“It’s Quite a Shock”: The Quantum Deadline Is Real

people only start working when there is a near the deadline, right? I mean, if we're honest, people would have slacked off until the deadline anyway. So, it's not really really like it's different. It's just a kick on their arm. But, um, so that's one thing. And another is is uh one of the other fevers at the moment AI. Of course, if you if this news would have dropped only half a year before, I would have been much more concerned because the task is enormous. Hello everyone and welcome to this week in net. It's April the 14, 2026. So it's World Quantum Day, so this felt like the right moment for a special edition on quantum computing and postquantum cryptography and also because there has been urgent news on the matter. Also this week you should check our blog for our agents week announcements. There's a lot of amazing stuff there to explore. So stay tuned. I'm your host Ron May. Usually based in Lisbon, Portugal, but this is not Lisbon. This is London because tomorrow it's our connect event. So I'm here in town for that. We split this episode into two parts. One short and explanatory giving you some concepts you may need in this area. The other one is a bit more technical. So first we'll go to Boston where you'll hear from Sharon Goldberg, senior director of product management at Kther. Sharon helps set the bigger picture, explaining why this matters now, what possum quantum cryptography actually means and what it looks like from a company and security platform perspective. That includes, for example, Clothur one as the first sassy platform to bring modern postquantum encryption across the full platform. And then we'll travel to the Netherlands to hear from Bass Wesserbound. He's a principal research engineer at Coffer, our expert in postquantum cryptography. uh and he has been leading this effort uh for years. Bass recently wrote about why Clothther is accelerating its roadmap and in this episode he helps us understand what changed, why researcher are so concerned and what companies also should be thinking about. Now, we'll also start with a short clip recorded today where Boss reacts to feedback on the blog and also answer some of the questions you send us on social media and then we have the full scope of conversation that was recorded two weeks ago. Let's go into it. Hi, I'm Sharon Goldberg. I'm a senior director on the product team um inside Cloudflare 1 and I've been at Cloudflare for about two years now. So, right now I work on AI security, postquantum cryptography, and I've also recently started working on our data sovereignty plans at Cloudflare. So, we're at a really interesting moment right now in terms of the post-quantum uplift of the internet. In the last maybe 3 weeks, we've had new research results that were unexpected that really made the community, the quantum computing community, feel like we're getting closer to a day where we will have quantum computers that can actually break all of the public key cryptography that's being used on the internet. And we think that that day is sooner than we thought. And what's really interesting for me is that in 2024, NIST, the National Institute of Standards, told the industry that we need to upgrade all of our public key cryptography by 2030. And now what we're feeling like is 2030 might be too late, like cutting it close. And that's all really changed in the last 3 weeks. We at Cloudflare, we're an infrastructure provider. We provide infrastructure to much of the internet. And so because people rely on us for infrastructure, we feel it's really important that we be upgraded very soon because everyone else really needs to turn things on and use us and use infrastructure providers themselves. And so we're going to be ready as soon as we can. Um we announced last week that we are setting 2029 as a day for all of Cloudflare to be upgraded to postquantum cryptography. and the product uh suite that I work on which is Cloudflare 1, our Sassy platform. We um announced that we'll be ready by 2028. So really excited about that and lots of work to do. say if you're listening to this and thinking what you need to be doing. I think the most important thing to do right now is look at your vendors, look to see which one of them supports postquantum encryption today because that's pretty much all that's available right now in the market, postquantum encryption, and then ask them about what their plans are for postquantum authentication, which is what the internet is really working towards upgrading right now. I think it's important that vendors hear this from their customer base because it's really going to help drive the urgency and the process of making these upgrades happen in time for whenever um that day comes when we have those powerful quantum computers. So, let's talk quickly about encryption versus authentication. Up until now, most of the industry has been focused on something called harvest now decrypt later attacks, which is something we should still focus on, right? And that's an attack in which an adversary collects data that's encrypted, stores it, and then in the future when the quantum computers become powerful enough goes and decrypts that data. And so this is a threat if it's something like healthcare data, government data, financial data, all that stuff remains valuable even 5 10 years in the future. Right? So we've been worried about harvest now decrypt later attacks. How do you stop those attacks? Postquantum encryption. Which is why as of today about 67% of the traffic that hits Cloudflare's network from a web browser for example is using postquantum encryption and we use it in a lot of other places including Cloudflare 1 our sassy platform. So that's where most of the progress has been made by vendors up until now. Now what's changing is that there is now going to be an emphasis on postquantum authentication. So authentication is needed to stop someone from getting into a system that they're not authorized to access. So think about after we have these powerful quantum computers. If someone can forge credentials to a system using a powerful quantum computer, they can get into that system. So think about getting into banks, getting into telecoms, getting into infrastructure providers, getting into tech companies, using quantum computers to forge credentials is a really big threat. And so that's why our concern now in the industry and what we're doing at Cloudflare and where a big focus is is on postquantum authentication. And so you're going to start to see vendors talk about that. And the last thing I would say is that as you're thinking about this, you know, you talk to your vendors, see if they're supporting they should be and then see if they're supporting postponum authentication in the future and what's their roadmap for getting that work done. You work in this area for a few years, encryption and post quantum included, and you have students. Can you give us a run through of what excites you the most in this area? Why do you like this area in particular? What should people know about them that I mean I'm really excited to work on this because I'm currently working at Cloudflare which is a great place to actually have an impact on the internet's cryptography. I used to work at a university where I would be kind of going to people companies like Cloudflare going to the ITF and and suggesting things but being at Cloudflare and being able to make those decisions is just really really exciting. So I'm having a really good time working on this cryptography uplift across the company. Can you tell us about the blog post that was launched this week where you participated in? Why is that important and people should care? This week we released Cloudflare's reference architecture for enterprise MCP. This happens to be something that I've had tens of customer conversations about. I get pinged every other day um for someone asking me to meet their customers and talk about how we've um adopted MCP in the enterprise. And so we decided it was time to really just write down what we've done internally and write down how do you build these secure architectures. And so um and actually not just about security, it's