Private Focus Area | Cloudflare Research

publication

2025

Rhizomes and the Roots of Efficiency — Improving Prio

Armando Faz Hernandez

cryptographyprivacy

publication

2025

Auditing Key Transparency

Mari Galicer, Kevin Lewi, Thibault Meunier

privacy

publication

2025

Mastic: Private Weighted Heavy-Hitters and Attribute-Based Metrics

Dimitris Mouris, Christopher Patton, Hannah Davis, Nektarios Georgios Tsoutsos

cryptographyprivacy

blog

2025

Beyond IP lists: a registry format for bots and agents

privacybots

blog

2025

Anonymous credentials: rate-limiting bots and agents without compromising privacy

privacycryptography

blog

2025

How to build your own VPN, or: the history of WARP

VPNprivacy

blog

2025

Keeping the Internet fast and secure: introducing Merkle Tree Certificates

cryptographyprivacy

blog

2025

State of the post-quantum Internet in 2025

post-quantumcryptography

blog

2025

You don’t need quantum hardware for post-quantum security

post-quantumcryptography

blog

2025

Message Signatures are now part of our Verified Bots Program, simplifying bot authentication

cryptographybots

blog

2025

Orange Me2eets: We made an end-to-end encrypted video calling app and it was easy

encryptionprivacy

blog

2025

Prepping for post-quantum: a beginner’s guide to lattice cryptography

cryptographypost-quantum

blog

2025

An early look at cryptographic watermarks for AI-generated content

cryptographyAI

blog

2025

Conventional cryptography is under threat. Upgrade to post-quantum cryptography with Cloudflare Zero Trust

post-quantumzero-trust

publication

2024

RFC 9578: Privacy Pass Issuance Protocols

Alex Davidson, Steven Valdez, Christopher Wood

cryptographyprotocols

publication

2024

RFC 9576: The Privacy Pass Architecture

Alex Davidson, Jana Iyengar, Christopher Wood

privacycryptographyprotocols

publication

2024

Private SCT Auditing, Revisted

lena-heimberger, Christopher Patton, Bas Westerbaan

security

publication

2024

RFC 9577: The Privacy Pass HTTP Authentication Scheme

Tommy Pauly, Steven Valdez, Christopher Wood

privacycryptographyprotocols

blog

2024

A look at the latest post-quantum signature standardization candidates

post-quantumcryptography

blog

2024

Cloudflare helps verify the security of end-to-end encrypted messages by auditing key transparency for WhatsApp

cryptographytransparency

blog

2024

NIST’s first post-quantum standards

post-quantumstandards

blog

2024

Harnessing chaos in Cloudflare offices

cryptographyrandomness

blog

2024

The state of the post-quantum Internet

post-quantumcryptography

blog

2024

Privacy Pass: upgrading to the latest protocol version

privacystandards

publication

2023

RFC 9497: Oblivious Pseudorandom Functions (OPRFs) Using Prime-Order Groups

Alex Davidson, Armando Faz Hernandez, Nick Sullivan, Christopher Wood

cryptographyprotocols

publication

2023

Verifiable Distributed Aggregation Functions

Hannah Davis, Christopher Patton, mike-rosulek, Phillipp Schoppmann

privacyprotocolscryptography

publication

2023

Post-Quantum Privacy Pass via Post-Quantum Anonymous Credentials

vamsi-policharla, Bas Westerbaan, Armando Faz Hernandez, Christopher Wood

cryptographyprotocols

publication

2023

Evaluating practical QUIC website fingerprinting defenses for the masses

Sandra Siby, Ludovic Barman, Christopher Wood, Marwan Fayed, Nick Sullivan, Carmela Troncoso

cryptographysecurity

blog

2023

Have your data and hide it too: an introduction to differential privacy

privacydifferential-privacy

blog

2023

Post-quantum cryptography goes GA

post-quantumcryptography

blog

2023

Encrypted Client Hello - the last puzzle piece to privacy

privacyencryption

blog

2023

Privacy-preserving measurement and machine learning

privacymeasurement

blog

2023

Cloudflare now uses post-quantum cryptography to talk to your origin server

post-quantumcryptography

blog

2023

No, AI did not break post-quantum cryptography

post-quantumcryptography

blog

2023

Post-quantum crypto should be free, so we’re including it for free, forever

post-quantumcryptography

publication

2022

This is not the padding you are looking for! On the ineffectiveness of QUIC PADDING against website fingerprinting

