Cloudflare Publishes Post-Quantum Cryptography Roadmap for Web Infrastructure
Cloudflare Publishes Post-Quantum Cryptography Roadmap for Web Infrastructure
Cloudflare has released a comprehensive post-quantum cryptography (PQC) roadmap, outlining how the company plans to protect web infrastructure from future quantum computing attacks. The roadmap sets a 2029 target for full PQC deployment across all Cloudflare services.
Key Timeline
- 2026: NIST PQC standards (ML-KEM, ML-DSA, SLH-DSA) deployed in TLS
- 2027: Post-quantum signatures for certificates and API authentication
- 2028: PQC-enabled DNSSEC and email encryption
- 2029: Full post-quantum protection across all services
Technical Approach
Cloudflare's strategy focuses on hybrid deployments that combine classical and post-quantum algorithms:
- ML-KEM (Kyber) for key encapsulation
- ML-DSA (Dilithium) for digital signatures
- SLH-DSA (SPHINCS+) as a hash-based fallback
Why It Matters
Cloudflare handles approximately 20% of all web traffic. Its PQC migration will directly impact hundreds of millions of websites and applications. The company's proactive approach could set the standard for the broader internet infrastructure industry.
Implications for Developers
Website operators using Cloudflare will automatically benefit from PQC protection, but developers should:
- Review their own cryptographic dependencies
- Plan for larger key sizes and handshake overhead
- Test PQC compatibility with existing client libraries
- Monitor NIST guidelines for implementation best practices
The roadmap represents one of the most ambitious PQC deployment plans in the tech industry, signaling that the quantum threat is being taken seriously at the highest levels of web infrastructure.