also about cost control and making it easier to discover things and use things. And so we wrote that all down and it became this giant reference architecture that um really excited to release in partnership with so many people across Cloudflare and you can find it on the blog and it's part of agent week. So I hope you'll take a look and read it. Hello Bass and welcome to this weekend at. We're actually doing this on April the 14. Uh there will be a conversation that we had a couple weeks ago. Uh but we're doing this bit of of conversation to do it on the actual World Quantum Day, but also after you publish a blog post. Can you explain to us what that blo blog post was about in terms of the 2029 uh perspective? Yeah. Hey J, great to be here again. It's we we will get into it the why and the how, but the short of it is given the recent advances in quantum computing on the hardware and importantly on the software side, we feel that we really have to accelerate our timeline. We're targeting now to be have Cloudflare fully postquantum secure by 2029. We also sharing some intermediate milestones. We'll have support on for platform certificate 2027 to origins this year. Uh and our sassy suite Cloudflare one will have support for it early 2028 and we'll have more deadlines as we figure them out. We're still trying to figure out how we get all of this done in time. We'll keep you apprised. One of the things that surprised me the most in our conversation that people will see is first how immediate and urgent this is. Um but then uh how important it is in terms of not the tech industry the whole all of the industries. Can can you give us a run through on the feedback that the blog had our announcement that we're actually pushing the date for 2029 to be postquantum secure. Yeah. So Cloudflare is I mean we're not the only player on internet right and for a user to be secure for a business to be secure all of their vendors everyone has to be secure be able to talk in the same way right there's a lot of work there and one part of that is getting everyone aligned on the urgency and how to move forward together and we've been very pleasantly surprised by the feedback here on how much this is seen as a as as a big step first of course we had we had Google announcing their 29 timeline Now we and I feel there's a real shift in perspective here luckily because we'll need that to get everything done in time. Exactly. It's a big task and one of the things that you mentioned in the blog is postquantum au authentication also really important to be ready. Can you explain folks what is postquantum authentication in this situation? I think we'll get to it in the in the Yeah, I think we did. I think we did. The short of it the short of it is people have been thinking about data right about store now decrypt later half now decrypt later that's has been the the story about quantum and that's the story if Q day the day that quantum computers break cryptography is far away so then we it's it's about the data that's stored now and could be decrypted later by a quantum computer but once Q day comes closer uncomfortably close the thing that we have to worry about is access because cryptography is used to secure data and access and more things with mostly data and access and if the day arrives that there is a quantum computer every access management thing a login or a certificate or signatures that are not quantum secure they can quantum attacker can can use them they can access systems and then do whatever they want there they can steal data of course but they can also bring it offline extort you what whatever they do so that's the that's the the thing that the the the closer QA comes the more urgent also having postquantum authentication certificates becomes of course of And we we go into in two details in the conversation that's following next. But we have a few questions that were done online that I wanted to ask you. One is from Quan Quantova Global. How should systems reason about security once it becomes time dependent. So it's latency expo exposure windows. How can that be? Yeah. So this is again thinking about uh very much about half now decrypt letter thinking but uh about exposure window data that depends on the data but I'd say to be secure with access you have to upgrade everything anyway so you cover that too but yeah you also have to think of the data but upgrade now say not don't think oh our data is only valuable a few years no takes a few years to upgrade so better start upgrading now another question uh is do you have any insight into how clair should ideally treat client devices that can support a postquantum encryption key exchange by 2029 using network security policies. Yeah, so this is a great question. The thing the thing is is that it's unreasonable to expect everyone to upgrade just like today some connections are not using HTTPS at all. Right? Um it will depend on the use case and on the customer, right? some some bank might want to take the action to disallow it. Maybe maybe not. They'll have to figure out what's best for them. You might add a toggle if there's enough question for that where you don't content. But that's really a question of what should but there are ways to prevent downgrade attacks without this. But uh it's a great question and something we will write about more as well. Yeah, many of these are actually things that we're still trying to figure out, right? the researchers, the industry, it's not always like a clear answer specifically. Yes. But one of them is browsers are also we're very much on top of this. We're talking with them and it will be probably it will be like how we treat it with how we treat nonhttps. So a plain test connection today there will at least be an interstitial. But the nice thing is with postquantum we already have a first step. We already in the TLS lance we actually we can do a bit better than just the tricks we do for HTTP versus HTTPS. Yeah. So good feeling there. Another one is don't you think that regardless of which benchmark we consider it's concerning that the shores algorithm proposed in 1994 has seen rapid theoretical advances yet experimental implementations remain extremely limited. Yeah. So this is about the question quantum computers haven't factored 21 yet. Why should we worry about it? I mean it's I can understand the the uh I mean it's a obvious question but if you if you look at how the algorithm works how quantum computers work is they are noisy which means that you need error correction to make to make sure that you can have a longer computation and there's an a lot of baseline over to this. So you need a lot of cubits and computation just to get the the the the basic algorithm running and this is well known to people in the field. Scott Aronson compares it to you wouldn't expect a small nuclear explosion, right? You need a big quad amount of file material before you can get a nuclear explosion and when you get it, it's damn big. Exactly. That's a good analogy actually. But it gives gives us that are not experts perspective for sure. There's another one which is how real is the harvest now decrypt later threat today and also how do you build a business case for urgency when the threat is by design invisible and what indicators or real world assumptions are organizations actually using today to justify the action in a in a again this is about priority between data and access right but again I would say in a way the impact is not new people deal with data breaches every day people deal with ransomware, people gaining access to their system every day. The big difference is this will happen all at once. It's not just one system and you just deal with it just in time. Every single system if you haven't prepared for it, right? So, so I mean this is the urgency and the potential for chaos is much bigger, right? Because all at once it's it's chaos. It's not one company. You can't do this just in time. You really have to. We are comfortable with 2029. So do with that what you will but we really feel we should be ready by then. These are the questions I have. This was great. Bas anything you want to say for folk that are just about to see a bit of our conversation