Building a serverless, post-quantum Matrix homeserver

This post describes a proof-of-concept Matrix homeserver ported to Cloudflare Workers, eliminating traditional operational overhead while adding post-quantum cryptography.

• •Core Matrix protocol logic (event authorization, room state resolution, cryptographic verification) was rewritten in TypeScript using the Hono framework
• •Storage was remapped: D1 replaces PostgreSQL, KV replaces Redis, R2 replaces the filesystem, and Durable Objects handle atomic operations requiring strong consistency
• •Every TLS connection automatically uses X25519MLKEM768, a hybrid post-quantum key agreement combining classical X25519 with NIST-standardized ML-KEM
• •Two independent encryption layers protect messages: transport-layer TLS (post-quantum) and application-layer Megolm E2EE (decrypted only on recipient devices)
• •Foreign key constraints were removed from D1 due to eventual consistency issues, with referential integrity enforced in application code instead