Ludovic Barman, Sandra Siby, Christopher Wood, Marwan Fayed, Nick Sullivan, Carmela Troncoso

cryptographysecurity

publication

2022

RFC 9258: Importing External Pre-Shared Keys (PSKs) for TLS 1.3

David Benjamin, Christopher Wood

securityprivacyprotocols

publication

2022

A Symbolic Analysis of Privacy for TLS 1.3 with Encrypted Client Hello

Karthikeyan Bhargavan, Vincent Cheval, Christopher Wood

cryptographysecurityprotocols

publication

2022

Standardizing MPC for Privacy Preserving Measurement

Tim Geoghegan, Christopher Patton, Eric Rescorla, Christopher Wood

privacycryptography

publication

2022

RFC 9230: Oblivious DNS over HTTPS

Eric Kinnear, Patrick McManus, Tommy Pauly, Tanya Verma, Christopher Wood

securityprivacyprotocols

publication

2022

The Decoupling Principle: A Practical Privacy Framework

Paul Schmitt, Jana Iyengar, Christopher Wood, Barath Raghavan

privacysecurity

publication

2022

A Fast and Simple Partially Oblivious PRF, with Applications

Nirvan Tyagi, thomas-ristenpart, Nick Sullivan, Stefano Tessaro, Christopher Wood

cryptography

blog

2022

Stronger than a promise: proving Oblivious HTTP privacy properties

privacycryptography

blog

2022

Defending against future threats: Cloudflare goes post-quantum

post-quantumcryptography

blog

2022

Introducing post-quantum Cloudflare Tunnel

post-quantumcryptography

blog

2022

Experiment with post-quantum cryptography today

post-quantumcryptography

blog

2022

NIST’s pleasant post-quantum surprise

post-quantumstandards

blog

2022

Announcing experimental DDR in 1.1.1.1

privacyDNS

blog

2022

The post-quantum future: challenges and opportunities

post-quantumcryptography

blog

2022

Post-quantumify internal services: Logfwrdr, Tunnel, and gokeyless

post-quantumcryptography

blog

2022

HPKE: Standardizing public-key encryption (finally!)

cryptographyencryption

blog

2022

Building Confidence in Cryptographic Protocols

post-quantumcryptography

blog

2022

Using EasyCrypt and Jasmin for post-quantum verification

post-quantumcryptography

blog

2022

Making protocols post-quantum

post-quantumprotocols

blog

2022

Deep dive into a post-quantum key encapsulation algorithm

post-quantumcryptography

blog

2022

Deep dive into a post-quantum signature scheme

post-quantumcryptography

blog

2022

The post-quantum state: a taxonomy of challenges

post-quantumcryptography

blog

2022

The quantum solace and spectre

post-quantumcryptography

publication

2021

Round-optimal verifiable oblivious pseudorandom functions from ideal lattices

Martin Albrecht, Alex Davidson, Amit Deo

cryptography

publication

2021

ZKAttest: Ring and Group Signatures for Existing ECDSA Keys

Armando Faz Hernandez, Watson Ladd, deepak-maram

cryptography

publication

2021

Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS

sudheesh-singanamalla, Suphanat "Pop" Chunhapanya, Jonathan Hoyland, Tanya Verma, Peter Wu, Marwan Fayed, Kurtis Heimerl, Nick Sullivan, Christopher Wood

privacymeasurement

blog

2021

Sizing Up Post-Quantum Signatures

post-quantumcryptography

blog

2021

Privacy-Preserving Compromised Credential Checking

privacysecurity

blog

2021

Pairings in CIRCL

cryptography

blog

2021

Handshake Encryption: Endgame (an ECH update)

privacyencryption

blog

2021

Privacy Pass v3: the new privacy bits

privacy

publication

2018

Privacy Pass: Bypassing Internet Challenges Anonymously

Alex Davidson, Ian Goldberg, Nick Sullivan, George Tankersley, Filippo Valsorda

privacyauthenticationcryptography