about quantum one thing they should know. Enjoy. And also uh there will be a link to the blog here. There will there will be a link to the blog for sure because the blog is much more complete in terms of giving the timeline of actually putting together some concepts and links. Thank you Jean. And uh thank you Bas the rest. Hello Bass. How are you? Hi Xiao. Great to be here. We spoke many times but folks of course don't have that context. For those who don't know can you explain to us a bit of your background how things started for you in terms of research your interest in these types of areas. distant path past I worked on the theory behind quantum computing but then I switched sides so to say and for I think first time I joined cloud was I think seven years ago as an intern have been working on deploying postquantum cryptography all the way since back then to help protect the internet against the then quite distant threat of quantum computers even before that could just give us a run through in terms of where are you based uh how you became interested in the area specific specifically. Ah, yes. Yes. So, I uh uh I'm I'm here in the Netherlands. I studied mathematics. I always had a a keen interest in in in in in physics and uh and security. I end up doing a uh a PhD at on the topic of theoretical foundations of quantum computing, but with a with a professor in uh computer security. So in the group there would always be people working on postquantum cryptography around and I would avoid working on my actual thesis. I would enjoy implementing some postquantum cryptography. So that's how I kind of rolled into it. Had a quick stint in London doing a posttock at UCL where I also first did an internship at Cloudflare. Since I tasted industry and the research there I said goodbye to academia and have been very happy working to help improve the internet at Cloudflare. on that regard. It's a a fashion a fascinating topic that has become I would say even more fascinating in the past few years that you have been working on it. What drives you first for quantum computing for quantum area specifically? So so quantum actually is really interesting when you first hear about first hear about it. It al seems seems a bit magical and and it got me quite annoyed when people would say the cat is dead and alive. And when I got the chance to actually do research on it, I thought, yes, let's let's go figure out how this stuff works. Still, it's I don't know whether I can say I I completely understand why a cat is dead and alive, but but but it's good good fun. It's a a difficult topic in the sense. Yeah, it's it's it's the mathematics is very clear at least the mathematics is very clear what it means. That's that's the hard thing. But but from there from from the mathematics from the physics it's it's very clear that quantum computers will be a thing in the future and they will break cryptography. So when when I had the opportunity to do an internship at cloudfare to help figure out whether this postquantum cryptography can be of any use I stepped on it was clear for me that this will be useful in the future. I didn't know when yeah I remember as a journalist writing about these topics and we were seeing many news about it but it it seemed like groundbreaking but it seemed that it was stalled after a big announcement. This didn't change too much. So the big change was always a few years more a few years more but in recent years really interesting to see how the quantum research and industry even has been evolving. For those who are not experienced in this topic, what would be the explanation that you can give us in terms of the evolution and importance of these this topic in particular the quantum computing possibilities really and where are we at right now? Yeah. So quantum computers they they you can best see them as a kind of specialized hardware. They're like maybe graphics cards. You can perhaps compare them to them. You can't a graphics card can't run your operating system, right? A graphics card does only quite specific things. The same with a quantum computer. They're really great at solving very particular problems and they're very fast with that. One of them is that they allow much faster simulation of of of well quantum mechanics itself. you use the thing to simulate itself and that has potential applications in better material material size instead of making the material testing it you can simulate it better. Um and so there are many tentative applications there and also it's we don't have it yet so it's a bit hard to completely figure out but there seems to be a lot of promise there. That's on the constructive side. On the rather more destructive side, the the kind of the unfortunate part of quantum computers is that they allow uh uh uh uh us to break two key pieces of cryptography that we've come to rely on, which is RSA and elliptic curves. And actually one of the one of the blog posts that is most popular from the Cloudflare blog is a 2012 blog from Nick Sullivan about elliptic curves and its relevance for cryptography to make our data our information secure in a encrypted way quite important. And one of the scares regarding the quantum computing possibilities is those those keys that are keeping things inside what we think are safe safes. Let's call it like that. Those could be broke uh by by the possibilities there. Not currently, but that's a big possibility, right? What can we explain in terms of how cryptography works currently and how it could be put at risk with is possibilities? Yes. So, cryptography is everywhere that we've had this this cryptography for almost 50 years now and we've had 50 years to put it in in basically everything around us, right? Even if you don't use cryptography directly, I mean the the the the the companies we deal with every day, everyone everyone relies on cryptography to to keep things safe and for different things. But mainly it's for for confidentiality that that that someone reading along can't see what is being transmitted. That that's an important one. But also for for authentication that we know that the website you're talking to is actually your bank or or the bank card or paying. That's all cryptography. the trust element like you know that this is who we say it is. That's quite important as well. Of course. Yes. Exactly. Yeah. Yeah. Yeah. I'm really the holder of this card. It's me who's paying. It's Google we're actually connecting to when you search something etc. And breaking that going back specifically to the possibility of that being disrupted. A cultler and you have been one of the most important people doing that has been working for several years now with the industry because all these things must be done with the industry uh to to have postquantum cryptography in place. We have actually a page on radar that already shows how much percentage of the web that goes through Cloudflare is protected uh for postquantum cryptography. Uh but uh how how postquantum cryptography came about and how has evolved really are two questions. So, so yeah. So, the so what so the problem is RSA analytic curves they're bust right when the quantum computer hits which maybe spoilers can be quite a bit sooner than everyone expects so we need to solve that luckily we can solve this usually when we talk about this sometimes people think oh we need a quantum computer to protect ourselves against against quantum computer attack that's not the case it's not you don't need to fight fire with fire so the solution is just use cryptography that's resistant against quantum attack. It's just it happens to be an unfortunate coincidence that the two main pieces of cryptography we use RSA and elliptic curves are both vulnerable to quantum attack. That's that's rather unfortunate. But luckily there has been there's more cryptography around and most of that is actually resistant to quantum attack. And the one that's actually deployed now a lot already more than half of the visitors already use it is lettuce based cryptography. Lettuce based cryptography is people think that must be very new. It's new that we use it a lot. It's it's it's now a few years, but it's also been around for a couple of decades that