In an era where quantum computing advances are accelerating, Cloudflare has taken a significant step toward securing wide-area networks against future threats. The company recently announced that post-quantum encryption for its IPsec service is now generally available, closing a gap that persisted for years between classical cryptography and the emerging need for quantum-resistant protection. This development enables organizations to defend against harvest-now-decrypt-later attacks using their existing hardware from vendors like Fortinet and Cisco. Below, we explore the key aspects of this new capability.
What is Cloudflare IPsec and how does it work?
Cloudflare IPsec is a WAN Network-as-a-Service that replaces traditional network architectures by connecting data centers, branch offices, and cloud VPCs to Cloudflare's global IP Anycast network. It provides simplified configuration, high availability (automatic rerouting if a data center fails), and the scalability of Cloudflare's worldwide network. The service uses encrypted IPsec tunnels to support site-to-site WAN connectivity, outbound Internet connections, and integration with the Cloudflare One SASE platform. By leveraging Cloudflare's infrastructure, organizations can reduce complexity and improve performance while maintaining strong security.
What is post-quantum encryption in IPsec and why is it important?
Post-quantum encryption in IPsec uses hybrid ML-KEM (FIPS 203) to protect against harvest-now-decrypt-later attacks. In such attacks, adversaries capture encrypted data today and store it, intending to decrypt it later once powerful quantum computers become available (Q-Day). As quantum computing advances faster than anticipated, these attacks become a growing concern for organizations. Cloudflare's implementation combines the proven security of classical Diffie-Hellman with the quantum-resistant properties of ML-KEM, ensuring that even if quantum computers break current cryptography, the encrypted data remains safe.
How does ML-KEM provide post-quantum security?
ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) is a post-quantum cryptographic algorithm based on mathematical problems that are believed to be hard for both classical and quantum computers to solve. Unlike some quantum-resistant methods that require specialized hardware, ML-KEM is designed to run efficiently in software on standard processors. It does not need dedicated physical links between sender and receiver. The algorithm is implemented as a hybrid scheme alongside classical Diffie-Hellman, offering backward compatibility and a smooth transition to post-quantum security. This approach allows organizations to deploy it without major infrastructure changes.
What are harvest-now-decrypt-later attacks and who should worry?
Harvest-now-decrypt-later attacks involve adversaries collecting encrypted data today with the intention of decrypting it after quantum computers become capable of breaking current public-key cryptography (referred to as Q-Day). Any organization that transmits sensitive data—such as financial records, intellectual property, or personal information—over long-term channels is at risk. This includes enterprises, government agencies, and service providers. With quantum computing progress accelerating, the window to protect data is shrinking. Cloudflare's post-quantum IPsec encryption directly addresses this threat by ensuring that even if data is harvested now, it cannot be decrypted later.
Does Cloudflare's post-quantum IPsec work with existing hardware from other vendors?
Yes. Cloudflare has successfully tested interoperability with branch connectors from Fortinet and Cisco using the new IETF draft for hybrid ML-KEM. This means organizations can start protecting their wide-area networks against quantum threats today using hardware they already own. The testing validates that the standard works at Internet scale and can be adopted without requiring specialized equipment. This interoperability is crucial for enterprises that rely on multi-vendor environments, allowing them to implement post-quantum security gradually across their network infrastructure.
Why did it take four years longer for IPsec to get post-quantum encryption compared to TLS?
The delay arose because the IPsec community faced unique challenges. Unlike TLS, which is widely used in browsers and web servers, IPsec involves a diverse ecosystem of specialized hardware, network appliances, and varied interoperability requirements. Achieving a consensus on a standard that works at Internet scale while accommodating niche hardware constraints took time. The new hybrid ML-KEM approach finally bridges this gap, providing a uniform method that integrates with existing IPsec implementations. Cloudflare's earlier work on post-quantum TLS laid the groundwork, but IPsec required additional coordination across vendors and standards bodies to finalize a practical solution.