Cloudflare Enhances Post-Quantum Security and Routing Insights

Cloudflare has introduced several new security-related data sets and tools on its Radar platform, providing developers with enhanced insights into post-quantum security and routing security. Key updates include:

• Post-Quantum Monitoring: Cloudflare now monitors post-quantum connections on both client and origin-facing connections, providing a more comprehensive view of post-quantum adoption.
• Key Transparency: A new section on Radar provides a public dashboard showing the real-time verification status of Key Transparency Logs for end-to-end encrypted messaging services like WhatsApp.
• Origin Post-Quantum Support: Cloudflare has added a new graph on Radar illustrating the share of customer origins supporting X25519MLKEM768, a hybrid key exchange algorithm combining classical X25519 with ML-KEM, a lattice-based post-quantum scheme standardized by NIST.

Practical Implications for Developers

These updates provide developers with valuable insights into post-quantum adoption and can help inform their security strategies. Key takeaways include:

• Post-quantum readiness: Approximately 10% of origins could benefit from a post-quantum-preferred key agreement today, representing a significant jump from less than 1% at the start of 2025.
• Industry migration: The industry's migration to post-quantum cryptographyRAM is expected to continue, with many server-side TLS libraries enabling hybrid post-quantum key exchange by default.
• Testing and validation: Cloudflare's Radar API provides access to origin readiness data, allowing developers to independently validate post-quantum support and prepare for the transition to quantum-resistant security.