Bill Tanner | 22 January, 2026

Q and A with Volker Rath, Field CTO, Cloudflare, on the rapid advance of quantum computing forcing organisations to rethink encryption strategies and prepare now for a post-quantum future.

Why is post-quantum readiness so important?

There is great momentum behind the development of quantum computers worldwide. Google recently announced that Willow, its quantum computer chip, runs a specific simulation task 13,000 times faster than the world’s best supercomputer. Meanwhile, China plans to allocate up to US$15 billion in public funding to quantum computing. Although universal and production-ready quantum computers are not yet available, NIST predicts that systems capable of breaking today’s widely used encryption standards could be commercially available as soon as 2030.

There are two main types of encryption methods used today. The first one is called symmetric encryption, which is typically used for the encryption of data at rest such as your hard drive or cloud storage. Standards such as AES use the same key for encrypting and decrypting data. The good news is that very strong mathematical algorithms used in AES encryption make it nearly impossible to crack the key within a reasonable time even with the use of a quantum computer. So, as long as you protect your keys, your data is and remains secure.

The bad news comes with public-key encryption standards such as RSA and ECDSA, which are used during the key exchange process for encrypted HTTPS connections. Both algorithms are based on the concept of multiplying two large prime numbers. In the future, quantum computers will be capable of reproducing these prime numbers with the help of Shor’s algorithm and ultimately reproduce the decryption key used in the session within reasonable times and costs.

But that’s not all. Another problem with TLS1.2 is that it does not guarantee forward secrecy. Attackers that get hold of the secure private session key in the future can decrypt conversations recorded in the past which increases the need to protect data today against future attack capabilities.

What is post-quantum readiness?

Post quantum readiness is achieved if all encryption algorithms and certificates used for data at rest and data in motion can’t be cracked by the use of quantum computers. Hardening public-key encryption against post quantum attacks requires an upgrade of the entire public key infrastructure, from the client’s browser to network devices, proxies and the web server’s SSL module.

We all know that upgrading infrastructure at scale is hard and RSA and ECDSA are used everywhere. As always, a risk-based approach is recommended which suggests that infrastructure around sensitive data should be prioritised for an upgrade which most likely includes all Internet facing APIs and websites as well as applications within your own network.

Upgrading your infrastructure requires a three-step approach:

1. Building an inventory of all cryptographic systems that handle sensitive data.

2. Establish capabilities to swap cryptographic algorithms, keys and protocols at scale.

3. Upgrade to quantum-resistant standards without disrupting operations.

Post-quantum readiness is soon likely to become a key requirement for all organisations that handle sensitive information such as highly regulated industries and governments.

While quantum computers are not available yet, bad actors can collect data streams today and store them until they become available in the future. These ‘harvest now, decrypt later’ attacks make sense for all information that is highly valuable over a longer period of time.

Think about top secret architectural design documents as an example. There is also the risk that bad actors or nation states gain access to quantum computers earlier than the rest of the world which would result in cyber attack capabilities never seen before.

Considerations like these led to NIST’s recommendation that RSA and ECDSA must be deprecated by 2030 and disallowed by 2035. The US and Australian governments, like many others, are following this recommendation.

Get Post-Quantum ready the easy way

Cloudflare helps customers to get PQ-ready by using Post-Quantum Cryptography in three ways. First, all of Cloudflare’s infrastructure has been upgraded to TLS1.3. This means that Internet facing APIs and web servers that are behind the Cloudflare Connectivity Cloud can be contacted using TLS1.3, which uses quantum safe algorithms such as ML-KEM. Customers can choose to run their origin servers in a hybrid mode to support legacy clients for now.

Second, Cloudflare customers that use the free TLS certificate service are by default post quantum ready. Third, all agents of Cloudflare’s Zero Trust Network Access service use Post-Quantum Cryptography which helps protect traffic coming from managed endpoints such as site-to-site tunnels and client devices.

It is important to understand that the entire connection chain from the browser to the web server must be post-quantum ready to achieve full resilience to post quantum attacks. An upgrade of the entire private infrastructure is not an easy undertaking and is likely to consume a lot of resources and take a long time.

Considering that cyberattacks are often performed from the inside, customers are looking for faster ways to secure their sensitive data regardless of its location. Placing sensitive infrastructure behind the Cloudflare Connectivity Cloud offers customers a fast and elegant way to de-risk critical infrastructure from post quantum risks and free up resources to address other emerging threats.

Post quantum readiness should always be discussed in combination with Zero Trust network access and a defence in depth strategy to achieve the desired security outcomes.