CryptographyProtocols
All Focus Areas
Driving innovation across five key areas to create a faster, safer, more private, reliable, and measurable Internet.
Filter by:
blog
July 8, 2026
Introducing Meerkat: an experiment in global consensus
blog
June 18, 2026
Build your own vulnerability harness
blog
April 21, 2026
Moving past bots vs. humans
blog
April 17, 2026
Unweight: how we compressed an LLM 22% without sacrificing quality
publication
2026
Unweight: Lossless MLP Weight Compression for LLM Inference
Machine LearningCompressionGPU Systems
blog
April 2, 2026
Why we're rethinking cache for the AI era
Workload AnalysisStorage
AISimilarity
publication
2025
Rhizomes and the Roots of Efficiency — Improving Prio
CryptographyPrivacy
publication
2025
Auditing Key Transparency
Privacy
publication
2025
Hybrid Obfuscated Key Exchange and KEMs
CryptographyPost-QuantumProtocols
publication
2025
RFC 9814: Use of the SLH-DSA Signature Algorithm in the Cryptographic Message Syntax (CMS)
CryptographyProtocols
publication
2025
RFC 9881: Algorithm Identifiers for Module-Lattice-Based Digital Signature Algorithm (ML-DSA)
CryptographyProtocols
CryptographyPrivacy
publication
2025
Valet: Efficient Data Placement on Modern SSDs
Storage
publication
2025
Efficient intrusion detection via heterogeneous graph attention networks and parallel provenance analysis
SecurityAIStorage
publication
2025
Rethinking Web Cache Design for the AI Era
AIStorage
blog
October 30, 2025
Beyond IP lists: a registry format for bots and agents
blog
October 29, 2025
Measuring characteristics of TCP connections at Internet scale
blog
October 29, 2025
One IP address, many users: detecting CGNAT to reduce collateral effects
blog
October 29, 2025
How to build your own VPN, or: the history of WARP
blog
October 29, 2025
Defending QUIC from acknowledgement-based DDoS attacks
blog
October 29, 2025
So long, and thanks for all the fish: how to escape the Linux networking stack
blog
October 28, 2025
Keeping the Internet fast and secure: introducing Merkle Tree Certificates
blog
October 28, 2025
State of the post-quantum Internet in 2025
blog
October 28, 2025
A framework for measuring Internet resilience
blog
October 27, 2025
The tricky science of Internet measurement
blog
October 27, 2025
How does Cloudflare’s Speed Test really work?
blog
October 27, 2025
Data at Cloudflare scale: some insights on measurement for 1,111 interns
blog
October 27, 2025
Making the Internet observable: the evolution of Cloudflare Radar
blog
October 16, 2025
Improving the trustworthiness of Javascript on the Web
blog
September 19, 2025
You don’t need quantum hardware for post-quantum security
blog
May 15, 2025
Forget IPs: using cryptography to verify bot and agent traffic
blog
March 21, 2025
Prepping for post-quantum: a beginner’s guide to lattice cryptography
blog
March 20, 2025
HTTPS-only for Cloudflare APIs: shutting the door on cleartext traffic
blog
March 19, 2025
An early look at cryptographic watermarks for AI-generated content
publication
2024
X-Wing: The Hybrid KEM You've Been Looking For
CryptographyProtocols
publication
2024
RFC 9578: Privacy Pass Issuance Protocols
CryptographyProtocols
publication
2024
RFC 9576: The Privacy Pass Architecture
PrivacyCryptographyProtocols
Workload AnalysisStorage
publication
2024
Private SCT Auditing, Revisted
Security
publication
2024
PreSight: A Vision for an Instantaneous Web
Distributed SystemsMachine Learning
Distributed SystemsSecurityMeasurementFormal Verification
publication
2024
RFC 9577: The Privacy Pass HTTP Authentication Scheme
PrivacyCryptographyProtocols
Storage
blog
December 26, 2024
Sometimes I cache: implementing lock-free probabilistic caching
blog
November 7, 2024
A look at the latest post-quantum signature standardization candidates
blog
September 25, 2024
Introducing Speed Brain: helping web pages load 45% faster
blog
September 5, 2024
A global assessment of third-party connection tampering
blog
September 5, 2024
