It has been said that current encryption techniques may be broken in the future by quantum computers. To prepare for this, Cloudflare is launching a post-quantum experiment that website owners can enrol in to add support for two hybrid post-quantum key agreements: X25519Kyber512Draft00 and X25519Kyber768Draft00. These key agreements will work alongside existing encryption schemes to ensure compatibility.
At this time, adding these key agreements to your website won’t do a lot because no web browser supports them yet. For the time being, browsers will fall back to the existing encryption schemes, which aren’t quantum-resistant. Cloudflare said that the internet will move to quantum cryptography in the coming years and hopes that this beta will give its customers a head start.
The post-quantum cryptography that Cloudflare is using is called Kyber. Last month, the U.S. National Institute of Standards and Technology (NIST) decided to standardize Kyber, with the final specifications coming in 2024. By launching this trial, Cloudflare hopes to drive the adoption of post-quantum cryptography.
In terms of characteristics, Kyber doesn’t need as much computing power as existing schemes, but it uses bigger keys and uses more RAM. Cloudflare believes that if Kyber was used on its own, connections to sites could be faster, but in this trial, a hybrid model is used, so connections are a bit slower.
If you want to test this out on one of your domains, check out Cloudflare’s comprehensive steps to set it up. Be warned that Kyber will be receiving backward-incompatible changes in the upcoming months, and Cloudflare’s implementation will change to be compatible with other early adopters. Additionally, if the community finds any issues, then workarounds will be added to Cloudflare’s implementation. Due to the quick pace of changes, Cloudflare can’t guarantee long-term stability or continued support.