Post-quantum WireGuard

Conference paper (2021)

Authors

Andreas Hulsing Eindhoven University of Technology

Kai Chun Ning KPN

Peter Schwabe Max Planck Institute for Security and Privacy, Radboud Universiteit Nijmegen

Florian Weber Eindhoven University of Technology

P.R. Zimmermann KPN, Cyber Security -

Research Group

Cyber Security () (TU Delft)

More Info

expand_more

To reference this document use:

http://resolver.tudelft.nl/uuid:22a5d304-6698-429d-8a63-f316aebe28e4

Published Date

2021

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Department

Intelligent Systems

Research Group

Cyber Security

Abstract

In this paper we present PQ-WireGuard, a post-quantum variant of the handshake in the WireGuard VPN protocol (NDSS 2017). Unlike most previous work on post-quantum security for real-world protocols, this variant does not only consider post-quantum confidentiality (or forward secrecy) but also post-quantum authentication. To achieve this, we replace the Diffie-Hellman-based handshake by a more generic approach only using key-encapsulation mechanisms (KEMs). We establish security of PQ-WireGuard, adapting the security proofs for WireGuard in the symbolic model and in the standard model to our construction. We then instantiate this generic construction with concrete post-quantum secure KEMs, which we carefully select to achieve high security and speed. We demonstrate competitiveness of PQ-WireGuard presenting extensive bench-marking results comparing to widely deployed VPN solutions.

Files

Post_quantum_WireGuard.pdf

(.pdf | 1.64 Mb)