Cryptology ePrint Archive: Report 2020/379

Post-quantum WireGuard

Andreas Hülsing and Kai-Chun Ning and Peter Schwabe and Florian Weber and Philip R. Zimmermann

Abstract: In this paper we present PQ-WireGuard, a post-quantum variant of the handshake in the WireGuard VPN protocol (NDSS 2017). Unlike most previous work on post-quantum security for real-world protocols, this variant does not only consider post-quantum confidentiality (or forward secrecy) but also post-quantum authentication. To achieve this, we replace the Diffie-Hellman-based handshake by a more generic approach only using key-encapsulation mechanisms (KEMs). We establish security of PQ-WireGuard, adapting the security proofs for WireGuard in the symbolic model and in the standard model to our construction. We then instantiate this generic construction with concrete post-quantum secure KEMs, which we carefully select to achieve high security and speed. We demonstrate competitiveness of PQ-WireGuard presenting extensive benchmarking results comparing to widely deployed VPN solutions.

Category / Keywords: applications / VPN, post-quantum cryptography, NIST PQC, McEliece, Saber

Original Publication (with major differences): IEEE S&P 2021

Date: received 2 Apr 2020, last revised 16 Jun 2021

Contact author: pqwireguard at cryptojedi org

Available format(s): PDF | BibTeX Citation

Version: 20210616:160930 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]