people have been looking at it. So, new cryptography, but underpinnings are quite a bit older. So, what's out there already? Um, there has been many news, right? The the current news. First, we're actually doing this and recording this for those news because there has been some news there. And also on April the 14th is actually a day worth celebrating which is world quantum day international event that most people didn't realize that they existed but that said is a good also a way to to talk about these topics. On the news front, there has been some news uh especially from Google but not only Google Caltech as well, right? That has been changing the dynamics of how soon do we need postquantum cryptography, right? Can you explain to us those news Yes, it's uh uh it's quite a shock. So when I started I thought not before 2035. It's a bit it's a bit hard to say with with quantum computers because you're building something from the ground up. you don't yet know how to do it and you need to figure out there's engineering challenges to solve right but there's not just one approach to quantum computers there there's a bunch of them there's uh superconducting cubits iron trap neutral atoms several more and each of these approaches has their own problems so 10 years back you would think that's a lot will they get there it's like maybe one will not hit the wall maybe worth mentioning that that's also because and please correct me if I'm wrong that the the way that quantum computers work, cubits and all that is so different from what we know that computers work today. The binary thing is so completely different in ways that it's actually really difficult to explain some situations that making them work properly with a good output is the thing that is the issue. It's a bit like uh physics or the people are waiting for free energy from a fusion cold fusion. Oh, it's 10 15 years for 50 years now. And with quantum computer computers, there's a bit of that as well. It may be 10 15 years and it's been lagging because it's a different beast and technology completely difficult to compare to. Right. Well, that was the feeling certainly 10 years ago. But all of these approaches, I mean, I would have expected maybe some to peter out, but at the moment, many of the approaches, they are on the frontier now. They are they aren't quite there yet. If they they would have solved all the problems we would be too late in terms of cryptography of making cryptography the current cryptography work and actual people trusting things that would be like yeah that would be a real scenario but the each of the approaches to quantum computers they have been making progress right uh especially now with uh uh with with the neutral atom computer the gap there between what they still need to do and before they're able to to break our cryptography is uncomfortable. ably small now. Well, now so that's that's that we already uh we kind of saw that the neutral atoms are more scalable than we thought that was already last year. But the two pieces that dropped that that dropped at the end of March are actually not directly on the hardware side. They're on the software side. Because to break cryptography, you need to run quantum software on the quantum computer. And if you want to know how capable does a quantum computer have to be, you have to know how difficult is the computation, how much memory and speed do you need from it. And here the improvements have been really staggering where original estimates uh were in order you need maybe 200 million cubits, 200 million cubits to do anything. That dropped to to to a million in 2025. And that dropped uh again with a more clever algorithm. And that dropped again with with with better error correcting code because it's not just the software as is. It's also how do you optimize it for a particular quantum computer and especially the neutral atom ones where the cubits have nice connectivity good connectivity there. It turns out that you can be really clever with error correcting codes, much cleverer than expected. And so the big two announcements were of Oratomic of the spin-off of of Caltech where they figured out you can do much better error correcting codes than anticipated on neutral atom machines. And the other breakthrough is an even better optimization to breaking elective curves by Google where very interestingly they didn't give the algorithm. They said this is this is how how little you need. We're not giving you the algorithm because we're scared that you that that someone might abuse it. But they did give a zero knowledge proof. So a zero knowledge proof is a proof that the algorithm actually works without revealing it, which is I think quite exciting. And revealing it could be dangerous because if it's really effective, the danger of revealing it could be relevant of others using it for we don't know what really, right? I think it's I think the the right way forward is responsible disclosure where where progress is made it in public like we we always do in security progress is made in public we adjust to it that's responsible disclosure but I think I think when this is comes near and with the risks that are on the table I think we will see more progress move into into the move out of the public eye as we at least as we see here Google gave a zero noise proof To their credit, they are actually telling us the something with that. They are telling us something. Yes. How how scared are you with those things? I'm really worried. I'm really worried. Yes. I don't think there when a research like you says I'm really worried. I'm worried. And why is the the question what is the risk? Well, so if the quantum computer would arrive in 2035, and I think this shows it could be much earlier. Even if it would arrive in 2035, I think it's really tough for everyone to hit that target, right? In terms of postponing cryptography, things being protected for quantum computers. Yes, it's it's cryptography is is everywhere. It's it's it's all around us and every single thing needs to be updated to remain secure. Hopefully, it's just a software update, but sometimes cryptography is baked into the hardware in a way where you need to replace it. Are you looking forward to replace your car because it had a remote control? I'm not. True. Even banks and there's all all sorts of banks and telecommunications providers authentication to services where you have some relevant data. Authentication is quite important as well. Oh, I just authenticated this and I'm protect or I do the two-factor authentication. There are concerns there, right? Yes, definitely. I mean it's basically we would make a list now of where is cryptography used well everywhere and how is it used just for a lot of things right it's it's a lot and so 2035 is is is tough if you look at the whole industry already but if you look at what this means it's clear although they don't say it directly it's clear from Google's focus they moved their timeline to 2029 and they say we need we're going to focus on fixing authentication and that to me tells that they're worried it's very soon after because postquantum authentication is only useful if quantum computers are near. If they're not near, postquantum authentication doesn't give you anything. So that tells me that they're worried about a quantum computer could arrive in 2030. Actually, just to give folks a bit of the news there on the specifics, Google announced that it's preparing for a possible 2025 Q day, which 29 29 2029 exactly 2020 2020. So they set their target to migrate uh all of Google by 2029. Exactly. And that's the timeline for cryptography and it suggests that that transition is really being if there's a date it's because they think that date is important, right? Yes. And it's a large infrastructure. What in a sense can we say about Qday? What is Q day here specifically? It's when quantum computers will be actually ready to do actual relevant things with real world impact. Is that it? So Qday Qday is kind of a short hand, right? Qday is the day that the first serious cryptography gets broken by a quantum computer. There are some sometimes people they complain about Qday because it will be more of a a long