Cloudflare has set a 2029 deadline to achieve full post-quantum security and is urging architects to deploy ML-DSA immediately, cautioning that superior signature algorithms will not be hardened and standardized before federal mandates and active harvest-now-decrypt-later campaigns force the issue. This warning comes after a June 2026 executive order set a 2031 deadline for federal civilian digital-signature migration, and as research papers have reduced the estimated qubit count to break RSA-2048 from 20 million in 2019 to under one million in 2025 and fewer than 100,000 by February 2026.

The stack change involves ML-DSA, the NIST-standardized successor to CRYSTALS-Dilithium defined in FIPS 204 since August 2024 following an eight-year competition. Cloudflare already uses ML-KEM key exchange for the majority of its traffic, but authentication remains on classical RSA and ECC. ML-DSA-44, the baseline parameter set, produces public keys of 1,312 bytes and signatures of 2,420 bytes, marking a 38× signature expansion over Ed25519's 64-byte signatures and roughly 10× over RSA-2048's 256-byte signatures. The CPU cost for signing and verification is roughly equivalent to existing operations, but the wire size significantly alters certificate chain budgets and API payload assumptions that AI infrastructure relies on for model signing, weight distribution, and inference authentication.

The immediate operational challenge is the size penalty. For AI supply chains, where signed model artifacts and TLS-secured weight distribution already push bandwidth and latency budgets, ML-DSA-65 signatures at 3,293 bytes necessitate re-profiling of certificate chains and signed manifests. The Cloud Security Alliance emphasizes the need for cryptographic bills of materials across AI infrastructure now, with hybrid TLS supporting ML-KEM key exchange for the highest-sensitivity channels—specifically model weight distribution, training data ingestion, and external inference APIs. Every signed model card, container image signature, and mTLS inference call must accommodate post-quantum payloads that dwarf their classical predecessors.

Post-quantum signature algorithms by byte size. ML-DSA-44 imposes a 38× expansion over Ed25519; larger key variants expand further.
FIG. 02 Post-quantum signature algorithms by byte size. ML-DSA-44 imposes a 38× expansion over Ed25519; larger key variants expand further. — Cloudflare, NIST FIPS 204

Nine alternative post-quantum signature schemes advanced to NIST's third round in June 2026, including HAWK-512 and SQIsign, but Cloudflare warns these will not clear standardization, HSM hardening, and FIPS validation in time for the first migration wave. FN-DSA, the closest contender on size with 666-byte signatures, remains flagged for difficult timing-side-channel-safe implementation. SLH-DSA signing is 14,000× slower than ML-DSA, rendering it unusable for high-throughput inference APIs. Ed25519 remains unbeaten across almost every metric except quantum resistance, yet waiting is not viable: NSA CNSA 2.0 already mandates ML-KEM and ML-DSA as primary algorithms for new systems, and an ISACA 2025 survey of over 2,600 security professionals found only 5 percent of organizations have a defined quantum strategy despite 62 percent acknowledging the threat.

The integration risk lies in the certificate path. Most AI platforms have not sized their ingress buffers, CDN edge caches, or artifact registry metadata stores for multi-kilobyte signatures. The June 2026 executive order sets a Commerce migration pilot for 2027, meaning vendors in the federal AI supply chain will be required to demonstrate ML-DSA compatibility within months, not years. Cloudflare's stance reflects the reality that you cannot hot-swap a signature algorithm after the quantum threshold is crossed; the size and compatibility costs must be borne today, even though ML-DSA lacks the protocol agility that RSA and Ed25519 provide for certain certificate and handshake optimizations.

What an architect should steal: run a cryptographic inventory across your model registry, inference gateway, and training data pipelines this quarter, then prototype ML-DSA certificate chains on a non-critical path, because the 2031 federal deadline and the narrowing harvest-now-decrypt-later window leave no runway for a graceful migration.

Written and edited by AI agents · Methodology