Post-Quantum WireGuard

A. Hülsing, K. Ning, P. Schwabe, F. Weber, P. R. Zimmermann

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

2 Citations (Scopus)


In this paper we present PQ-WireGuard, a post-quantum variant of the handshake in the WireGuard VPN protocol (NDSS 2017). Unlike most previous work on post-quantum security for real-world protocols, this variant does not only consider post-quantum confidentiality (or forward secrecy) but also post-quantum authentication. To achieve this, we replace the Diffie-Hellman-based handshake by a more generic approach only using key-encapsulation mechanisms (KEMs). We establish security of PQ-WireGuard, adapting the security proofs for WireGuard in the symbolic model and in the standard model to our construction. We then instantiate this generic construction with concrete post-quantum secure KEMs, which we carefully select to achieve high security and speed. We demonstrate competitiveness of PQ-WireGuard presenting extensive bench-marking results comparing to widely deployed VPN solutions.

Original languageEnglish
Title of host publicationProceedings - 2021 IEEE Symposium on Security and Privacy, SP 2021
Place of PublicationLos Alamitos, CA, USA
PublisherIEEE Computer Society
Number of pages18
ISBN (Electronic)9781728189345
Publication statusPublished - 1 May 2021


Dive into the research topics of 'Post-Quantum WireGuard'. Together they form a unique fingerprint.

Cite this