period, right? Initially attacks are expected to be slow and expensive and maybe only attack ellipt and not yet RSA and at a later date it might be so there's nuance here when actually quantum attack is relevant for your cryptography and relevant to the adversaries you are worried about that will differ but still Qday I think it's it's an important shortand when when is when are the real attacks starting so is it related to the cryptography part one of One of the things I'm curious first it's a close to doom day which it's a bad word a bad example here maybe but uh it's definitely scary oh Q day and if there's a date for for it is definitely for people to have in mind another piece of of information here that could be relevant is in what way those that will have access to those quantum computers first actually will after this is reached by a company let's say Google will other companies will follow with their quantum computers or or is it focused only on that technology from that company that generated? Yeah. So Google they have a branch that works in a quantum computer but actually they don't they they they they were pursuing silicon based superconducting silicon based quantum computers not a neutral atoms well they just bought a startup so they're also pursuing neutral atoms now for it turns out a good reason. It's it could be Google that's the first one but across the world not just the US, Europe, China, all across the world there are many labs uh pursuing all different approaches to quantum computing. So it's not clear at all who will who will be first and but after one is first if it doesn't announce how it got there will the others follow easily? We know that technology even by very relevant things like even atom bombs that technology flows sometimes faster than one would expect. What does is the feeling there? Yeah, certainly once even if the details are not known once you know that something is possible it makes it much easier to focus right it will not be long until others have caught up makes sense in terms of the importance here if and this has been talked with other technology AI we've been speaking about hey if this technology will be reached first the gentic AGI by this government or this country first we'll be behind and that's relevant will do you think is the same situation here. Whoever gets that first will have the keys in a sense will be that will be really relevant. It will be a you will get a lot of access if you have a quantum computer. Yes. Yes. Certainly. Yes. I don't just worry about nation states at some point even petty criminals will have access to them. There's billions and billions and billions of investment in quantum computing just in single countries private investment. And they will want to recoup. It's really hard to actually tell what a quantum algorithm is doing once we have I mean there are already quantum computers in the cloud. They're just not capable enough to crack cryptography yet. But at some point they will and it will be open to anyone. We on radar currently we have how um around over 60% now I think of uh the web that we see is uh protected by by postquantum cryptography specifically. Even if we reach 100% what is the the main takeaway from in terms of the industry of getting to Q day that won't give the whole protection right you mentioned hardware you mentioned like little companies many things banks and things like that it's not only in terms of websites and traffic of websites it's the other part as well so even if we reach 100% there are all protected let me add an asterisk there so that 60% is uh postquantum encryption to counter store now decrypt later where an attacker stores encrypted communication and after Q day decrypted. So this is very relevant now right this this is something you want to do yesterday right to protect your data and that's why we have deployed it since 2022 uh it took a while for so it's enabled uh at our site on on any website you put on cloudflare the free ones right yeah all free we do this for free right it's we we think security is the baseline for the internet So we enabled this for free. Not all browsers called the big browsers, the browser also needs to enable it. The client that's the visitor that's connecting big browsers have done so. And so that's why we're at 60% or so. But it's a lot of old software around old hardware around that hasn't been upgraded yet to support it. But this this is the the store now decrypt letter. It's not yet authentication. We haven't deployed it yet because we thought QA was we still had so there was no use. But we're going to deploy this next year. We are working with again we are running now an experiment with Chrome to test out postquantum certificates merry certificates. It's it's running now in in in Chrome as an experiment and we hope to roll this out in production next year in 2027. Yes. So that our edge is uh fully postquantum secured in preparation of Qday. Interesting. You also had a that's not all. There's of course there's internal we have we have a lot of connections. We have connections going out. But we have all kinds of various products where cryptography is used and all of them we'll need to upgrade most the vast majority of them we've upgraded with stored later protection but we'll need to add in postquantum certificates and we'll do that those letters will be yes these will be added we we we are matching Google and we are we are getting that done by 2029 so the idea is to have the full stack of possibilities there ready for that possibility that is it's just around the corner in a sense and the internet turns for sure. Yeah, it's a huge task. There's there's uh I mean uh we have so many internal services and and and and product. I mean I don't even know all the products that Cloudflare has. We need to figure out for each of them what the impact is uh which do we need to upgrade first etc. Uh we we're on that now and we're we're we're we're figuring it out. It's a it will be a fun few years I bet. But it's full throttle, right? What this news this news brings is a concern and also a this is a priority and urgency much more than we were actually expecting in a sense. Yes. It's it's I mean it's always nothing ever happens until it does, right? That's the that's the thing. That's the thing. Yeah. 2026 has been a crazy year. True. True. and in other realms even of AI as well but this one is quite important if uh everything plays out at is it seems that is going to play out. What more can we say about the the some of the news that were was around? You already mentioned the callac one, but uh the 2029 date seems to be a norm now, not only from Google, right? It seems to become now a a real target even for others, right? Yeah. We're starting to see that actually is not so Google targets 2029 whereas actually they implicitly they think that a quantum computer could arrive 2030. But if you look at some other comments, the the CTO of IBM quantum safe says that he could expect a moonshot quantum computer by 20 puts the deadline on 2028 for that. We are also uh uh uh preparing for 2029. I expect um uh Google is not was not the only organization with timeline concerns. Uh so I think we'll we'll hear a lot more announcements uh very soon and probably a few more after this has been recorded. Um true if if it's really really big we just go come back and and do a follow-up even for a few minutes. One of the things and we spoke about this over the years many times. I'm actually doing a project you helped uh called randomness playground that has a uh postquantum key that grows which is kind of cool. But one of the things over the years that uh has been interesting is sometimes there's news and I go to you and you say to me, "Oh, that there's a lot of hype there. There's a lot of marketing there. I can see it. It's not as relevant as they say or something like that." Which is not the case here. So, so I'm a bit more worried because of that. Usually, you're the this is a bit of hype guy and not in this situation. Yeah. It's it also really it kind of caught me off, guys. I wasn't used to thinking about such an earlier timeline. You have to really click to start think Oh, okay. This is This is Sorry about the