Post-Quantum Encryption Tracking
Cloudflare Radar now includes comprehensive tools for monitoring post-quantum cryptography adoption. A new Post-Quantum Encryption page visualizes the share of customer origins supporting X25519MLKEM768, derived from daily automated TLS scans. This data is sourced from testing TLS 1.3-compatible origins to measure actual algorithm support capabilities.
New Post-Quantum APIs
Three new endpoints power the post-quantum tracking features:
/post_quantum/tls/support– Tests whether a specific host supports post-quantum TLS key exchange/post_quantum/origin/summary/{dimension}– Returns aggregated origin post-quantum data summarized by key agreement algorithm/post_quantum/origin/timeseries_groups/{dimension}– Provides time-series data grouped by key agreement algorithm
Post-Quantum Host Test Tool
A public-facing diagnostic tool allows developers and security teams to test any publicly accessible website for post-quantum encryption compatibility. Users can enter a hostname and optional port to verify whether the server negotiates a post-quantum key exchange algorithm.
Key Transparency Audit Dashboard
The new Key Transparency section on Radar provides visibility into audit logs for end-to-end encrypted messaging services. The dashboard currently monitors WhatsApp and Facebook Messenger Transport logs, displaying:
- Current audit status
- Last signed epoch and verified epoch timestamps
- Root hash of the Auditable Key Directory tree
This data is also accessible programmatically via the Key Transparency Auditor API, enabling automated monitoring and integration with security workflows.
Getting Started
Both features are now live on radar.cloudflare.com. Visit the Post-Quantum Encryption and Key Transparency pages to explore the data and monitor adoption trends.