TLS & Browser Security

Your Browser's ML-KEM Support

Loading browser information...

Harvest Now, Decrypt Later

The Silent Threat

Adversaries with sufficient resources are already recording encrypted traffic today. Once cryptographically relevant quantum computers (CRQCs) become available, they will decrypt this stored data using Shor's algorithm to break ECDH/RSA key exchanges.

How the Attack Works

Today
Adversary records encrypted TLS traffic between you and DeFi protocols
Storage
Encrypted data is stored, waiting for quantum computers
Future
CRQC decrypts session keys, exposes all historical data

What Data Is at Risk?

  • API keys and authentication tokens transmitted over TLS
  • Transaction details before they hit the blockchain (MEV opportunity)
  • Private RPC communications with node providers
  • Session data linking wallet addresses to IP addresses and identities

The Solution: ML-KEM Hybrid TLS

ML-KEM (FIPS 203), combined with classical X25519 in a hybrid scheme (X25519MLKEM768), provides forward secrecy against quantum attacks. Even if quantum computers break X25519 in the future, ML-KEM protects the session key.

Connections using X25519MLKEM768 are protected from harvest-now-decrypt-later attacks

DeFi Protocols with ML-KEM TLS

The following DeFi protocols serve their frontends via Cloudflare, which has supported post-quantum TLS (X25519MLKEM768) since October 2022. If your browser supports ML-KEM, connections to these sites are quantum-safe.

ProtocolCategoryTLS StatusLink
MorphoLendingML-KEM via Cloudflare
AaveLendingML-KEM via Cloudflare
UniswapDEXML-KEM via Cloudflare

Note: ML-KEM TLS protects data in transit only. It does not protect on-chain transactions, which require post-quantum signatures (see our Methodology for chain-level PQ readiness).

Resources