language. No worries. No worries. We're not in broadcast TV here. So, maybe maybe I do want to add some positive notes to say some positive things. Uh it's not all gloom and doom. So, the first is people only start working when there is a near the deadline, right? I mean, if we're honest, people would have slacked off until the deadline anyway. So it's not really really like it's different. It's just a kick on their butt. Um so that's one thing and another is is fevers at the moment AI of course if you if this news would have dropped only half a year before I would have been enormous and it's not that that that the task of upgrading is each bit of them is necessarily difficult. I mean there will be hard cases. There will be things you can't easily replace or need to do something very clever, but in most cases it's just it's just a software update in most cases, but it's it's a software update to software you don't know if you where it runs where it is or if you have it. And for these bundane tasks, these LLMs, they are absolutely fantastic. I'm quite a bit more optimistic about getting this done quickly thanks to to to this other frenzy of elements. Exactly. Agents and uh that's already here completely and making a difference with a bit of slop but uh things are getting better each day. So that's exciting as well in this area because deploying things and making changes if that becomes even on the software side that if that becomes easier that will also help this part. I don't trust them to write the cryptography just yet. No, but having having them help help you out to find it and being the first line of support for helping engineering teams upgrade. I mean, if you have an engineering team, cryptography has been so successful where it's hidden away from the developer. A developer, they connect to a database, right? You you go to a website, you don't have to think about the cryptography, and that's how it should be. But it also makes it hard to figure out if you're using cryptography and where and and which and how and if it's postquantum. And this is where where LLMs can can really help out with figuring out for you where you use cryptography and if it's already upgraded. While we're we have you here, it's maybe a good opportunity to explain some topics because those are always relevant. you know not only about postquant postquantum encryption but also the quantum possibilities even thinking outside a bit of the encryption part what are the hopes let's see the positive side of a quantum computer in terms of a real one that could there are quantum computers as you said currently but the ones that will break encryption but also having good possibilities in terms of output you mentioned real world examples and hardware and things like that. What are the capabilities and hopes that there are in terms of quantum computers even for a quantum internet maybe? Quantum internet. Yeah. So as I as I said said at the so one application of quantum computers is simulating nature itself. This was the original original application of quantum computers when they were first proposed. They were proposed with if you want to simulate nature now it is difficult because quantum mechanics requires you to keep track of it's a bit oversimplified. keep track of all possible worlds in a way to actually simulate it and that's slow that's that that's slow to do but with a quantum computer that's that's quite a bit faster because you have nature available to you directly so that's original application and that that can be used to to simulate how new materials will behave maybe medicine so here it is still very early because we don't have them yet so we don't really can play around and see what works well and not but that's certainly one of the uh big promises advanc is a material science. I mean, materials, if you look back at at at at the the the ages, I mean, it's the iron age, it's the bronze age, it's the silicon age, it's the materials that really shape technology. And so, well, let's see which new materials the quantum age brings. True. That's that's more important than it seems for sure. And as a former journalist, one of the things that we always learn in college is the medium is the message type of thing with the medium. And this comes back to robots. Will robots be sensient? Will they be conscious? Even that part for example, that's like the medium is a message type of thing. So the the medium you use will also inform what you say, the possibilities. you connecting to a robot is or you downloading your mind to a robot. There's movies with that. That that's also if the technology and the actual hardware works, the materials work, things will be possible that you didn't think those would be possible. There's many sci-fi movies with that an area that I love to be honest. But the the possibilities are quite astonishing. Even airplanes. We see on movies, spaceships doing amazing stuff with things that don't exist currently, but maybe with quantum computers doing new materials, new possibilities for materials. Some some things only dr could be real. Of course, this is too much sci-fi by now, but quite interesting to to think about specifically. Yeah, downloading mines into computers does well that absolutely absolutely. We don't know for sure. We know about we know about true about the cryptography part because that's more immediate for sure. One of the things maybe you can explain to us a bit there is the way that quantum computers work that is behind this. There's the this um neutral atom uh perspective that you spoke. Can you explain to us the difference neutral atom cubits differences between the binary computer these days? So in a way everything and everything where something can be one thing or a one or a zero in nature is already a cubid. If you have a photon it has a polarization. You know these these glasses where if you turn it then it it blocks light or not. It's because a photon they have a polarization. Already the polarization of it is an example of a cubit. whether whether an atom is vibrating a little or a lot whether uh anything that can be there or not is fundamentally quantum mechanic and is a cubit the only problem with so you can make I mean just like you can create a zero and a one from whether there's electricity or not whether there's water or not whether there's a pressure or not whether there's a mechalical switch is flipped or not you can make you can make cubits from basically basically everything the problem is is that is controlling the noise because cubits in nature they are very much analog right they they they are very they are directly influenced by everything around it so it's all about how can you get some I mean you just take anything that can be on or off really but how do you protect it in such a way how how do you do it in such a way where there isn't that much noise influencing it so with the superconducting cubit approach they have a little radio resonator I don't know if you you done electronics it's like a coil and a capacitor. I mean that's basically the analog they on the silicon they put a little coil and a little capacitor uh and then you get a it starts to resonate and either it resonates in the ground state or excited state and that's that's that's the cubit and now normally there's noise but what they do it they put it in a very expensive cryogenic fridge so that becomes superc conducting and then there's very little noise and that's the cubid there in the neutral atoms case they have in a vacuum they put I'm not really a physicist know what is the letter rubinium I They put them there and also there it's the it's the it's the excited state which is the cubit but you can also have them with with photons. Photonics uses photons and you have ion traps where it's like neutral atoms but it's not neutral they're charged. They're ions and so they use can use magnetism to keep them trapped and out of the noise. So this is and each of these has has different pros and cons. With some it's they're inherently more stable. Some the operations are slow. It takes time to work with them. With all they're very fast. So the the silicon ones, their operations are very fast, compute fast, but they have more