サーバーレスで耐量子暗号に対応したMatrixホームサーバーの構築
Cloudflare は、従来のサーバーレスアーキテクチャを適用し、Post-Quantum Cryptography を標準搭載した Matrix ホームサーバーのプロトタイプを公開した。
キーポイント
Serverless 化による運用負荷の解消
従来の VPS、PostgreSQL、Redis 管理といった重たいインフラ運用を Cloudflare Workers と Durable Objects に移行し、コストと管理負担をゼロに近づけた。
クラウドネイティブなストレージマッピング
D1 を PostgreSQL の代替、KV を Redis 用キャッシュ、R2 をメディア保存用に置き換え、Matrix プロトコルの要件を満たすように再設計した。
ポスト量子暗号の標準実装
すべての接続がデフォルトでポスト量子暗号(PQC)によって保護されるよう実装され、将来の量子コンピュータによる解読リスクに対抗するセキュリティを提供する。
分散型状態管理の実現
Cloudflare の Durable Objects を活用し、エッジで強整合性と原子性を維持しながら、Matrix のイベント解決アルゴリズムを実行可能にした。
サーバーレス移行のメリット
Cloudflare Workers を採用することで、従来の複雑なインフラ管理から解放され、デプロイが簡素化され、グローバルな低遅延と使用量ベースのコスト削減を実現します。
ポスト量子暗号の自動実装
すべての TLS 1.3 接続で X25519MLKEM768 というハイブリッド鍵合意アルゴリズムが自動的に使用され、量子コンピュータによる解読リスクから通信を保護します。
エンドツーエンド暗号化の維持
メッセージはクライアント側で Megolm により暗号化された後、量子耐性のある TLS を通じて転送されるため、サーバー側のセキュリティ強化と暗号化の両立が可能になります。
影響分析・編集コメントを表示
影響分析
この記事は、分散型コミュニケーションプロトコルのインフラ運用をクラウドネイティブなサーバーレスアーキテクチャへ転換する具体的な道筋を示しており、特にセキュリティ要件(ポスト量子暗号)とコスト効率性の両立において重要な示唆を与えます。ただし、現時点では個人開発者や特定のユースケース向けの Proof of Concept であり、大規模な政府・企業システムへの即座の導入には至っていないため、業界全体を即座に変える重大ニュースというよりは、技術的アプローチの革新性を示す注目すべき事例と言えます。
編集コメント
従来のインフラ管理から解放され、セキュリティを強化した分散型チャットの新しい実装形態を示す興味深い事例です。ただし、大規模運用におけるパフォーマンスや完全な互換性については、まだ検証段階であることを留意する必要があります。
Durable Objectsはシングルスレッドで強整合性のストレージを提供します:
#[durable_object]
pub struct UserKeysObject {
state: State,
env: Env,
}
impl UserKeysObject {
async fn claim_otk(&self, algorithm: &str) -> Result<Option<Key>> {
// 単一DO内でアトミック - 競合状態は発生不可能
let mut keys: Vec<Key> = self.state.storage()
.get("one_time_keys")
.await
.ok()
.flatten()
.unwrap_or_default();
if let Some(idx) = keys.iter().position(|k| k.algorithm == algorithm) {
let key = keys.remove(idx);
self.state.storage().put("one_time_keys", &keys).await?;
return Ok(Some(key));
}
Ok(None)
}
}
E2EEの鍵管理にはUserKeysObjectを、タイピングインジケータや既読確認などのリアルタイムルームイベントにはRoomObjectを、デバイス間メッセージキューにはUserSyncObjectを使用します。残りの部分はD1を介して処理されます。
完全なエンドツーエンド暗号化とOAuth
私たちの実装は、Matrix E2EEスタックのすべてをサポートしています:デバイスキー、クロス署名キー、ワンタイムキー、フォールバックキー、キーバックアップ、脱水化デバイスです。
最新のMatrixクライアントは、従来のパスワードフローではなくOAuth 2.0/OIDCを使用します。私たちは完全なOAuthプロバイダーを実装し、動的クライアント登録、PKCE認可、RS256署名付きJWTトークン、ローテーション付きトークンリフレッシュ、標準的なOIDCディスカバリーエンドポイントを備えています。
curl https://matrix.example.com/.well-known/openid-configuration
{
"issuer": "https://matrix.example.com",
"authorization_endpoint": "https://matrix.example.com/oauth/authorize",
"token_endpoint": "https://matrix.example.com/oauth/token",
"jwks_uri": "https://matrix.example.com/.well-known/jwks.json"
}
Elementや任意のMatrixクライアントをドメインに向けると、すべてが自動的に検出されます。
モバイル向けSliding Sync
従来のMatrix同期では、初期接続時にメガバイト単位のデータが転送され、モバイルのバッテリーとデータプランを消耗させていました。
Sliding Syncでは、クライアントが必要なものを正確に要求できます。すべてをダウンロードする代わりに、クライアントは最小限の状態で最新の20のルームを取得します。ユーザーがスクロールすると、より多くの範囲を要求します。サーバーは位置を追跡し、差分のみを送信します。
エッジ実行と組み合わせることで、モバイルクライアントは遅いネットワークでも500ミリ秒未満で接続し、ルームリストを表示できます。
比較
小規模チーム向けのホームサーバーの場合:
従来型(VPS)
Workers
月額コスト(アイドル時)
20-50ドル
1ドル未満
月額コスト(アクティブ時)
20-50ドル
3-10ドル
グローバルレイテンシー
100-300ミリ秒
20-50ミリ秒
デプロイ時間
数時間
数秒
メンテナンス
週次
不要
DDoS保護
追加コスト
標準装備
耐量子暗号TLS
複雑な設定
自動
*2026年1月15日時点のDigitalOcean、AWS Lightsail、Linodeの公開レートとメトリクスに基づく。
規模が大きくなると経済性はさらに向上します。従来のデプロイメントではキャパシティプランニングと過剰なプロビジョニングが必要です。Workersは自動的にスケールします。
分散型プロトコルの未来
