Advertisement

Post-Quantum Cryptography in WireGuard VPN

Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 336)

Abstract

WireGuard is a new and promising VPN software. It relies on ECDH for the key agreement and server authentication. This makes the tunnel vulnerable to future attacks with quantum computers.

Three incremental improvements to WireGuard’s handshake protocol are proposed, giving differently enhanced levels of post-quantum security. Performance impacts of these are shown to be moderate.

Keywords

Post-quantum cryptography VPN Key exchange 

References

  1. 1.
    Appelbaum, J., Martindale, C., Wu, P.: Tiny wireguard tweak. In: Buchmann, J., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2019. LNCS, vol. 11627, pp. 3–20. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-23696-0_1CrossRefGoogle Scholar
  2. 2.
    Bernstein, D.J.: Cost analysis of hash collisions: will quantum computers make SHARCS obsolete. SHARCS 9, 105 (2009)Google Scholar
  3. 3.
    Bonica, R., Baker, F., Huston, G., Hinden, R., Troan, O., Gont, F.: IP fragmentation considered fragile. Internet-Draft draft-ietf-intarea-frag-fragile-17, IETF Secretariat, September 2019. http://www.ietf.org/internet-drafts/draft-ietf-intarea-frag-fragile-17.txt
  4. 4.
    Bundesamt für Sicherheit in der Informationstechnik: Migration zu post-quanten-kryptografie. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Krypto/Post-Quanten-Kryptografie.pdf (2020). Accessed 25 June 2020
  5. 5.
    Cloudflare: Boringtun, March 2019. https://github.com/cloudflare/boringtun. Accessed 25 June 2020
  6. 6.
    Donenfeld, J.A.: WireGuard: next generation kernel network tunnel. In: NDSS (2017)Google Scholar
  7. 7.
    Donenfeld, J.A., Milner, K.: Formal verification of the WireGuard protocol (2017). https://www.wireguard.com/papers/wireguard-formal-verification.pdf. Accessed 25 June 25 2020
  8. 8.
    Dowling, B., Paterson, K.G.: A cryptographic analysis of the wireguard protocol. In: Preneel, B., Vercauteren, F. (eds.) ACNS 2018. LNCS, vol. 10892, pp. 3–21. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-93387-0_1CrossRefGoogle Scholar
  9. 9.
    Heisler, B.: Criterion.rs. March 2014. https://github.com/bheisler/criterion.rs. Accessed 25 June 2020
  10. 10.
    Hülsing, A., Ning, K.C., Schwabe, P., Weber, F., Zimmermann, P.R.: Post-quantum WireGuard. Technical report, Cryptology ePrint Archive, Report 2020/379. http://eprint.iacr.org/2020/379 (2020)Google Scholar
  11. 11.
    Kniep, Q.M.: Post-quantum cryptography in WireGuard VPN (2019). https://hu.berlin/PQWireGuard
  12. 12.
    National Institute of Standards and Technology: Submission requirements and evaluation criteria for the post-quantum cryptography standardization process, December 2016. https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/call-for-proposals-final-dec-2016.pdf. Accessed 25 June 2020
  13. 13.
    Open Quantum Safe: liboqs, August 2016. https://github.com/open-quantum-safe/liboqs/. Accessed 25 June 2020
  14. 14.
    Perrin, T.: KEM-based hybrid forward secrecy for noise (2018). https://github.com/noiseprotocol/noise_hfs_spec/blob/master/output/noise_hfs.pdf. Accessed 25 June 2020
  15. 15.
    Perrin, T.: The Noise protocol framework, July 2018. https://noiseprotocol.org/noise.pdf. Accessed 25 June 2020
  16. 16.
    Raghavendra, R., Belding, E.M.: Characterizing high-bandwidth real-time video traffic in residential broadband networks. In: 8th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks, pp. 597–602. IEEE (2010)Google Scholar
  17. 17.
    Roetteler, M., Naehrig, M., Svore, K.M., Lauter, K.: Quantum resource estimates for computing elliptic curve discrete logarithms. arXiv preprint arXiv:1706.06752 (2017)
  18. 18.
    Zalka, C.: Grover’s quantum searching algorithm is optimal. Phys. Rev. A 60(4), 2746 (1999)CrossRefGoogle Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2020

Authors and Affiliations

  1. 1.Institut für Informatik, Humboldt-Universität zu BerlinBerlinGermany

Personalised recommendations