Paper 2020/379

Post-quantum WireGuard

Andreas Hülsing, Eindhoven University of Technology
Kai-Chun Ning, KPN B.V.
Peter Schwabe, Radboud University Nijmegen
Fiona Johanna Weber, Eindhoven University of Technology
Philip R. Zimmermann, Delft University of Technology, KPN B.V.

In this paper we present PQ-WireGuard, a post-quantum variant of the handshake in the WireGuard VPN protocol (NDSS 2017). Unlike most previous work on post-quantum security for real-world protocols, this variant does not only consider post-quantum confidentiality (or forward secrecy) but also post-quantum authentication. To achieve this, we replace the Diffie-Hellman-based handshake by a more generic approach only using key-encapsulation mechanisms (KEMs). We establish security of PQ-WireGuard, adapting the security proofs for WireGuard in the symbolic model and in the standard model to our construction. We then instantiate this generic construction with concrete post-quantum secure KEMs, which we carefully select to achieve high security and speed. We demonstrate competitiveness of PQ-WireGuard presenting extensive benchmarking results comparing to widely deployed VPN solutions.

Note: Author list in alphabetical order, see:

Available format(s)
Publication info
Published elsewhere. Major revision. IEEE S&P 2021
VPNpost-quantum cryptographyNIST PQCMcElieceSaber
Contact author(s)
andreas @ huelsing net
kaichun ning @ kpn com
peter @ cryptojedi org
crypto @ fionajw de
prz @ mit edu
2023-09-25: last of 4 revisions
2020-04-03: received
See all versions
Short URL
Creative Commons Attribution


      author = {Andreas Hülsing and Kai-Chun Ning and Peter Schwabe and Fiona Johanna Weber and Philip R.  Zimmermann},
      title = {Post-quantum WireGuard},
      howpublished = {Cryptology ePrint Archive, Paper 2020/379},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.