noise. With the silicon, you have a grid. So cubits can only talk to each other, which is which isn't annoying if you want to do if you want to do something between two cubits far away. Whereas with the neutral atoms, you can use tweezers made out with lasers. You can just move these neutral atoms around, which is actually one of the huge deals with them because that allows you to do much more efficient algorithms. actually if you can move them around instead of having to do a long chain of operations. It's it's there's a lot of possibilities. Yeah. Which is interesting but also shows us that it's something that's still in experimenting stages specifically in terms of the the methods there. Yes. But the the the gaps have been the engineering challenges they have been just hammering them out for each of the approaches. There used to be a long list for each. How do I mean how do uh uh so there was a array of of 6,000 neutral atoms just last year whereas a few years ago it was inconceivable to have more than maybe a couple. So for each of the approaches the the different labs around the world have been solving one challenge after another and now the list of challenges for each approach is is frightingly short especially for the neutral atom months. Is there a perspective maybe too much in terms of possibility a perspective of which architecture will potentially win or if many will potentially win a sense? So last year I thought I thought superconducting silicon that one looked best but now neutral atoms have leaprogged which one will win I don't know let's see the future will we'll say we'll say that specifically but also they have their advantages so uh one thing is that the neutral atommon the first generation of them they will be kind of slow as in they are stable they are allow for the rearranging which which allows for very efficient algorithms but it It will be to break a key, it will take hours or days even. So not very fast. Whereas if you have a scalable superconducting silicon quantum computer, those are probably pretty fast. One once they're out, maybe not the very first one, but but it's very likely that that such one will be able to break a key in perhaps a minute or so. So that's also a completely different threat model. And so far both neutral atom and andong silken, they don't show sign of hitting a wall yet. The neutral atoms are ahead. They're they're probably at the moment, they seem to be the first one, but the superconducting silicons, they they're not far behind. Neither are the trapped iron. And uh uh so it's a whole field. It's a whole field, of course. But um we mentioned a bit of quantum internet. What is that? Is that a real thing? Is that a what is it? Yeah. So the internet we have now that transmits bits, bits, bits. So it allows computers to talk to each other. So quantum computers can also use the the internet but they can't transmit quantum information. You can't you can't send a cubit over the internet to send packets inside submarine cables. Well actually with the cables over you can send cubits over fiber optic using photonics but you need different hardware. You can't just use a you can't just use a offtheshelf rout to read to read. Yeah. Yeah. to at read and to transmit to actually send cubits between quantum computers to communicate in a quantum way that requires new technology a new kind of routers. Um uh uh uh and this is and this is the quantum internet. The internet where you connect quantum computers the application there is very specific of course maybe you want to connect two quantum computers to do one algorithm bigger or there's I mean there's many different things you could do there. It will not be the main internet will not be the quantum internet. The quantum internet will be the connection of quantum computers. It will be the internet for quantum For quantum computers. Yes, that's great. I like that. Yeah. The Yeah. Um so that's that's great. I think that has that has that has is an obvious next step and and that has promise. One question that comes specifically about Qday in a sense and all these worries is thinking from the accompany side what should companies actually do right now if they want to prepare is there something they should do any call to action that we can suggest or is it just for infrastructure companies specifically currently so okay so so the timeline is is tight there there's there's not enough time and organizations have only limited resources some organizations more than others. So the most important thing I think is to start now by trying to understand not the find all the places where cryptography not the the what but why what are your essential system what is it you're trying to achieve and what happens if that you don't have the security anymore and and it might sound a bit negative but to reduce the panic just think what if everything is broken and we we we don't get to upgrade in time what will happen what will happen for some things it's it's bad but for a lot of things it might might it might not be that bad there might be solutions for instance like um if if I go to the if if you go to your office there's a there's a what's what what's the a gate it's called when you go to the parking you mean yeah yeah the parking gate there's cryptography in there it's probably not postquantum secure is it a big deal that someone access to a quantum computer can park for free probably not and probably no one will do that just because it's not necessary. Although with AI they can spread out chaos. So that's also a concern but yeah but um so really start with with with what is it that's business essential and work back from that prioritize from that. We are trying to get really everything done in time and for us it's already tight and we'll probably have to solve in some places we have to solve the problem differently than just with cryptography. We have to change the way we do things because just a direct replacement isn't there. But it's really it's about why we're using cryptography. What do you want to achieve? Focus on that and you can start it now. You can start it already now. Second is just get started. There's a lot of fear when you touch cryptography as in as in it's a scary thing. There's a lot of very long names with letters and numbers mixed in. But once you get started, it's not that bad. We've seen that in our past migrations. getting postquantum in the very first product that took the most amount of time and once it was in the first two products the other teams they it became the new normal and people follow suit. So make it the new standard. Get started now with with just pilots. Don't be too too picky. Just start with one where it's easiest. Get started with pilots. Figure out what goes wrong. You can't plan completely ahead. You just have to try. There are a few other possibilities that I see as interesting. For example, let's do a quick fire round of questions. Sometimes those are are fun. One is biggest misconception about quantum computing. Yeah, AS 128 is fine. No need to replace that. What is ASS? What is that? That's symmetric cryptography. So I think the biggest misconception is that people think they need to replace um 128 bit keys with 256 bit keys. I mean it doesn't hurt and if you like it, just do it. But don't go out of your way to replace AS128 with 256 or to replace SHA 256 with SHA 512 if you don't need the type of the key, right? The type of the key specifically. This is this is two out too kind of symmetric cryptography algorith. They're fine. They're already postquantum. No need to no need to change them for the quantum threat. That's the biggest misconception. One thing the media gets wrong about quantum computers, maybe that's different now with current news, but is there a thing that usually the media gets wrong? There's always the colorful analogies where quantum computers compute everything all at once, which is it's not true. It's kind of a quantum computers don't compute everything at once. No, there it's actually it's it's it's actually way more interesting than that. So So if you look at the mathematics of it, so in these algorithms in Grover's algorithm, the very first step in the algorithm, it basically computes