Sizing Up Post-Quantum Signatures
November 08, 2021 3:39 PM
How much room does TLS have for the big post-quantum signatures? We had a look: it’s tight....
Pairings in CIRCL
October 13, 2021 12:59 PM
Our Go cryptographic library CIRCL announces support for pairing-based cryptography....
Exported Authenticators: The long road to RFC
October 13, 2021 12:59 PM
Learn more about Exported Authenticators, a new extension to TLS, currently going through the IETF standardisation process....
Using HPKE to Encrypt Request Payloads
February 19, 2021 12:00 PM
Allowing users to securely log parts of the request that match firewall rules while making it impossible for anyone else to decrypt....
KEMTLS: Post-quantum TLS without signatures
January 15, 2021 12:00 PM
The TLS 1.3 protocol has been around for quite some time, but it will be broken once quantum computers arrive. What can we do? In this blog post, we will examine a technique for achieving full post-quantum security for TLS 1.3 in the face of quantum computers: KEMTLS....
MORE POSTS
December 08, 2020 12:00 PM
Helping build the next generation of privacy-preserving protocols
Today, we’re making several announcements around improving Internet protocols with respect to something important to our customers and Internet users worldwide: privacy....
- By
November 06, 2020 12:36 PM
The Internet is Getting Safer: Fall 2020 RPKI Update
The cap of two hundred thousand routing cryptographic records was recently passed. We thought it was time for an update on a major year for RPKI....
- By
October 01, 2020 2:53 PM
NTS is now an RFC
After much hard work, NTS finally becomes an official RFC.This means that Network Time Security (NTS) is officially part of the collection of protocols that makes the Internet work. ...
- By
April 09, 2020 11:00 AM
Internship Experience: Cryptography Engineer
Back in the summer of 2017 I was an intern at Cloudflare. During the scholastic year I was a grad student working on automorphic forms and computational Langlands at Berkeley....
- By
March 25, 2020 12:00 PM
Speeding up Linux disk encryption
Encrypting data at rest is vital for Cloudflare with more than 200 data centres across the world. In this post, we will investigate the performance of disk encryption on Linux and explain how we made it at least two times faster for ourselves and our customers!...
- By
March 04, 2020 1:00 PM
Pwned Passwords Padding (ft. Lava Lamps and Workers)
Starting today, we are offering a new security advancement in the Pwned Passwords API - API clients can receive responses padded with random data....
- By
November 01, 2019 1:01 PM
Going Keyless Everywhere
Time flies. The Heartbleed vulnerability was discovered just over five and a half years ago. Heartbleed became a household name not only because it was one of the first bugs with its own web page and logo, but because of what it revealed about the fragility of the Internet as a w...
- By
November 01, 2019 1:00 PM
Delegated Credentials for TLS
Today we’re happy to announce support for a new cryptographic protocol that helps make it possible to deploy encrypted services in a global network while still maintaining fast performance and tight control of private keys: Delegated Credentials for TLS. ...
- By
October 31, 2019 1:00 PM
Announcing cfnts: Cloudflare's implementation of NTS in Rust
Several months ago we announced that we were providing a new public time service. Part of what we were providing was the first major deployment of the new Network Time Security protocol, with a newly written implementation of NTS in Rust. ...
- By
October 30, 2019 1:00 PM
The TLS Post-Quantum Experiment
In June, we announced a wide-scale post-quantum experiment with Google. We implemented two post-quantum (i.e., not yet known to be broken by quantum computers) key exchanges, integrated them into our TLS stack and deployed the implementation on our edge servers and in Chrome Cana...
- By
October 29, 2019 1:00 PM
DNS Encryption Explained
The Domain Name System (DNS) is the address book of the Internet. When you visit cloudflare.com or any other site, your browser will ask a DNS resolver for the IP address where the website can be found. Unfortunately, these DNS queries and answers are typically unprotected....
- By
October 28, 2019 1:00 PM
Supporting the latest version of the Privacy Pass Protocol
At Cloudflare, we are committed to supporting and developing new privacy-preserving technologies that benefit all Internet users. In November 2017, we announced server-side support for the Privacy Pass protocol, a piece of work developed in collaboration with the academic communi...
- By
October 27, 2019 11:00 PM
Tales from the Crypt(o team)
Halloween season is upon us. This week we’re sharing a series of blog posts about work being done at Cloudflare involving cryptography, one of the spookiest technologies around....
- By
September 18, 2019 2:03 PM
Cloudflare’s Approach to Research
Cloudflare’s mission is to help build a better Internet. One of the tools used in pursuit of this goal is computer science research. We’ve learned that some of the difficult problems to solve are best approached through research...
- By