At Fastly, we are committed to staying ahead of emerging security threats and providing our customers with the most robust encryption available. Today, we are excited to announce our support for Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) a post-quantum cryptography (PQC) algorithm designed to withstand attacks from both classical and quantum computers.
Starting April 2025, we will be rolling out ML-KEM support across our global CDN fleet, ensuring that our customers benefit from quantum-safe encryption without compromising performance or reliability.
The Need for Post-Quantum Security
Traditional encryption protocols, such as RSA (Rivest–Shamir–Adleman) and ECC (Elliptic Curve Cryptography), rely on mathematical problems that are extremely difficult for classical computers to solve. However, the advent of quantum computing poses a significant threat to these algorithms. Shor’s algorithm, when executed on a sufficiently powerful quantum computer, could break RSA-2048 in a matter of hours, potentially exposing encrypted data and undermining the foundation of internet security.
To address this risk, the National Institute of Standards and Technology (NIST) has been leading the development of quantum-resistant cryptographic algorithms. ML-KEM, previously known as Kyber, was selected as the standard for post-quantum key encapsulation due to its strong security guarantees, efficient performance, and resilience against quantum attacks.
How ML-KEM Benefits Our Customers
With ML-KEM integrated into our services, customers will experience future-proof security. While it is predicted that quantum computing is at least five years away for most of us, that does not mean that network traffic today cannot be stored for future decryption. This is known as: harvest now, decrypt later. ML-KEM will protect against classical computer and quantum-based attacks, ensuring the long-term confidentiality of sensitive data.
Customers using TLS v1.3 will automatically benefit from post-quantum key exchange with no required action. Connecting clients that support ML-KEM will use it to establish the TLS connection, those clients that do not support ML-KEM will make their TLS connections just as they do today. In our testing, about 5% of the TLS v1.3 clients connected to one of our servers using ML-KEM. We expect usage to significantly increase as we deploy to the rest of our fleet.
ML-KEM helps organizations meet upcoming post-quantum cryptography compliance requirements set by governments and regulatory bodies while still remaining backward compatible with existing TLS implementations.
We are proud to help our customers in the critical transition to post-quantum cryptography, ensuring that they remain protected against evolving security threats and securing the future of the internet.
