888-384-7144 info@insidequantumtechnology.com

Cloudflare CTO John Graham-Cumming talks about PQC

By Dan O'Shea posted 06 Apr 2023

Content delivery network provider Cloudflare recently said it would provide post-quantum cryptography (PQC) for free for all of its customers. Cloudflare CTO John Graham-Cumming recently spoke to IQT News to explain why the company made the aggressive move and to give a shout-out to the team behind it. Below is an edited transcript of that Q&A:

IQT: Cloudflare has been very aggressive about incorporating post-quantum cryptography, although no one seems to know how soon we will need it (Seven years, perhaps?) Why embrace it now?

John Graham-Cumming: Any data encrypted today with algorithms that are vulnerable to quantum algorithms can be collected and stored with the purpose of decrypting it later once a quantum computer is available. The sooner we move to encrypting data with quantum-resistant algorithms, the sooner we can protect that data from tomorrow’s adversaries.

IQT: Cloudflare has a history of making new cryptographic capabilities available for free, as it did the same with Secure Socket Layer years ago. Why are you taking this approach?

JGC: Cloudflare’s mission is to help build a better Internet. One aspect of this mission is raising the baseline level of security for Internet users by eliminating insecure defaults. Strong encryption is no longer computationally expensive, so there’s minimal cost to making it free and turning it on by default. By doing so, we raise the overall level of security and privacy online. It’s the right thing to do.

IQT: The Crystals-Kyber algorithm is core to your PQC capability. There have been some concerns–although widely viewed as misinterpreted–about potential vulnerabilities of Crystals Kyber. What is your level of confidence in the algorithm and NIST standardization efforts overall?

JGC: We have confidence in the mathematics behind Kyber. What researchers recently found was not a problem with the algorithm itself, it was a problem with how it was coded in a specific implementation. We believe the algorithm is secure and that it is possible to implement it securely. NIST’s standardization efforts have attracted the attention of the top cryptographers and cryptanalysts in the world and we have high confidence that their process will result in excellent and trustworthy recommendations for which post-quantum algorithms both industry and governments should adopt.

IQT: Will Cloudflare continue to add other standardized algorithms as they come along as part of a layered approach to quantum security in the years to come?

JGC: There are many aspects to cryptography: key agreement, encryption, digital signatures and more. Cloudflare will continue to contribute to the standardization process for post-quantum solutions for all cryptographic functionalities. We plan on implementing them as needed for our customers during the standardization process, but our long-term goal is to use standardized cryptography everywhere we can.

IQT: Can you tell us more about the team behind your aggressive PQC adoption?

JGC: Cloudflare has a team focused on long-term technology called Cloudflare Research who have championed this effort within the company for over five years, from helping develop and standardize particular algorithms, to testing the integration of PQC into security protocols like TLS, to helping internal teams integrate these new cryptographic algorithms into their products, we’ve been deeply involved. Cloudflare Research has had full support from the executive team to explore this area, and the company has recently scaled up its investment in deploying PQC to ensure that it is fully integrated into all of our products so customers can take advantage of this technology.

We have several cryptographers on staff, but deploying something as complex as replacing all the cryptography in the company takes the effort of almost all of our production engineering teams. It’s a collaborative effort across departments.

IQT: Is Cloudflare pursuing any other quantum-related projects, such as quantum networking or quantum key distribution, for example?

JGC: Cloudflare is not pursuing QKD or other projects that involve running a quantum computer or relying on quantum computing to secure our infrastructure.

Dan O’Shea has covered telecommunications and related topics including semiconductors, sensors, retail systems, digital payments and quantum computing/technology for over 25 years.

Categories: quantum computing

All Artificial intelligence Conference cybersecurity Education Guest article IQT PRO networks photonics Podcast quantum computing research semiconductors sensing software Sponsored women in quantum

Subscribe to Our Email Newsletter

Stay up-to-date on all the latest news from the Quantum Technology industry and receive information and offers from third party vendors.

Quantum Stocks Zone

Quantum Jobs Zone

Post jobs for free. Send your listing(s) to info@3drholdings.com

Executive Director of Quantum-CTat University of ConnecticutDirector of DevTeQ Lab (Sherbrooke, QC)at DistriQPhotonic Jobsat PhotonicIntegrated Photonics Designerat Quix Quantum
0
The 2023 Quantum Technologies Forum was the first panel sponsored by Infleqtion and discussed the challenges for scaling up quantum computing.
Infleqtion Leads a Critical Conversation Addressing the Quantum Scale-Up Challenge in the 2023 Quantum Technologies Forumquantum computing
Quantum News Briefs looks at news in the quantum industry.
Quantum News Briefs April 7: Amazon & DeBeers’ Element Six division”growing’ diamonds to use in quantum networks, Tencent’s backing of Singapore’s Horizon Quantum Computing in $18M round; Zapata Computing earns new patent for technique to unlock value from early fault-tolerant quantum computers + MORE