Cloudflare has accelerated its goal of full post-quantum (PQ) security – including post-quantum authentication – to 2029. The timeline has been accelerated due to “credible new research and rapid industry developments,” says Bas Westerbaan in the company’s blog post.

“This is a challenge that any organization must treat with urgency, which is why we’re expediting our own internal Q-Day readiness timeline,” Westerbaan says, with Q-Day defined as “the day that sufficiently capable quantum computers can break essential cryptography used to protect data and access across systems today.”

The relevant new developments include an announcement from Google stating that “future quantum computers may break the elliptic curve cryptography that protects cryptocurrency and other systems with fewer qubits and gates than previously realized.” Google also set its own timeline for post-quantum cryptography migration to 2029.

Previously, Westerbaan explains, PQ cryptography efforts have mainly focused on PQ encryption, which stops harvest-now/decrypt-later attacks. A shorter Q-Day deadline, however, shifts the focus from encryption to authentication to reduce the vulnerability of digital signatures.

“Post-quantum authentication is top priority,” Westerbaan says, noting that “long-term keys should be upgraded first. Deep dependency chains and the fact that everyone has third-party vendors means this effort will take on the order of years, not months.”

Learn more at Cloudflare.