私たちはこれを実験として始めました:MatrixはWorkers上で実行できるか?答えはイエスです——そしてこのアプローチは他のステートフルなプロトコルでも機能します。
従来のステートフルなコンポーネントをCloudflareのプリミティブにマッピングすることで——PostgresをD1に、RedisをKVに、ミューテックスをDurable Objectsに——複雑なアプリケーションに複雑なインフラストラクチャは必要ないことがわかります。私たちはオペレーティングシステム、データベース管理、ネットワーク設定を取り除き、アプリケーションロジックとデータそのものだけを残しました。
Workersは、インフラストラクチャの所有という負担なしに、データを所有する主権を提供します。
私はこの実装を実験として公開しており、この種のサービスに興味を持つ他の方々からの貢献を歓迎します。
Workers上で強力なリアルタイムアプリケーションを構築する準備はできていますか?Cloudflare Workersを使って始め、独自のステートフルなエッジアプリケーションのためにDurable Objectsを探索してください。エッジで構築する他の開発者とつながるために、私たちのDiscordコミュニティに参加してください。
原文を表示
- This post was updated at 11:45 a.m. Pacific time to clarify that the use case described here is a proof of concept and a personal project. Some sections have been updated for clarity.
Matrix is the gold standard for decentralized, end-to-end encrypted communication. It powers government messaging systems, open-source communities, and privacy-focused organizations worldwide.
For the individual developer, however, the appeal is often closer to home: bridging fragmented chat networks (like Discord and Slack) into a single inbox, or simply ensuring your conversation history lives on infrastructure you control. Functionally, Matrix operates as a decentralized, eventually consistent state machine. Instead of a central server pushing updates, homeservers exchange signed JSON events over HTTP, using a conflict resolution algorithm to merge these streams into a unified view of the room's history.
But there is a "tax" to running it. Traditionally, operating a Matrix homeserver has meant accepting a heavy operational burden. You have to provision virtual private servers (VPS), tune PostgreSQL for heavy write loads, manage Redis for caching, configure reverse proxies, and handle rotation for TLS certificates. It’s a stateful, heavy beast that demands to be fed time and money, whether you’re using it a lot or a little.
We wanted to see if we could eliminate that tax entirely.
Spoiler: We could. In this post, we’ll explain how we ported a Matrix homeserver to Cloudflare Workers. The resulting proof of concept is a serverless architecture where operations disappear, costs scale to zero when idle, and every connection is protected by post-quantum cryptography by default. You can view the source code and deploy your own instance directly from Github.
From Synapse to Workers
Our starting point was Synapse, the Python-based reference Matrix homeserver designed for traditional deployments. PostgreSQL for persistence, Redis for caching, filesystem for media.
Porting it to Workers meant questioning every storage assumption we’d taken for granted.
The challenge was storage. Traditional homeservers assume strong consistency via a central SQL database. Cloudflare Durable Objects offers a powerful alternative. This primitive gives us the strong consistency and atomicity required for Matrix state resolution, while still allowing the application to run at the edge.
We ported the core Matrix protocol logic — event authorization, room state resolution, cryptographic verification — in TypeScript using the Hono framework. D1 replaces PostgreSQL, KV replaces Redis, R2 replaces the filesystem, and Durable Objects handle real-time coordination.
