Cloudflare has announced the first phase of end-to-end quantum readiness for its Zero Trust platform, enabling organizations to protect their corporate network traffic against future quantum computer threats.
The initiative, which builds on Cloudflare’s research into post-quantum cryptography since 2017, addresses growing concerns about the vulnerability of conventional encryption methods to quantum computing attacks.
Quantum Computing Threat
Quantum computers pose an existential threat to current cryptographic standards that secure internet communications.
While not yet powerful enough to break conventional cryptography, experts warn of “harvest now, decrypt later” attacks where adversaries store encrypted data today to decrypt it once quantum technology matures.
“Our mission is simple: we want every Cloudflare customer to have a clear path to quantum safety,” said Matthew Prince, co-founder and CEO at Cloudflare.
“We’re committed to managing the complex process of upgrading cryptographic algorithms, so that customers don’t have to worry about it.”
The urgency is underscored by the National Institute of Standards and Technology’s (NIST) November 2024 announcement setting a timeline to phase out RSA and Elliptic Curve Cryptography (ECC) by 2030 and completely disallow these conventional algorithms by 2035.
Cloudflare has implemented a module-lattice-based Key-Encapsulation Mechanism (ML-KEM) for post-quantum key exchange in TLS 1.3 connections.
Currently, over 35% of human web traffic reaching Cloudflare’s network is protected using a hybrid approach combining conventional elliptic curve cryptography with post-quantum key agreement, shown as X25519MLKEM768 in browser security information:
The company is rolling out post-quantum cryptography in two phases:
Key agreement migration (currently active): Using ML-KEM to establish shared secret keys between communicating parties
Digital signature migration (planned): Addressing the challenges of larger and slower post-quantum signatures
Cloudflare’s Zero Trust platform now offers three key quantum-safe use cases:
Quantum-safe clientless Access: Protects organizations’ Internet traffic to internal web applications against quantum threats through browser-based connections using TLS 1.3 with post-quantum key agreement
Quantum-safe WARP Client-to-Tunnel: By mid-2025, this will protect any protocol, not just HTTPS, by tunneling traffic through Cloudflare’s Zero Trust platform with post-quantum cryptography
Quantum-safe Secure Web Gateway (SWG): Secures access to third-party websites by intercepting and inspecting TLS traffic with post-quantum protections
“We want every Cloudflare customer to have a clear path to quantum safety, and we are already working with some of the most innovative banks, ISPs, and governments around the world as they begin their journeys to quantum security,” Prince added
Cloudflare’s implementation allows customers to gain quantum safety without individually upgrading each corporate application or system.
This approach provides comprehensive protection against the looming threat of quantum computer attacks on today’s encrypted communications, establishing a new baseline for internet security.
Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
