Cloudflare Research logo

Research Updates from the Cloudflare Blog

2021-10-15 “Look, Ma, no probes!” — Characterizing CDNs’ latencies with passive measurement

2021-10-15 Multi-User IP Address Detection

We’ve devised novel methods to detect multi-user IP addresses, and today we’re excited to announce their integration into our global threat intelligence products. These will improve the quality of our detection techniques and reduce false positives for our customers, and the clients that visit them.

2021-10-15 Geo Key Manager: Setting up a service for scale

Diagnosing scaling issues in a service associated with TLS termination through a deep dive into some of the incidents it caused.

2021-10-14 Privacy-Preserving Compromised Credential Checking

Announcing a public demo and open-sourced implementation of a privacy-preserving compromised credential checking service

2021-10-14 Unbuckling the narrow waist of IP: Addressing Agility for Names and Web Services

IP addresses associated with names, interfaces, and sockets, can tie these things together in a way that IP was never designed to support. This post describes Cloudflare efforts to decouple of IP addresses from names, the latest in a quest for something we’re calling Addressing Agility.

2021-10-14 Research Directions in Password Security

We've been studying password problems, including malicious logins using compromised credentials. Here's what we learned and here's where we think we can go from here with safer password systems.

2021-10-13 Cloudflare and the IETF

Cloudflare helps build a better Internet through collaboration on open and interoperable standards. This post will describe how Cloudflare contributes to the standardization process to enable incremental innovation and drive long-term architectural change.

2021-10-13 Pairings in CIRCL

Our Go cryptographic library CIRCL announces support for pairing-based cryptography.

2021-10-13 Exported Authenticators: The long road to RFC

Learn more about Exported Authenticators, a new extension to TLS, currently going through the IETF standardisation process.

2021-10-13 Coalescing Connections to Improve Network Privacy and Performance

Real world experiments for evaluating connection coalescing effects.

2021-10-12 Introducing SSL/TLS Recommender

Introducing customized recommendations to improve the security of your website.

2021-10-12 Dynamic Process Isolation: Research by Cloudflare and TU Graz

Cloudflare worked with TU Graz to study the impact of Spectre on Cloudflare Workers and to develop new defenses against it. Today we're publishing a paper about our research.

2021-10-12 Handshake Encryption: Endgame (an ECH update)

What does ECH mean for connection security and privacy on the network? How does it relate to similar technologies and concepts such as domain fronting? In this post, we’ll dig into ECH details and describe what this protocol does to move the needle to help build a better Internet.

2021-10-12 Privacy Pass v3: the new privacy bits

A new version of Privacy Pass for reducing the number of CAPTCHAs.

2021-10-11 Announcing Cloudflare Research Hub

Announcing a new landing page where you can learn more about our research and additional resources.

2021-10-11 Internship Experience: Research Engineer

Over the summer of 2020 I interned at Cloudflare Research. This invaluable experience contributed to Cloudflare’s support of ODoH protocol, and I was awarded the best student paper award at PETS 2021.

2021-10-11 Cloudflare invites visiting researchers

As part of Cloudflare’s effort to build collaborations with academia, we host research focused internships all year long. Interns collaborate cross-functionally in research projects and are encouraged to ship code and write a blog post and a peer-reviewed publication at the end of their internship.

2021-10-10 Cloudflare Research: Two Years In

What Cloudflare Research has been up to for the last two years.

2021-10-01 Announcing The Cloudflare Distributed Web Gateways Private Beta: Unlocking the Web3 Metaverse and Decentralized Finance for Everyone

Cloudflare announces the Private Beta of their Web3 gateways for Ethereum and IPFS. Unlocking the Metaverse, Web3, and Decentralized Finance for every developer.

2021-10-01 Web3 — A vision for a decentralized web

In this blog we start to explain Web3 in the context of the web's evolution, and how Cloudflare might help to support it.

2021-09-30 How Cloudflare provides tools to help keep IPFS users safe

The Cloudflare IPFS module protects users from threats like phishing and ransomware.

2021-08-12 More devices, fewer CAPTCHAs, happier users

Today, we are taking another step in helping to reduce the Internet’s reliance on CAPTCHAs to prove that you are not a robot. We are expanding the reach of our Cryptographic Attestation of Personhood experiment by adding support for a much wider range of devices.

2021-08-12 Introducing Zero-Knowledge Proofs for Private Web Attestation with Cross/Multi-Vendor Hardware

In Cryptographic Attestation of Personhood the server sends a message to the browser that the hardware security signs, demonstrating its authenticity.

2021-07-01 Account Takeover Protection and WAF mitigations to help stop Global Brute Force Campaigns

Today, we are making our Account Takeover Protection capabilities available to all paid plans at no additional charge.

