Cloudflare announced Tuesday it will make its entire platform quantum-resistant by 2029, setting an aggressive deadline that underscores growing fears about quantum computing threats to Bitcoin (BTC) and internet security alike.
Cloudflare's Post-Quantum Roadmap
The web infrastructure giant disclosed the accelerated timeline in a blog post, saying it is focusing first on post-quantum authentication. Compromised authentication keys, the company warned, could let attackers impersonate servers, gain unauthorized access or push malicious software updates.
Sharon Goldberg, Cloudflare's senior director of product management, said the authentication upgrade is harder than encryption.
"With post-quantum encryption upgrades to TLS, we only need to upgrade the TLS client and the TLS server," she said.
The move follows Google's announcement last month that it also plans to be quantum-resistant by 2029. Research from Google and IBM now suggests "Q-Day" — when a quantum computer can crack current cryptography — could arrive as early as 2032.
Cloudflare said over 65% of human traffic to its network already uses post-quantum encryption. The rollout plan starts with origin connections in mid-2026, expands to visitor connections in mid-2027 and reaches full deployment by 2029.
Also Read: Ethereum Eyed For Euro Stablecoin Settlement Layer
Bitcoin's Cryptographic Vulnerability
The same elliptic-curve math that secures internet authentication also underpins Bitcoin's transaction signatures.
A quantum computer running Shor's algorithm could theoretically extract a private key from a public key, breaking the chain's core ownership model.
Ethereum (ETH) co-founder Vitalik Buterin, Solana (SOL) co-founder Anatoly Yakovenko and Cardano (ADA) founder Charles Hoskinson have all urged a transition to post-quantum algorithms before Q-Day.
In Mar., researchers at Caltech and Oratomic published a study suggesting Bitcoin's cryptography could fall to as few as 10,000 qubits on a neutral-atom quantum computer.
But Oratomic co-founder Dolev Bluvstein cautioned that raw qubit counts are misleading. "It's not like when you design a computer, you just put the transistors on the chip, wash your hands, and say you're done," he said.
Why Companies Must Act Now
Goldberg said organizations cannot afford to wait.
"The complexity of the upgrade means that we need to start now," she said, adding that others "should also begin acting with a sense of urgency, so they don't run out of time."
Cloudflare has been building toward this since 2022, when it enabled post-quantum encryption across most of its products. But Goldberg stressed encryption alone is not enough. "Our work is not done until we've also deployed post-quantum authentication," she said.