Cloudflare targets 2029 for full post-quantum security

Original Article ↗ Hacker News Discussion ↗

Perceived urgency and threat model

  • Many see Cloudflare’s 2029 target as aligned with a broader shift: timelines for a “cryptographically relevant” quantum computer are shortening and some practitioners now consider the risk “urgent” or even “imminent.”
  • Main concern is “harvest-now/decrypt-later”: adversaries capture encrypted traffic today and decrypt it once capable quantum systems exist. Certain data (“evergreen” secrets, long‑lived legal/financial records) will still matter years later.
  • Some suspect intelligence agencies may already be further along, tying current secrecy and data‑hoarding to preparation for conflict.

State of quantum computing and PQC security

  • Consensus in the thread: no existing quantum system has broken real‑world public-key crypto yet; the threat is still theoretical.
  • There is active debate on how “settled” post‑quantum schemes are.
    • One side: the selected lattice‑based schemes are well‑studied, globally vetted, and not meaningfully more uncertain than classical choices.
    • Other side: recent breaks of some PQ candidates (e.g., SIDH/SIKE, Rainbow) show surprises happen; claims of “no questions” are viewed as overconfident marketing.

Algorithm choices and controversies

  • Lattice-based KEMs (e.g., ML‑KEM) have emerged as the practical default; code-based and multivariate approaches exist with different tradeoffs.
  • A recurring subthread disputes criticism of structured lattice schemes and argues some prominent skeptics are motivated or at least colored by competing proposals. Others cite those skeptics as evidence that doubts remain and hybrids (classical + PQ) are prudent.

Performance and implementation tradeoffs

  • PQ KEMs can be as fast or faster than X25519 but have much larger keyshares.
  • PQ signatures are bulkier and often slower; some hash-based options are treated as “backups” due to size but high confidence.
  • Larger handshakes may hurt users on marginal links and break some middleboxes.

Deployment and migration challenges

  • Web/CDN frontends are seen as the easy part; the long tail is internal service meshes, legacy TLS stacks, IoT/industrial devices, and CA roots.
  • Hybrid key exchange is already recommended in major TLS configs; browsers could eventually mark non‑PQ ciphers as insecure.
  • SSH already has PQ key agreement; PQ signatures and certificate ecosystems lag.

Broader implications, uses, and skepticism

  • Some argue PQC adoption is necessary insurance; others see “we need funding” and hype dynamics similar to AI or IPv6.
  • Quantum computing is also expected to matter for simulation (chemistry, physics, finance), not just code‑breaking.
  • Concerns are raised about Cloudflare’s growing centralization of traffic, viewed by some as a bigger long‑term risk than quantum attacks themselves.