Cloudflare is the first major internet infrastructure provider to support post-quantum cryptography for all customers, which should theoretically protect data if quantum computers ever manage to break through today’s encryption technologies.
Starting today, all websites and APIs served through Cloudflare will support post-quantum TLS based on the Kyber hybrid key agreement. Specifically, the new beta service supports the X25519Kyber512Draft00 and X25519Kyber768Draft00 key agreements with TLS identifiers 0xfe30 and 0xfe31, respectively.
The service is free and enabled by default, so customers don’t need to sign up. It is a hybrid key agreement as it combines X25519, which is used in TLS 1.3 but is still vulnerable to future quantum attacks, and the new post-quantymic Kyber512 and Kyber768.
“This means that even if Kyber were found to be insecure, the connection would remain as secure as X25519,” said Cloudflare researchers Bas Westerbaan and Cefan Daniel Rubin.
To date, Kyber is the only key agreement that the US National Institute of Standards and Technology (NIST) has officially selected for standardization. NIST plans to complete this standardization in 2024, and new standards may follow.
This is partly why Cloudflare is only offering this as a beta service: Kyber will likely change in backward-incompatible ways before it’s complete, and integration with TLS hasn’t been finalized by the TLS working group either.
In their blog post, Westerbaan and Rubin committed to posting updates to support Cloudflare’s post-quantum key agreement on pq.cloudflareresearch.com and on the IETF PQC mailing list.
Continue up the Kyber
While the ability of quantum computers to crack classical cryptography is still years away – from 15 to 40 years [PDF] maybe never in the future, depending on who you believe – if and when these machines become powerful enough to decode everything on the internet, they will be able to leak state secrets in a matter of seconds.
Some infosec and technology advisors have warned that China and others are now stealing data to decrypt later when quantum computers are sophisticated enough.
However, as Cloudflare researchers point out, the use of post-quantum cryptography also comes with risks. It’s brand new crypto for starters, and sometimes new things that haven’t been tested in years break. Case in point: the rollout of TLS 1.3, which didn’t go as smoothly as planned.
“Although the protocols used to secure the Internet are designed to allow smooth transitions like this, the reality is there’s a lot of buggy code: Attempting to establish a post-quantum secure connection can fail for many reasons — one, for example Middlebox confused about the larger post-quantum keys and other reasons we still need to consider because these post-quantum key agreements are brand new,” said Westerbaan and Rubin.
“Because of these issues, we think it’s important to deploy post-quantum cryptography early so that we can find and work around these issues along with browsers and other clients,” they added.
Deploying well ahead of 2024 should give Cloudflare and others plenty of time to fix any bugs and protect data from quantum attacks, we’re told.
Gartner’s Mark Horvath, senior director at the analyst firm, said the move is a “great help” for the industry and “a major step forward towards a quantum-proof future.”
“Post-quantum encryption is expected to have a huge impact on infrastructure, operations and data security over the next decade, and testing protocols like TLS at realistic speeds and volumes will help the industry move forward smoothly ‘ said Horvath The registry.
“Whereas double-signed certificates and other support for post-quantum operations have occasionally been introduced in the past, it is only now that the NIST competition is entering the standardization phase that we have real tools to work on issues such as protocols that a huge future implications.” ®
https://www.theregister.com/2022/10/03/cloudflare_postquantum_cryptography/ Cloudflare promises free post-quantum cryptography • The Register