Post-Quantum Cryptography
By the end of this lesson you will understand what post-quantum cryptography is, why it matters, and how Cloudflare has deployed quantum-resistant encryption for free on its network.
What Is Post-Quantum Cryptography?
Post-quantum cryptography (PQC) refers to cryptographic algorithms designed to resist attacks from quantum computers. Current encryption (RSA, ECDSA, ECDH) relies on mathematical problems that quantum computers could solve efficiently using algorithms like Shor's algorithm.
Cloudflare has deployed post-quantum key exchange across its entire network — meaning every HTTPS connection through Cloudflare is already protected against future quantum threats, for free.
flowchart LR
TODAY["Today's Encryption\n(ECDH / RSA)"]
QUANTUM["Quantum Computer\n(Future)"]
PQC["Post-Quantum\nCryptography"]
TODAY -->|"Vulnerable to"| QUANTUM
PQC -->|"Resistant to"| QUANTUM
style TODAY fill:#dc2626,color:#fff,stroke:#b91c1c
style QUANTUM fill:#7c3aed,color:#fff,stroke:#6d28d9
style PQC fill:#16a34a,color:#fff,stroke:#15803d
Why Act Now?
The threat isn't just future quantum computers. Adversaries can use "harvest now, decrypt later" (HNDL) attacks:
- An attacker records encrypted traffic today
- Years later, when quantum computers are available, they decrypt the stored data
If your data must stay confidential for years (financial, medical, government), post-quantum protection matters now.
How Cloudflare Implements PQC
Cloudflare has enabled ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) — formerly known as Kyber — as part of the TLS 1.3 handshake. This is a hybrid approach:
sequenceDiagram
participant Browser
participant CF as Cloudflare Edge
Browser->>CF: ClientHello (supports hybrid PQ key exchange)
CF->>Browser: ServerHello (selects X25519Kyber768Draft00)
Note over Browser,CF: Hybrid key exchange:\nClassical (X25519) + Post-Quantum (ML-KEM)
Browser->>CF: Encrypted application data
CF->>Browser: Encrypted response
Note over Browser,CF: Protected against both classical\nand quantum attacks
Hybrid Approach
Cloudflare uses a hybrid key exchange that combines:
| Component | Algorithm | Protection |
|---|---|---|
| Classical | X25519 (Elliptic Curve) | Protects against all known classical attacks today |
| Post-Quantum | ML-KEM-768 (Kyber) | Protects against future quantum attacks |
The hybrid ensures that even if the post-quantum algorithm has an undiscovered weakness, the classical algorithm still provides security. Both must be broken to compromise the connection.
What's Protected
| Connection | PQC Status |
|---|---|
| Visitor ↔ Cloudflare Edge | ✅ Enabled (if browser supports it) |
| Cloudflare Edge ↔ Origin | ⚠️ Origin must support PQ key exchange |
| Cloudflare Tunnel connections | ✅ Enabled |
Browser Support
Modern browsers already support hybrid post-quantum key exchange:
| Browser | PQC Support |
|---|---|
| Chrome 124+ | ✅ X25519Kyber768 |
| Firefox 128+ | ✅ X25519Kyber768 |
| Edge 124+ | ✅ X25519Kyber768 |
| Safari | ⏳ In development |
Verifying PQC Is Active
You can check if your connection to a Cloudflare site uses post-quantum key exchange:
In Chrome DevTools
- Open DevTools (F12) → Security tab
- Look for the key exchange algorithm
- If it shows
X25519Kyber768Draft00orX25519MLKEM768, PQC is active
With curl
curl -vso /dev/null https://example.com 2>&1 | grep -i "SSL connection"
# Look for output like:
# SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519Kyber768Draft00
Common Misconceptions
"Post-quantum cryptography is only for governments and large enterprises"
Reality: Cloudflare enables PQC for every site on its network, free or paid. If your site is proxied through Cloudflare, you already have quantum-resistant encryption.
"Quantum computers will break all encryption tomorrow"
Reality: Cryptographically relevant quantum computers are likely years or decades away. PQC is a proactive defense, especially against "harvest now, decrypt later" attacks.
"PQC makes connections slower"
Reality: ML-KEM adds minimal overhead (~1KB to the handshake). In practice, the latency difference is negligible. Cloudflare's benchmarks show no measurable performance impact.
Key Takeaways
- Post-quantum cryptography protects against future quantum computer attacks.
- Cloudflare deploys hybrid key exchange (X25519 + ML-KEM) — free for all sites.
- The hybrid approach ensures security even if the PQ algorithm is weakened.
- Modern browsers (Chrome, Firefox, Edge) already support PQ key exchange.
- PQC is a defense against "harvest now, decrypt later" attacks that happen today.
What's Next
- Continue to CDN and Caching to learn how Cloudflare accelerates content delivery.