Bringing insights into TCP resets and timeouts to Cloudflare Radar
blog
August 20, 2024
NIST’s first post-quantum standards
blog
March 8, 2024
Harnessing chaos in Cloudflare offices
blog
March 5, 2024
The state of the post-quantum Internet
blog
January 4, 2024
Privacy Pass: upgrading to the latest protocol version
CryptographyProtocols
publication
2023
Verifiable Distributed Aggregation Functions
PrivacyProtocolsCryptography
publication
2023
Security Analysis of Signature Schemes with Key Blinding
CryptographyProtocols
Workload AnalysisStorage
publication
2023
RFC 9380: Hashing to Elliptic Curves
CryptographyProtocols
AuthenticationSecurityPrivacy
publication
2023
Portunus: Re-imagining access control in distributed systems
Distributed SystemsCryptography
publication
2023
Portunus: Re-imagining access control in distributed systems using attribute-based encryption
Distributed SystemsCryptography
CryptographyProtocols
CryptographySecurity
publication
2023
Global, Passive Detection of Connection Tampering
Measurement
PrivacySecurityProtocols
blog
December 22, 2023
Have your data and hide it too: an introduction to differential privacy
blog
September 29, 2023
Post-quantum cryptography goes GA
blog
September 29, 2023
Encrypted Client Hello - the last puzzle piece to privacy
blog
September 29, 2023
Privacy-preserving measurement and machine learning
blog
September 29, 2023
Cloudflare now uses post-quantum cryptography to talk to your origin server
blog
September 4, 2023
Connection coalescing with ORIGIN Frames: fewer DNS queries, fewer connections
blog
March 16, 2023
No, AI did not break post-quantum cryptography
blog
January 27, 2023
Inside Geo Key Manager v2: re-imagining access control for distributed systems
publication
2022
This is not the padding you are looking for! On the ineffectiveness of QUIC PADDING against website fingerprinting
CryptographySecurity
publication
2022
RFC 9180: Hybrid Public Key Encryption
CryptographyProtocols
SecurityPrivacyProtocols
CryptographySecurityProtocols
publication
2022
Gossamer: Securely Measuring Password-based Logins
AuthenticationSecurityPrivacy
Cryptography
publication
2022
Standardizing MPC for Privacy Preserving Measurement
PrivacyCryptography
SecurityPrivacyProtocols
publication
2022
RFC 9230: Oblivious DNS over HTTPS
SecurityPrivacyProtocols
AuthenticationSecurityPrivacy
publication
2022
RFC 9149: TLS Ticket Requests
SecurityProtocols
Measurement
publication
2022
The Decoupling Principle: A Practical Privacy Framework
PrivacySecurity
PrivacyMeasurement
publication
2022
RFC 9261: Exported Authenticators in TLS
SecurityProtocols
publication
2022
RFC 9292: Binary Representation of HTTP Messages
ProtocolsApplications
publication
2022
A Fast and Simple Partially Oblivious PRF, with Applications
Cryptography
Privacy
blog
October 27, 2022
Stronger than a promise: proving Oblivious HTTP privacy properties
blog
October 3, 2022
Defending against future threats: Cloudflare goes post-quantum
blog
October 3, 2022
Introducing post-quantum Cloudflare Tunnel
blog
August 25, 2022
Deep dives & how the Internet works
blog
August 4, 2022
Experiment with post-quantum cryptography today
blog
July 8, 2022
NIST’s pleasant post-quantum surprise
blog
June 28, 2022
Hertzbleed explained
blog
May 16, 2022
Proof of Stake and our next experiments in web3
blog
May 16, 2022
Serving Cloudflare Pages sites to the IPFS network
blog
May 16, 2022
Gaining visibility in IPFS systems
blog
April 15, 2022
Breaking down broadband nutrition labels
blog
March 31, 2022
Future-proofing SaltStack
blog
March 20, 2022
Unlocking QUIC’s proxying potential with MASQUE
blog
March 19, 2022
A Primer on Proxies
blog
March 8, 2022
Announcing experimental DDR in 1.1.1.1
blog
February 25, 2022
The post-quantum future: challenges and opportunities
blog
February 25, 2022
Post-quantumify internal services: Logfwrdr, Tunnel, and gokeyless
blog
February 24, 2022
HPKE: Standardizing public-key encryption (finally!)
