Education
How Cloudflare Delivers Free End-to-End Encryption at Scale

While security features are expensive for most companies, Cloudflare does things a little differently. Their newest open-source project, Orange Meets, is a perfect example of how enterprise-grade end-to-end encryption can be democratized. This video call product uses up-to-date cryptographic protocols and verification techniques to provide enterprise-grade encryption technology across all platforms, without the difficulty that more security products pose for developers and secure communications experts alike.
NSA Suite B encryption, established by the National Security Agency (NSA), provides an encryption suite for protecting both classified and unclassified national security systems and information, applying advanced security measures. Cloudflare’s design leverages these trusted standards and proposes a novel method for managing group keys and client-side encryption.
Cloudflare’s Security-First Philosophy
Cloudflare’s mission to democratize security goes well beyond just DDoS protection. Using the latest in cryptographic research, the company is committed to developing the best-in-class security that is also accessible to businesses of any size. This mindset extends to their end-to-end encryption strategy, where they value transparency, open-source collaboration, and stringent security protocols.
Millions of websites around the world already rely on the company’s defenses, which handle more than 57 million HTTP requests every second. This scale has bestowed them a singular perspective on the real security issues faced in reality, which inspired their work on solutions such as Orange Meets.
Orange Meets: A Technical Showcase in Action
When Orange Meets Orange Meets isn’t just another video calling app, it is actually a proof of concept of how modern end-to-end encryption can be deployed en masse. In comparison to traditional video conferencing solutions, which use server-side encryption, Orange Meets will encrypt all your sensitive information every step of the way.
Originally part of Cloudflare’s broader Realtime project (previously known as Cloudflare Calls), the platform was created to illustrate the tangible aspects of their security research. By open-sourcing this project, Cloudflare makes it possible for security professionals and developers to gain insight into the methodology, tweak, and apply these techniques to their projects.
Key features of Orange Meets include:
- Client-side encryption: All encryption and decryption occur on user devices, never on Cloudflare’s servers
- Dynamic group management: Seamless handling of participants joining and leaving calls
- Cryptographic verification: Built-in safety mechanisms to prevent man-in-the-middle attacks
- Open-source transparency: Full source code availability for security audits and customization
Understanding Messaging Layer Security (MLS)
Orange Meets is built with the groundbreaking secure group communication protocol, Messaging Layer Security (MLS), as its core. In contrast to the classical point-to-point encryption, MLS supports group key exchange among multiple participants in a secure way.
MLS serves several important security assurances:
- Forward Secrecy: If an adversary is currently recording all your encrypted traffic, and they break your encryption at some point in the future, they shouldn’t be able to go back and decrypt the previously recorded traffic. Every message implements discrete keys that are destroyed once used.
- Post-Compromise Security: Even if an adversary compromises a participant’s device, the protocol can heal the compromised device by expiring it out of the group and achieve security in future sessions.
- Scalability: The traditional group encryption schemes suffer the exponential complexity as the number of participants grows. MLS provides consistent performance from 2 to 200 participants.
The protocol accomplishes this by using advanced key derivation trees and a never-ending rotation of keys. Each message automatically modifies the group’s cryptographic state in subtle ways, meaning that leaked keys are rapidly rendered ineffectual to snoopers.
Client-Side Encryption with WebRTC
Orange Meets is client-side encryption, using WebRTC (Web Real-Time Communication) powered technology. This method ensures that Cloudflare’s servers never need to receive unencrypted audio or video data; all they do is shuttle encrypted packets between participants.
There are some benefits to using WebRTC for secure communications:
- Browser-Native Security: Modern browsers implement encrypted WebRTC, which means that all traffic is encrypted, and the use of firewalls becomes more secure.
- Peer-to-Peer Potential: Although Orange Meets is Cloudflare’s exploitation of an SFU for scalability, WebRTC can go directly, peer-to-peer, for better privacy.
- Real-Time Performance: The protocol is engineered for near-instant connectivity, so that the security doesn’t come at the cost of poor or delayed call quality.
The implementation process works as follows:
- Key Generation: Each participant generates unique encryption keys locally
- Group Key Exchange: The MLS protocol securely distributes keys to all participants
- Media Encryption: All audio and video streams are encrypted before transmission
- Selective Forwarding: Cloudflare’s SFU routes encrypted packets without decryption
- Client-Side Decryption: Only the intended recipients can decrypt and view content
The Designated Committer Algorithm
One of the cool things we do at Orange Meets is called the Designated Committer Algorithm, which addresses a pretty complex issue in group communications: how can you add and remove participants to/from a call without allowing anyone to compromise the security of the entire group?
Conventional group encryption falls into serious trouble when group membership changes. Adding or removing users in such systems generally involves re-keying and re-distributing keys to all remaining participants – a task increasingly difficult and insecure as the group size increases.
The Designated Committer Algorithm solves this issue beautifully, doing the following:
- Automatic Role Assignment: The protocol automatically appointed one of the members as the “designated committer” by the group’s Crypto State at that moment.
- Seamless Transitions: As the current committer logs out of the call, the algorithm seamlessly selects a new committer with no pauses or breaks in the conversation.
