Cloudflare is the first major Internet infrastructure provider to support post-quantum cryptography for all customers. This should theoretically always protect data if quantum computing ever manages to break today's encryption technologies.
As of today, all websites and APIs served through Cloudflare also support post-quantum TLS based on a Kyber hybrid key agreement.
The service is free and enabled by default. This is a hybrid key, as it combines the X25519, which is used by TLS 1.3 but is still vulnerable to future quantums attacks, along with the new quantym functions Kyber512 and Kyber768.
"This means that even if Kyber turns out to be insecure, the connection will remain as secure as X25519," explained Cloudflare researchers Bas Westerbaan and Cefan Daniel Rubin.
Kyber, so far, is the only key cryptography officially chosen for standardization by the US National Institute of Standards and Technology (NIST from the National Institute of Standards and Technology). NIST plans to complete this standardization by 2024, and new standards may follow.
This, in part, is why Cloudflare is offering it as a beta service.
At post them, Westerbaan and Rubin pledged to publish updates on the support to Cloudflare's quantum key at pq.cloudflareresearch.com.
The ability of quantum computers to break classical cryptography is still years away — anywhere from 15 to 40 years [PDF] to never, depending on who you believe. But if at some point there are such powerful machines to decrypt anything on Dianetwork, they will be able to reveal state secrets in seconds.
Some security advisers have warned that the China and others are stealing data now to decrypt later when quantum computing has matured enough.
However, as Cloudflare researchers report, the development of post-quantum cryptography comes with risks. It will be a brand new cryptography, and sometimes the code is not reliable if it has not been tested for years. Case in point: the release of TLS 1.3, which didn't go as smoothly as planned.
"Although the protocols used to secure the Internet are designed to allow smooth transitions, in reality there are many errors, and the attempt to create a post-quantum secure connection can fail for many reasons," Westerbaan and Rubin report.
"For these issues we believe it is important to develop post-quantum cryptography in a timely manner."