Here’s how the mapping worked out:
image
From monolith to serverless
Moving to Cloudflare Workers brings several advantages for a developer: simple deployment, lower costs, low latency, and built-in security.
Easy deployment: A traditional Matrix deployment requires server provisioning, PostgreSQL administration, Redis cluster management, TLS certificate renewal, load balancer configuration, monitoring infrastructure, and on-call rotations.
With Workers, deployment is simply: wrangler deploy. Workers handles TLS, load balancing, DDoS protection, and global distribution.
Usage-based costs: Traditional homeservers cost money whether anyone is using them or not. Workers pricing is request-based, so you pay when you’re using it, but costs drop to near zero when everyone’s asleep.
Lower latency globally: A traditional Matrix homeserver in us-east-1 adds 200ms+ latency for users in Asia or Europe. Workers, meanwhile, run in 300+ locations worldwide. When a user in Tokyo sends a message, the Worker executes in Tokyo.
Built-in security: Matrix homeservers can be high-value targets: They handle encrypted communications, store message history, and authenticate users. Traditional deployments require careful hardening: firewall configuration, rate limiting, DDoS mitigation, WAF rules, IP reputation filtering.
Workers provide all of this by default.
Post-quantum protection
Cloudflare deployed post-quantum hybrid key agreement across all TLS 1.3 connections in October 2022. Every connection to our Worker automatically negotiates X25519MLKEM768 — a hybrid combining classical X25519 with ML-KEM, the post-quantum algorithm standardized by NIST.
Classical cryptography relies on mathematical problems that are hard for traditional computers but trivial for quantum computers running Shor’s algorithm. ML-KEM is based on lattice problems that remain hard even for quantum computers. The hybrid approach means both algorithms must fail for the connection to be compromised.
Following a message through the system
Understanding where encryption happens matters for security architecture. When someone sends a message through our homeserver, here’s the actual path:
The sender’s client takes the plaintext message and encrypts it with Megolm — Matrix’s end-to-end encryption. This encrypted payload then gets wrapped in TLS for transport. On Cloudflare, that TLS connection uses X25519MLKEM768, making it quantum-resistant.
image
The Worker terminates TLS, but what it receives is still encrypted — the Megolm ciphertext. We store that ciphertext in D1, index it by room and timestamp, and deliver it to recipients. But we never see the plaintext. The message “Hello, world” exists only on the sender’s device and the recipient’s device.
When the recipient syncs, the process reverses. They receive the encrypted payload over another quantum-resistant TLS connection, then decrypt locally with their Megolm session keys.
Two layers, independent protection
This protects via two encryption layers that operate independently:
The transport layer (TLS) protects data in transit. It’s encrypted at the client and decrypted at the Cloudflare edge. With X25519MLKEM768, this layer is now post-quantum.
The application layer (Megolm E2EE) protects message content. It’s encrypted on the sender’s device and decrypted only on recipient devices. This uses classical Curve25519 cryptography.
Who sees what
Any Matrix homeserver operator — whether running Synapse on a VPS or this implementation on Workers — can see metadata: which rooms exist, who’s in them, when messages were sent. But no one in the infrastructure chain can see the message content, because the E2EE payload is encrypted on sender devices before it ever hits the network. Cloudflare terminates TLS and passes requests to your Worker, but both see only Megolm ciphertext. Media in encrypted rooms is encrypted client-side before upload, and private keys never leave user devices.
What traditional deployments would need
Achieving post-quantum TLS on a traditional Matrix deployment would require upgrading OpenSSL or BoringSSL to a version supporting ML-KEM, configuring cipher suite preferences correctly, testing client compatibility across all Matrix apps, monitoring for TLS negotiation failures, staying current as PQC standards evolve, and handling clients that don’t support PQC gracefully.
With Workers, it’s automatic. Chrome, Firefox, and Edge all support X25519MLKEM768. Mobile apps using platform TLS stacks inherit this support. The security posture improves as Cloudflare’s PQC deployment expands — no action required on our part.
The storage architecture that made it work
The key insight from porting Tuwunel was that different data needs different consistency guarantees. We use each Cloudflare primitive for what it does best.
D1 for the data model
D1 stores everything that needs to survive restarts and support queries: users, rooms, events, device keys. Over 25 tables covering the full Matrix data model.
CREATE TABLE events (
event_id TEXT PRIMARY KEY,
room_id TEXT NOT NULL,
sender TEXT NOT NULL,
event_type TEXT NOT NULL,
state_key TEXT,
content TEXT NOT NULL,
origin_server_ts INTEGER NOT NULL,
depth INTEGER NOT NULL
);
D1’s SQLite foundation meant we could port Tuwunel’s queries with minimal changes. Joins, indexes, and aggregations work as expected.
