Quantum computing can be baffling, but one effect of this evolving technology is pretty easy to grasp: It threatens to blow up the encryption that protects internet communications and lets you do things like shop online without thieves stealing your credit card number. Now internet infrastructure company Cloudflare has joined an effort to come up with new “post-quantum” algorithms that’ll extend today’s security protections.
Cloudflare has begun testing new encryption technology in partnership with Google Chrome to try to figure out what’s most practical in the real world. And it’s released an open-source software package called CIRCL — the Cloudflare Interoperable Reusable Cryptographic Library — to let it and anyone else evaluate post-quantum encryption progress.
The moves don’t fix internet encryption. But they do lay a foundation for a world where critical ideas like privacy and e-commerce don’t become obsolete in the digital realm. The good news is that, although developing post-quantum encryption isn’t easy, it’s also not impossible.
Cloudflare is trying to quantum-proof TLS, the encryption technology formerly called SSL that’s used to secure connections between your web browser and the server hosting a website like Gmail, Amazon or DuckDuckGo so someone snooping network traffic can’t see your sensitive data.
“We hope that this experiment helps choose an algorithm with the best characteristics for the future of the internet,” Cloudflare cryptography developer Kris Kwiatkowski said in a blog post.
A decades-old idea called Shor’s algorithm has proved that quantum computers, once they grow out of today’s nascent stage and become sufficiently powerful, can crack today’s encryption methods. The US National Institute of Standards and Technology is spearheading an effort to come up with a replacement algorithm that’s fast and future-proof.
Google’s Chrome team has studied post-quantum security for years. That work has helped to narrow down some choices.
Cloudflare offers services like caching data to speed up its clients’ websites, helping clients with streaming video and protecting websites from denial-of-service attacks that can bring down websites with a flood of network traffic.