blog
February 24, 2022
Building Confidence in Cryptographic Protocols
blog
February 24, 2022
Using EasyCrypt and Jasmin for post-quantum verification
blog
February 23, 2022
Making protocols post-quantum
blog
February 22, 2022
Deep dive into a post-quantum key encapsulation algorithm
blog
February 22, 2022
Deep dive into a post-quantum signature scheme
blog
February 21, 2022
The post-quantum state: a taxonomy of challenges
blog
February 21, 2022
The quantum solace and spectre
Cryptography
publication
2021
Implementing and measuring KEMTLS
CryptographyMeasurement
publication
2021
Post-quantum TLS without handshake signatures
Cryptography
publication
2021
The Ties that un-Bind: Decoupling IP from web services and sockets for robust addressing agility at CDN-scale
SecurityMeasurement
publication
2021
ZKAttest: Ring and Group Signatures for Existing ECDSA Keys
Cryptography
Distributed Systems
PrivacyMeasurement
blog
November 8, 2021
Sizing Up Post-Quantum Signatures
blog
October 18, 2021
Tunnel: Cloudflare’s Newest Homeowner
blog
October 15, 2021
“Look, Ma, no probes!” — Characterizing CDNs’ latencies with passive measurement
blog
October 15, 2021
Multi-User IP Address Detection
blog
October 15, 2021
Geo Key Manager: Setting up a service for scale
blog
October 14, 2021
Privacy-Preserving Compromised Credential Checking
blog
October 14, 2021
Unbuckling the narrow waist of IP: Addressing Agility for Names and Web Services
blog
October 14, 2021
Research Directions in Password Security
blog
October 13, 2021
Cloudflare and the IETF
blog
October 13, 2021
Pairings in CIRCL
blog
October 13, 2021
Exported Authenticators: The long road to RFC
blog
October 13, 2021
Coalescing Connections to Improve Network Privacy and Performance
blog
October 12, 2021
Introducing SSL/TLS Recommender
blog
October 12, 2021
Dynamic Process Isolation: Research by Cloudflare and TU Graz
blog
October 12, 2021
Handshake Encryption: Endgame (an ECH update)
blog
October 12, 2021
Privacy Pass v3: the new privacy bits
blog
October 11, 2021
Announcing Cloudflare Research Hub
blog
October 11, 2021
Cloudflare invites visiting researchers
blog
October 10, 2021
Cloudflare Research: Two Years In
blog
October 1, 2021
Web3 — A vision for a decentralized web
blog
September 29, 2021
How Cloudflare provides tools to help keep IPFS users safe
blog
August 12, 2021
More devices, fewer CAPTCHAs, happier users
blog
January 13, 2021
A Name Resolver for the Distributed Web
publication
2020
RFC 8937: Randomness Improvements for Security Protocols
CryptographySecurityProtocols
Cryptography
publication
2020
RFC 8922: A Survey of the Interaction between Security Protocols and Transport Services
SecurityProtocols
blog
December 11, 2020
Securing the post-quantum world
blog
December 8, 2020
Helping build the next generation of privacy-preserving protocols
blog
December 8, 2020
Improving DNS Privacy with Oblivious DoH in 1.1.1.1
blog
December 8, 2020
Good-bye ESNI, hello ECH!
blog
October 1, 2020
NTS is now an RFC
publication
2019
RPKI is coming of age: A longitudinal study of RPKI deployment and invalid route origins
MeasurementSecurity
publication
2019
Strong post-compromise secure proxy re-encryption
Cryptography
publication
2019
Measuring TLS key exchange with post-quantum KEM
CryptographySecurityMeasurement
publication
2019
Protocols for checking compromised credentials
PrivacyCryptography
publication
2019
RFC 8586: Loop Detection in Content Delivery Networks (CDNs)
MeasurementProtocols
Security
blog
November 1, 2019
Delegated Credentials for TLS
blog
October 31, 2019
Announcing cfnts: Cloudflare's implementation of NTS in Rust
blog
October 30, 2019
The TLS Post-Quantum Experiment
blog
October 29, 2019
DNS Encryption Explained
blog
September 18, 2019
Cloudflare’s Approach to Research
blog
June 20, 2019
The Quantum Menace
blog
June 20, 2019
Introducing CIRCL: An Advanced Cryptographic Library
blog
June 19, 2019
Cloudflare's Ethereum Gateway
publication
2018
Is the web ready for OSCP must-staple?
MeasurementSecurity
publication
2018
Privacy Pass: Bypassing Internet Challenges Anonymously
PrivacyAuthenticationCryptography
publication
2018
nQUIC: Noise-based QUIC packet protection
SecurityCryptography
publication
2018
403 Forbidden: A Global View of CDN Geoblocking
Measurement
publication
2018
Geo Key Manager
CryptographyProtocols
CryptographyMeasurementSecurity
blog
September 21, 2018
Roughtime: Securing Time with Digital Signatures
blog
August 10, 2018
A Detailed Look at RFC 8446 (a.k.a. TLS 1.3)
blog
March 23, 2018
Introducing Certificate Transparency and Nimbus
publication
2017
Understanding the mirai botnet
MalwareMeasurement
publication
2017
The Security Impact of HTTPS Interception
SecurityMeasurement
blog
December 26, 2017
Why TLS 1.3 isn't in browsers yet
blog
November 9, 2017
Cloudflare supports Privacy Pass
blog
September 26, 2017
Geo Key Manager: How It Works
blog
July 10, 2017
High-reliability OCSP stapling and why it matters
publication
2016
Attacking White-Box AES Constructions
Cryptography
publication
2015
An analysis of TLS handshake proxying
CryptographyAuthentication