architectures.
Cloudflare’s Westerbaan frames this as convergent progress across three independent fronts — hardware, error correction, and quantum software — where advances on each front compound the others. This is exactly right, and it maps directly onto my CRQC Quantum Capability Framework. The Google paper pushed forward C.2: Magic State Production and D.1: Algorithm Integration capabilities. The Oratomic paper represents a breakthrough in B.1: Quantum Error Correction and B.4: Qubit Connectivity by exploiting the native all-to-all connectivity of neutral atoms. When these capabilities advance simultaneously, the compounding effect is exactly what pulls Q-Day estimates forward.
As I detailed in my analysis of both papers, the same-day publication was not a coincidence — Oratomic’s resource estimates build directly on Google’s circuit compilations. This was coordinated disclosure. Cloudflare clearly read it the same way.
Authentication First: The Industry Is Arriving at TNFL
The most significant shift in Cloudflare’s announcement — and the one that should concern CISOs most — is the explicit prioritization of post-quantum authentication over encryption.
Cloudflare states it plainly: if Q-Day is imminent, broken authentication is catastrophic. Any overlooked quantum-vulnerable remote-login key becomes an access point. Any automatic software update mechanism becomes a remote code execution vector. An active quantum attacker only needs to find one trusted quantum-vulnerable key to get in.
This is the Trust Now, Forge Later (TNFL) thesis that I first articulated in 2018 under the original “Sign Today, Forge Tomorrow” framing. For years, the conventional wisdom prioritized HNDL — protect encryption first, worry about signatures later. Google’s March 25 announcement was the first hyperscaler to publicly reverse that priority. Now Cloudflare is the second.
Two of the internet’s largest infrastructure providers have independently concluded that forged authentication is a more dangerous near-term quantum threat than decrypted archives. The logic is sound and, frankly, should have been obvious earlier: the first generation of CRQCs will be scarce, expensive machines. A rational adversary with limited quantum compute will target long-lived signing keys — root certificates, code-signing keys, firmware verification — where a single forgery unlocks persistent access. Bulk decryption of archived ciphertext requires orders of magnitude more quantum computation for far less strategic leverage.
Cloudflare adds an important nuance that Google’s announcement did not fully explore: the dependency chain. Unlike post-quantum encryption, which took one big push, migrating to post-quantum authentication has a long sequence of dependencies — certificate authority upgrades, HSM support, CA/Browser Forum approval, audit cycles, and third-party validation systems. Cloudflare estimates this will take “years, not months.” They’re right. And this is exactly why the organizations that haven’t started are in deeper trouble than they realize.
The Aaronson Quote and the End of Public Research
Cloudflare’s blog includes a striking quote from quantum computer scientist Scott Aaronson, warning that researchers estimating Shor’s algorithm resource requirements may have already stopped publishing their findings — because sharing them risks giving adversaries too much information.
Cloudflare’s Westerbaan then adds a sentence that should send a chill through any security professional: “That point has now passed indeed.”
This is a reference to Google’s own decision to publish its ECC-256 resource estimates via a zero-knowledge proof rather than releasing the actual quantum circuits. Google proved they have optimized circuits for breaking elliptic curve cryptography without showing anyone how they work. As I noted in my analysis of Google’s cryptocurrency whitepaper, this responsible-disclosure approach is unprecedented in quantum cryptanalysis — and it signals that the research community has crossed a threshold where the findings themselves are operationally sensitive.
For threat modeling purposes, this changes the game. The era of tracking Q-Day progress through published papers is ending. Future advances in quantum cryptanalysis may simply not appear in the public literature. As IBM’s Michael Osborne has warned, the first quantum capability to break real cryptography will not be announced.
The Downgrade Problem Nobody Is Talking About
One of the most technically important points in Cloudflare’s announcement — and one I expect will be underappreciated — is the emphasis on downgrade attacks.
Adding support for post-quantum cryptography is not enough. Systems must also disable support for quantum-vulnerable algorithms. Otherwise, an active quantum attacker can force a connection to downgrade to classical cryptography and then break it. In federated systems like the open web, where servers must continue supporting legacy clients that haven’t upgraded, this creates a transition paradox: you can’t fully disable classical algorithms until all clients support PQC, but you’re vulnerable to downgrade attacks until you do.
Cloudflare mentions two potential mitigations — “PQ HSTS” (a proposed mechanism from Chromium for signaling post-quantum-only support) and certificate transparency — but both are still in development. This is a genuine unsolved problem in the transition architecture, and it deserves more attention than it’s getting.
What Two Giants Agreeing on 2029 Means for Everyone Else
Google and Cloudflare together touch such a large fraction of internet traffic that their PQC migration timelines are not merely internal decisions — they are de facto standards. When both companies say they’ll complete migration by 2029, they are setting the pace for browsers, certificate authorities, CDN providers, DNS infrastructure, and the vast ecosystem of services that depend on them.
This is exactly the dynamic I’ve been arguing matters more than Q-Day predictions. As I wrote in Forget Q-Day Predictions — Regulators, Insurers, Investors, Clients Are Your New Quantum Clock, the reason to act is not because you’ve personally calculated when a CRQC will arrive. The reason to act is that the ecosystem is moving. Google set 2029. Cloudflare just matched it. Microsoft is targeting 2033. NIST deprecates in 2030, disallows in 2035.
If your organization hasn’t started its PQC migration, consider the arithmetic. Research suggests realistic migration timelines of 5–7 years for small enterprises, 8–12 for medium, and 12–15+ for large. It is April 2026. If you start today and you’re a medium enterprise, you’re looking at 2034-2038. That puts you past NIST’s hard deadline and well past the point where Google and Cloudflare will have dropped classical algorithm support for significant parts of their infrastructure.
The window for comfortable migration closed the moment two infrastructure giants agreed on 2029. What remains is the window for migration under pressure. That window is still open. But it’s narrowing every time a major player sets a deadline.
For organizations that need a structured starting point, the Applied Quantum PQC Migration Framework provides an open-access, 8-phase methodology with a 90-day quick-start guide designed for exactly this situation. And for a comprehensive guide to organizational quantum readiness, my forthcoming book Quantum Ready covers the strategic, operational, and technical dimensions of the transition.
Start now. The companies that run the internet just told you when they expect the clock to run out.
Quantum Upside & Quantum Risk - Handled
My company - Applied Quantum - helps governments, enterprises, and investors prepare for both the upside and the risk of quantum technologies. We deliver concise board and investor briefings; demystify quantum computing, sensing, and communications; craft national and corporate strategies to capture advantage; and turn plans into delivery. We help you mitigate the quantum risk by executing crypto‑inventory, crypto‑agility implementation, PQC migration, and broader defenses against the quantum threat. We run vendor due diligence, proof‑of‑value pilots, standards and policy alignment, workforce training, and procurement support, then oversee implementation across your organization. Contact me if you want help.
Related Content