We learned one hard lesson: D1’s eventual consistency breaks foreign key constraints. A write to rooms might not be visible when a subsequent write to events checks the foreign key. We removed all foreign keys and enforce referential integrity in application code.
KV for ephemeral state
OAuth authorization codes live for 10 minutes, while refresh tokens last for a session.
// Store OAuth code with 10-minute TTL
kv.put(&format!("oauth_code:{}", code), &token_data)?
.expiration_ttl(600)
.execute()
.await?;
KV’s global distribution means OAuth flows work fast regardless of where users are located.
R2 for media
Matrix media maps directly to R2, so you can upload an image, get back a content-addressed URL – and egress is free.
Durable Objects for atomicity
Some operations can’t tolerate eventual consistency. When a client claims a one-time encryption key, that key must be atomically removed. If two clients claim the same key, encrypted session establishment fails.
Durable Objects provide single-threaded, strongly consistent storage:
#[durable_object]
pub struct UserKeysObject {
state: State,
env: Env,
}
impl UserKeysObject {
async fn claim_otk(&self, algorithm: &str) -> Result<Option<Key>> {
// Atomic within single DO - no race conditions possible
let mut keys: Vec<Key> = self.state.storage()
.get("one_time_keys")
.await
.ok()
.flatten()
.unwrap_or_default();
if let Some(idx) = keys.iter().position(|k| k.algorithm == algorithm) {
let key = keys.remove(idx);
self.state.storage().put("one_time_keys", &keys).await?;
return Ok(Some(key));
}
Ok(None)
}
}
We use UserKeysObject for E2EE key management, RoomObject for real-time room events like typing indicators and read receipts, and UserSyncObject for to-device message queues. The rest flows through D1.
Complete end-to-end encryption, complete OAuth
Our implementation supports the full Matrix E2EE stack: device keys, cross-signing keys, one-time keys, fallback keys, key backup, and dehydrated devices.
Modern Matrix clients use OAuth 2.0/OIDC instead of legacy password flows. We implemented a complete OAuth provider, with dynamic client registration, PKCE authorization, RS256-signed JWT tokens, token refresh with rotation, and standard OIDC discovery endpoints.
curl https://matrix.example.com/.well-known/openid-configuration
{
"issuer": "https://matrix.example.com",
"authorization_endpoint": "https://matrix.example.com/oauth/authorize",
"token_endpoint": "https://matrix.example.com/oauth/token",
"jwks_uri": "https://matrix.example.com/.well-known/jwks.json"
}
Point Element or any Matrix client at the domain, and it discovers everything automatically.
Sliding Sync for mobile
Traditional Matrix sync transfers megabytes of data on initial connection, draining mobile battery and data plans.
Sliding Sync lets clients request exactly what they need. Instead of downloading everything, clients get the 20 most recent rooms with minimal state. As users scroll, they request more ranges. The server tracks position and sends only deltas.
Combined with edge execution, mobile clients can connect and render their room list in under 500ms, even on slow networks.
The comparison
For a homeserver serving a small team:
Traditional (VPS)
Workers
Monthly cost (idle)
$20-50
<$1
Monthly cost (active)
$20-50
$3-10
Global latency
100-300ms
20-50ms
Time to deploy
Hours
Seconds
Maintenance
Weekly
None
DDoS protection
Additional cost
Included
Post-quantum TLS
Complex setup
Automatic
*Based on public rates and metrics published by DigitalOcean, AWS Lightsail, and Linode as of January 15, 2026.
The economics improve further at scale. Traditional deployments require capacity planning and over-provisioning. Workers scale automatically.
The future of decentralized protocols
We started this as an experiment: could Matrix run on Workers? It can—and the approach can work for other stateful protocols, too.
By mapping traditional stateful components to Cloudflare’s primitives — Postgres to D1, Redis to KV, mutexes to Durable Objects — we can see that complex applications don't need complex infrastructure. We stripped away the operating system, the database management, and the network configuration, leaving only the application logic and the data itself.
Workers offers the sovereignty of owning your data, without the burden of owning the infrastructure.
I have been experimenting with the implementation and am excited for any contributions from others interested in this kind of service.
Ready to build powerful, real-time applications on Workers? Get started with Cloudflare Workers and explore Durable Objects for your own stateful edge applications. Join our Discord community to connect with other developers building at the edge.
関連記事
今日のまとめ
AI日報で今日の重要ニュースをまとめ読み