- Distributed Trust: No one participant is in control of the group’s security. Not only is the party that becomes the security provider elected automatically by mathematical rules, and not by administrative needs.
- Resilient Recovery: If the designated committer’s signing device breaks or is compromised, the algorithm is able to get back on its feet soon after by appointing a new committer and recalculating needed keys.
This approach prevents the threat of security holes, introduced by users’ group membership changes or by the need for administrators to manually adjust memberships.
Safety Number Verification
Orange Meets added a “safety number” system to give users another layer of security checks. This operation is a safeguard against complicated attacks in which rogue servers can replace bona fide encryption keys with ones that are compromised.
Each video conference has its safety number, which is used to verify the state of the entire conference with the safety number of the previous one. This number changes whenever:
- New participants join the call
- Participants leave the call
- The group’s encryption keys are updated
- The designated committer role transfers
Recipients can check the safety number via an out-of-band method (like a phone call, a text message, or an in-person conversation) to confirm that they are speaking to the intended people and not an impostor. If the safety numbers don’t line up, it could be a sign of a possible security issue.
And even though this verification procedure may seem complicated, it is a valuable defense mechanism against sophisticated attacks. For organizations that deal with sensitive communications, they must set a process for validation of a safety number, especially in high-security conversations.
There are many new types of security threats, other than traditional types of malware, that target certain types of executable files, for example, files with an ‘exe’ extension. An infector virus is a type of computer virus that loads itself into memory by .exe and .dll. And these are the risks that make security so very necessary: Security that the best technology can offer, not least the comprehensive, end-to-end encryption of communications, alongside protection at the endpoint.
Formal Mathematical Verification with TLA+
To help us reason about the Designated Committer Algorithm (DCA) under all possible environments in which CDs might execute, Cloudflare conducted a formal, mathematical verification of the DCA in TLA+ (Temporal Logic of Actions). This specification language permits a formal analysis of concurrent systems and distributed algorithms of a mathematical nature.
TLA+ verification provides several critical benefits:
- Exhaustive Testing: The system can verify that the algorithm behaves correctly under all possible sequences of events, including edge cases that might be missed in traditional testing.
- Deadlock Prevention: Mathematical analysis ensures that the algorithm cannot enter states where progress becomes impossible.
- Correctness Guarantees: Formal verification provides mathematical proof that the algorithm meets its security and functionality requirements.
- Documentation: The TLA+ specification serves as precise documentation of the algorithm’s behavior, enabling other developers to understand and implement similar systems.
This level of verification is typically reserved for mission-critical systems, demonstrating Cloudflare’s commitment to security excellence. The formal models catch subtle bugs and edge cases that could potentially be exploited by sophisticated attackers.
Open-Source Transparency and Community Development
The open-source approach Orange Meets has taken is a game-changer in the security space. By open-sourcing the entire codebase to GitHub, Cloudflare allows for unparalleled visibility, open collaboration in real-time, and continual development.
The open-source approach provides several advantages:
- Security Auditing: Independent security researchers can examine the code for vulnerabilities, ensuring that the implementation matches the documented security properties.
- Educational Value: Developers can study real-world implementations of advanced cryptographic protocols, accelerating the adoption of best practices across the industry.
- Customization: Organizations can modify the code to meet specific requirements or integrate with existing systems.
- Community Innovation: The broader developer community can contribute improvements, bug fixes, and new features.
Then again, it’s worth noting that Orange Meets is being pitched as a technical demonstration, not a production-ready consumer device. This could be a good solution because its security is safe and the weaknesses will be caused by the users themselves more than by a flaw in the system, but on the other hand, it has a lot of missing or poor features that are already present on commercial video conferencing solutions.
Testing and Implementation Options
Security professionals and developers interested in exploring Orange Meets have several options for testing and implementation:
- Live Demo: Cloudflare provides an online demo at e2ee.orange.cloudflare.dev, allowing immediate testing without installation requirements.
- Self-Hosted Deployment: The complete source code is available on GitHub, enabling organizations to deploy their instances with full control over the infrastructure.
- Integration Components: Developers can extract specific components (such as the MLS implementation or Designated Committer Algorithm) for integration into existing applications.
- Research and Development: The platform serves as an excellent foundation for cryptographic research and prototype development.
Organizations looking to implement would run through these in the context of what Orange Meets can do today. The security model is strong, but production use could include developing additional user management, storage, enterprise integration, and other features.
Competitive Advantages in the Security Landscape
Orange Meets enters a competitive landscape dominated by established players like Signal, Wire, and enterprise solutions from major technology companies. However, Cloudflare’s approach offers several unique advantages:
- Transparent Implementation: Unlike proprietary solutions, Orange Meets provides complete visibility into its security mechanisms.
- Scalable Architecture: The platform is designed to handle enterprise-scale deployments from the ground up.
- Standards-Based Approach: By implementing IETF standards like MLS, Orange Meets ensures compatibility with future security developments.
- Cost-Effective Security: The open-source model eliminates licensing costs while providing enterprise-grade security.
- Customization Flexibility: Organizations can modify the platform to meet specific regulatory or operational requirements.
These advantages position Orange Meets as an attractive option for organizations that prioritize security, transparency, and customization over feature completeness.