Cloudflare is the first major Internet infrastructure provider to support post-quantum cryptography for all customers. This should theoretically always protect data if quantum computing ever manages to break today's encryption technologies.
As of today, all websites and APIs served through Cloudflare also support post-quantum TLS based on a Kyber hybrid key agreement.
The service is free and enabled by default. This is a hybrid key, as it combines the X25519, which is used by TLS 1.3 but is still vulnerable to future quantum attacks, along with the new quantym functions Kyber512 and Kyber768.
"This means that even if Kyber turns out to be insecure, the connection will remain as secure as X25519," explained Cloudflare researchers Bas Westerbaan and Cefan Daniel Rubin.
Kyber, so far, is the only key cryptography officially chosen for standardization by the US National Institute of Standards and Technology (NIST from the National Institute of Standards and Technology). NIST plans to complete this standardization by 2024, and new standards may follow.
This, in part, is why Cloudflare is offering it as a beta service.
At post them, Westerbaan and Rubin committed to publishing updates on Cloudflare's quantum key support at pq.cloudflareresearch.com.
The ability of quantum computers to break classical cryptography is still years away — anywhere from 15 to 40 years [PDF] to never, depending on who you believe. But if ever there are machines powerful enough to decrypt anything on the Internet, they will be able to reveal government secrets in seconds.
Some security advisers have warned that China and others are stealing data now to decrypt later when quantum computing has matured enough.
However, as Cloudflare researchers report, the development of post-quantum cryptography comes with risks. It will be a brand new cryptography, and sometimes the code is not reliable if it has not been tested for years. Case in point: the release of TLS 1.3, which didn't go as smoothly as planned.
"Although the protocols used to secure the Internet are designed to allow smooth transitions, in reality there are many errors, and the attempt to create a post-quantum secure connection can fail for many reasons," Westerbaan and Rubin report.
"For these issues we believe it is important to develop post-quantum cryptography in a timely manner."