everything at once. That doesn't help you. You so you have in this state, you have all the answers you want. you have computed everything you need to compute, but if you would open the box and look at it, it would just give you one bit of information, not the thing you actually wanted. And so the the the crux in quantum computers is not the computing everything at once. That's not that's not what they do. It's it's it the the the trick is that once you have all the information in there, which which is pretty easy to do in the quantum state, you have to to the problem is once you have all the information in there in the quantum state, when you look at it, you only get one piece of it. to actually get useful information out of it, you have to cleverly interfere the information in a quantum state with itself. And that's also what makes it difficult to write to do this in self- interference in a clever way. But that's really what is the what is the where the power comes from. One thing that I think you already talked a bit I'll ask will quantum computers replace classical computers. No, quantum computers they're just they're like a graphics card. They are an add-on for specific computations. Exactly. They do other things in a different way than normal computers, but they will the things they will do will be quite relevant like a new realm. Yes, they they they have a very specific niche. I mean way more specific than a gra than a GPU, way more specific than a a tensor unit or it's it's really very specific what they'll do, but they'll be damned good at it. one I I I particularly like which is is there a favorite cryptography algorithm you have for some reason? My favorite algorithm is the algorithm that's deployed and that must be ML cam now that's originally called Kyber. I have a sticker of it on my laptop. It's a postquantum one, right? That's a postquantum one. It's the one that's protecting since 2022 millions billions of connections already. So that's my favorite because of of its relevance or Yes. Because it's deployed now. It's securing now. Yes. Uh okay, that's that's cool. Is there a most elegant cryptography idea you like? Oh, there's so many elegant ideas. The one I I the one I like it's it's a recency bias, but the one one idea I really liked uh is um which is called V in the head. It's a it's a clever new idea, quite recent with which you can do postquantum zero knowledge p. And this goes quite in the weed, but it's it's it's if you're a cryptographer listening and haven't looked into V in the head, have a look. It's simple and quite elegant. I I really enjoyed learning about it. One one maybe that could be relevant here as well. Is there a a surprising thing about working with cryptography? Most surprising thing that you've encountered working with cryptography? Yeah. So the most surprising thing about working in cryptography for you? I have some answers but they're not very positive. Oh, they're negative. They bring concerns. The amount of emails I have to dig through to uh to get things standardized at industry. Yeah. things the amount of useless single things people can quibble about but let's see how it sounds humans will be humans right so everywhere it's a it's a necessary part of it cryp cryptography is not the hard thing well it's I would guess it's surprising if you it's not the cryptography that's that's actually hard in getting it deployed it's it's the getting people aligned it's it's all the process things figuring out where it is getting people to agree agree on on the small details. Yeah, that that's that's the challenge. It's it's not it's not a technical challenge mostly. It's it's really a people people's challenge. Makes perfect sense. And I've heard that many times in this show and podcast in different areas, security protocols there there's humans will will be humans. Uh which is interesting for sure. I like this one which is working in cryptography that you've seen how things started like pioneers. Is there a pioneer that you think is really relevant and you think people should know about in this area? Pioneer. I think this is of course a bit more personal, but I have to I'm indebted to my old boss Nick Sullivan of course who hired me and uh worked on so I've been here for quite a few years but but he was there when when when Cloudfare started to super cryptography that was great foresight of Nick. I actually have another one that I think could be cool here. One thing developers should learn about encryption. Although now we are all developers. If you ask to configure cryptography, something went wrong. Cryptography should be configured in a sensible way by default. Unfortunately, it's not the reality today. A lot of times to actually get the best security, you have to configure it. But the way it should be is that it's it's secure by default. And this has been great. For instance, OpenSSL has enabled postquantum by default, which means that a lot of people that didn't override the default settings, got postquantum by default for free, you will software update, and that's maybe also good. Best practices get you really far along already. Just keeping your software libraries up to date, automate certificate issuance and token rotation, just all the usual good stuff and best practices, they will really help with postquantum as well. Of course, because the industry will if the industry adopts things and companies adopt things to be postquantum ready. If you just update to the latest one, you'll have that security supposedly. In the end, in the end, the migration is a software update and a key rotation in most cases, which is something we know how to do. We just need to do it in time and don't forget about any um I have here a few that are a bit personal, but is there a movie or book or show that you really enjoy that you think gets cryptography right or even wrong? Oh. Uh I so actually in the Matrix there's uh I mean this is more security than cryptography but in the Matrix there's this very quick scene where Trinity hacks into something and it's actually a real a real vulnerability in SSH that I think that that was that was very cool. It was completely needless right because there's enough suspension of disbelief in the whole movie but they they just put that in. It's it was really a actual thing. It's an it's the actual assembler of exploits in uh for vulnerability in in SSH. That's cool. And recently I think uh probably this will be dated but uh uh just last week I went to Project Hail Mary. It's that's a great movie. It's a great book actually. We have it here somewhere in the library. Yeah. I also like the the positive vibe of it. The the can we we can do it. We can do it mentality of it against I mean clearly a bigger danger than Qday right Qday is nothing compared to astrophase I have two last ones one is postquantum cryptography in one sentence that you can summarize maybe difficult but uh postquantum cryptography the term itself will disappear right it's just cryptography now right it's after Q day there's no postquantum cryptography it's either secure or not if you want a funny answer it's it's big it's large postquantum cryptography is large it's what large large. Yeah, it's much more bytes on the wire. It's not slow. People think postquantum that must mean slow. Big means slow. It's not slow. It's fast. It's just big on the wire. Lots of bites. Many bites will be around for sure. And last but not least, the internet in 2035. Quantum safe or quantum broken. I'll try to be I'm going to be positive. Is quantum safe? We'll get it done hopefully and for the sake of all of us and companies and bang and not saying you should sit back but we'll figure it out. I mean with urgency then people start acting and I hope people see now it's it's urgent and once it's urgent we can move mountains in moments. That's true. That's humans for you. Oh well the bottlenecks will be removed if there's an urgency usually. This was great boss. Thank you so much. My pleasure. And let's talk more. If more comes in the recent weeks and months, there'll be enough quantum to talk about. It's only April. That's true. That's true. Many news already and more to come. So, thank you. Yeah. And that's a wrap.