Introduction to Post-Quantum Encryption
As technology advances, the need for secure encryption methods has become increasingly important. With the rise of quantum computers, classical encryption methods are no longer sufficient. In this article, we will discuss the importance of post-quantum encryption and how Cloudflare One is leading the way in this field.
What is Post-Quantum Encryption?
Post-quantum encryption refers to a type of encryption that is resistant to attacks by quantum computers. This is necessary because quantum computers have the potential to break many types of classical encryption, such as RSA and Elliptic Curve Cryptography (ECC).
Why is Post-Quantum Encryption Important?
The National Institute of Standards and Technology (NIST) has set a deadline of 2030 for the transition to post-quantum cryptography. This is because quantum computers are expected to be powerful enough to break classical encryption methods by then. Organizations that have not begun their migration to post-quantum cryptography risk being out of compliance and vulnerable to attacks.
Challenges in Upgrading to Post-Quantum Encryption
Upgrading to post-quantum encryption can be challenging. History has shown that depreciating cryptography can take decades, and organizations that have not begun their migration may face significant risks. Cloudflare One is helping to simplify this process by integrating post-quantum encryption directly into its Secure Access Service Edge (SASE) platform.
The Two Migrations to Quantum Safety
There are two main migrations required for quantum safety: key agreement and digital signatures. Key agreement allows two parties to establish a shared secret over an insecure channel, while digital signatures protect authenticity and stop active adversaries from impersonating the server.
Key Agreement
The industry has largely converged on ML-KEM (Module-Lattice-based Key-Encapsulation Mechanism) as the standard post-quantum key agreement protocol. ML-KEM has been widely adopted for use in TLS, and Cloudflare One is now offering post-quantum hybrid ML-KEM across all major on-ramps and off-ramps.
Digital Signatures
Digital signatures are currently less urgent, as post-quantum signatures are still in development. However, Cloudflare is actively contributing to the standardization and rollout of post-quantum digital signatures.
Breaking New Ground with IPsec
Cloudflare One has upgraded its Cloudflare IPsec products to support hybrid ML-KEM in the IPsec protocol. This is a significant step forward, as IPsec is a critical component of many organizations’ security infrastructure.
Pre-Shared Keys and Quantum Key Distribution
IPsec’s journey to post-quantum cryptography has been different from that of TLS. While TLS is a de facto standard for encrypting public Internet traffic, IPsec is a Layer 3 protocol that commonly connects devices built by the same vendor. As such, vendor interoperability has been less of a concern.
Conclusion
In conclusion, post-quantum encryption is a critical component of modern security infrastructure. Cloudflare One is leading the way in this field, with its support for post-quantum hybrid ML-KEM across all major on-ramps and off-ramps. As the deadline for the transition to post-quantum cryptography approaches, organizations must take action to ensure they are not left behind. By integrating post-quantum encryption into their SASE platform, Cloudflare One is helping to simplify this process and ensure a secure future for enterprise networking.
FAQs
- What is post-quantum encryption, and why is it important? Post-quantum encryption is a type of encryption that is resistant to attacks by quantum computers. It is important because quantum computers have the potential to break many types of classical encryption.
- What is the deadline for the transition to post-quantum cryptography? The National Institute of Standards and Technology (NIST) has set a deadline of 2030 for the transition to post-quantum cryptography.
- How is Cloudflare One supporting the transition to post-quantum cryptography? Cloudflare One is supporting the transition to post-quantum cryptography by integrating post-quantum encryption directly into its SASE platform.
- What are the two main migrations required for quantum safety? The two main migrations required for quantum safety are key agreement and digital signatures.
- What is ML-KEM, and how is it used in post-quantum encryption? ML-KEM (Module-Lattice-based Key-Encapsulation Mechanism) is a post-quantum key agreement protocol that is widely adopted for use in TLS. It is used to establish a shared secret over an insecure channel.