2021-05-13 Humanity wastes about 500 years per day on CAPTCHAs. It’s time to end this madness

An experiment that uses hardware security keys (like a YubiKey) to replace CAPTCHAs completely. The idea is rather simple: if a real human is sitting at their keyboard or uses their phone, they can touch their security key’s button or bring it near their phone to demonstrate that they are human.

2021-01-15 KEMTLS: Post-quantum TLS without signatures

The TLS 1.3 protocol has been around for quite some time, but it will be broken once quantum computers arrive. What can we do? In this blog post, we will examine a technique for achieving full post-quantum security for TLS 1.3 in the face of quantum computers: KEMTLS.

2021-01-13 A Name Resolver for the Distributed Web

At Cloudflare, we have been exploring alternative ways to resolve queries to responses that align with these attributes. We are proud to announce a new resolver for the Distributed Web, where IPFS content indexed by the Ethereum Name Service (ENS) can be accessed.

2020-12-11 Securing the post-quantum world

As quantum computing continues to mature, research and development efforts in cryptography are keeping pace. We’re working with academia and industry peers to help create a new set of cryptography standards that are resilient to attack from quantum computers.

2020-12-08 Good-bye ESNI, hello ECH!

A deep dive into the Encrypted Client Hello, a standard that encrypts privacy-sensitive parameters sent by the client, as part of the TLS handshake.

2020-12-08 OPAQUE: The Best Passwords Never Leave your Device

Imagine passwords for online services that never leave your device, encrypted or otherwise. OPAQUE is a new cryptographic protocol that makes this idea possible, giving you and only you full control of your password.

2020-12-08 Improving DNS Privacy with Oblivious DoH in

Oblivious DoH (ODoH) makes secure DNS over HTTPS (DoH) queries into private queries which prevent the leakage of client IP addresses to resolvers. The new proposed ODoH standard addresses this problem and today we are enabling users to use this protocol with

2020-12-08 Helping build the next generation of privacy-preserving protocols

Today, we’re making several announcements around improving Internet protocols with respect to something important to our customers and Internet users worldwide: privacy.

2020-10-01 NTS is now an RFC

2019-11-01 Delegated Credentials for TLS

2019-10-31 Announcing cfnts: Cloudflare's implementation of NTS in Rust

2019-10-30 The TLS Post-Quantum Experiment

Server-side results from the experiment between Cloudflare and Google to measure the performance of two post-quantum key exchange algorithms in TLS.

2019-10-29 DNS Encryption Explained

Encrypting DNS makes it impossible for snoopers to look into your DNS messages. Just as the web moved from unencrypted HTTP to encrypted HTTPS there are now upgrades to the DNS protocol that encrypt DNS itself.

2019-10-28 Supporting the latest version of the Privacy Pass Protocol

2019-09-18 Cloudflare’s Approach to Research

2019-06-21 Introducing

2019-06-20 The Quantum Menace

The impact of quantum computing on cryptography conducts research and development towards a Post-Quantum era.

2019-06-20 Introducing CIRCL: An Advanced Cryptographic Library

CIRCL is a modern Go cryptographic library by Cloudflare.

2019-06-19 Cloudflare's Ethereum Gateway

2019-03-18 Monsters in the Middleboxes: Introducing Two New Tools for Detecting HTTPS Interception

2018-09-21 Roughtime: Securing Time with Digital Signatures

When you visit a secure website, it offers you a TLS certificate that asserts its identity. Every certificate has an expiration date, and when it’s passed due, it is no longer valid.

2018-09-17 Cloudflare goes InterPlanetary - Introducing Cloudflare’s IPFS Gateway

2018-08-11 A Detailed Look at RFC 8446 (a.k.a. TLS 1.3)

2018-03-23 Introducing Certificate Transparency and Nimbus

2017-12-26 Why TLS 1.3 isn't in browsers yet

The Internet is in the middle of such an upgrade right now. Transport Layer Security (TLS), is getting its first major overhaul with TLS 1.3.

2017-12-14 Inside the infamous Mirai IoT Botnet: A Retrospective Analysis

This post provides an analysis of Mirai, the Internet-of-Things botnet that took down major websites via massive DDoS using 100s of 1000s of IOT devices.

2017-11-09 Privacy Pass - “The Math”

2017-11-09 Cloudflare supports Privacy Pass

2017-09-26 Geo Key Manager: How It Works

Today we announced Geo Key Manager, a feature that gives customers unprecedented control over where their private keys are stored when uploaded to Cloudflare.

2017-07-10 High-reliability OCSP stapling and why it matters