Fordel Studios
Cloudflare just announced a hard target: full post-quantum security across their network by 2029. Google, Signal, and Apple are already shipping it. The encryption the entire internet runs on has an expiry date baked in — and the industry is quietly racing to replace it before anyone notices.
What Is Encryption, Actually?
Encryption is a lock on your data. When you log into your bank or your product sends data between servers, that data is scrambled using a mathematical problem that is deliberately hard to reverse.
The hard problem most of the internet relies on today goes like this: multiplying two enormous prime numbers together is fast. Working backwards from the result to find the original primes is, with current computers, effectively impossible — it would take millions of years by brute force. This is called RSA encryption, and it underpins HTTPS, your login sessions, your payment processing, and your cloud database connections.
The security is not magic. It is just a math problem nobody has a fast solution for. The assumption is that nobody ever will.
Quantum computers change that assumption.
What Is a Quantum Computer, and Why Does It Break Things?
A regular computer thinks in bits — 0 or 1. A quantum computer uses qubits, which can be both 0 and 1 simultaneously (called superposition) and can be entangled, meaning measuring one qubit instantly tells you about another linked qubit, regardless of distance.
The practical consequence: certain mathematical operations that take a regular computer billions of years can be solved by a quantum computer in hours. In 1994, a mathematician named Peter Shor published an algorithm that describes exactly how a quantum computer would crack RSA encryption. It has been sitting there, published, for over thirty years. The only reason it is not a crisis yet is that we do not have a quantum computer powerful enough to run it.
“A regular computer tries every key in a lock one at a time. A quantum computer tries all of them simultaneously.”
Today’s best quantum machines have around one to two thousand qubits. Breaking RSA-2048 encryption — the standard your product likely uses — requires millions of error-corrected qubits. Current consensus from researchers is that timeline is ten to fifteen years out, possibly longer.
So the threat is real. The threat is not imminent. But “not imminent” is not the same as “not your problem.”
So Why Should Founders Care Now?
Two words: harvest now, decrypt later.
Nation-state intelligence agencies are documented to be intercepting and storing encrypted internet traffic today. They cannot read it. But in ten to fifteen years, once quantum computers are sufficiently powerful, they intend to decrypt all of it retroactively. Every login, every API call, every file upload that traveled over the wire — stored, waiting.
This is not a spy thriller hypothetical. It is a documented threat model with a name (HNDL — Harvest Now Decrypt Later) that the US National Security Agency has explicitly warned about. NIST — the body that sets US technology standards — has been running a post-quantum cryptography competition since 2016 for exactly this reason. They published their first finalized standards in 2024.
This matters most if your product:
Handles medical records, legal documents, financial data, or anything regulated — these have multi-decade retention requirements
Issues long-lived credentials, signing certificates, or API keys that are valid for years
Operates in defense, government, or critical infrastructure
Stores data for users who have any reasonable expectation it stays private across a decade
If your product handles ephemeral session data or short-lived tokens, you are lower risk. If it handles anything that someone might care about in fifteen years, you are not.
What Is Post-Quantum Encryption?
Post-quantum encryption is not a patch to existing algorithms. It is a completely different family of mathematical problems — ones for which quantum computers have no special speed advantage.
The most prominent approach is called lattice-based cryptography. Instead of prime factoring, it relies on finding a short vector in an extremely high-dimensional geometric space — a problem that stays hard regardless of whether you are using a regular or quantum computer. The analogy: if RSA is a combination lock that quantum computers can eventually crack, lattice-based encryption is a different type of lock mechanism entirely.
NIST finalized three standards in 2024:
- ML-KEM (formerly CRYSTALS-Kyber) — for key exchange, the handshake that starts a secure connection
- ML-DSA (formerly CRYSTALS-Dilithium) — for digital signatures, proving data has not been tampered with
- SLH-DSA (formerly SPHINCS+) — a backup signing standard based on different math as a safety net
Cloudflare’s network, Google Chrome, Apple’s iMessage, and Signal are already shipping hybrid versions of these standards — hybrid meaning they run the old algorithm and the new one simultaneously, so if the new one has an unknown flaw, you still have RSA as a fallback. That is what responsible migration looks like.
Is This Worth Your Time Right Now?
Honestly: probably not as an active engineering priority, unless you are in a regulated industry or explicitly handle data that needs to stay private for a decade.
But there is a practical conversation worth having with your engineering team today. Not to panic them — just to understand your exposure. Here is what to ask:
- “What encryption are we using for data in transit and data at rest?” — They should know. If they don’t, that is a gap regardless of quantum.
- “Are our TLS and cryptography libraries already tracking post-quantum migration?” — Modern libraries like OpenSSL 3.x and BoringSSL are already adding hybrid post-quantum support. Your team may be getting this automatically through infrastructure updates.
- “Do we have any long-lived credentials or signing keys?” — Code-signing certificates, multi-year API keys, database encryption keys. These are highest-risk. They should be on a rotation schedule anyway.
- “How is our crypto agility?” — This is the one that separates well-designed systems from expensive rewrites. Crypto agility means: can you swap in a new algorithm without rebuilding everything? Systems designed with algorithm swappability are cheap to migrate. Systems with hardcoded cryptographic choices are a rework project.
The founders who are asking these questions now will be the ones who migrate cleanly in 2028 or 2029. The ones who discover their system has hardcoded RSA-2048 into forty services in 2030, when enterprise clients start requiring post-quantum compliance in vendor contracts, will be paying for that indifference.
The internet’s encryption foundation is changing for the first time in thirty years. Not urgently, not dramatically, but irreversibly. Cloudflare has put a date on it: 2029. That gives you time to understand the problem, have an informed conversation with your team, and make a deliberate decision — rather than a reactive one.
That is the only thing this explainer is asking you to do.
