Post-Quantum WireGuard

A. Hülsing; K. Ning; P. Schwabe; F. Weber; P.R. Zimmermann

doi:10.1109/SP40001.2021.00030

Post-Quantum WireGuard

A. Hülsing
, K. Ning
, P. Schwabe
, F. Weber
, P.R. Zimmermann

Coding Theory and Cryptology

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

56 Citaten (Scopus)

2 Downloads (Pure)

Samenvatting

In this paper we present PQ-WireGuard, a post-quantum variant of the handshake in the WireGuard VPN protocol (NDSS 2017). Unlike most previous work on post-quantum security for real-world protocols, this variant does not only consider post-quantum confidentiality (or forward secrecy) but also post-quantum authentication. To achieve this, we replace the Diffie-Hellman-based handshake by a more generic approach only using key-encapsulation mechanisms (KEMs). We establish security of PQ-WireGuard, adapting the security proofs for WireGuard in the symbolic model and in the standard model to our construction. We then instantiate this generic construction with concrete post-quantum secure KEMs, which we carefully select to achieve high security and speed. We demonstrate competitiveness of PQ-WireGuard presenting extensive bench-marking results comparing to widely deployed VPN solutions.

Originele taal-2	Engels
Titel	2021 IEEE Symposium on Security and Privacy, SP 2021
Uitgeverij	Institute of Electrical and Electronics Engineers
Pagina's	304-321
Aantal pagina's	18
ISBN van elektronische versie	978-1-7281-8934-5
DOI's	https://doi.org/10.1109/SP40001.2021.00030
Status	Gepubliceerd - 26 aug. 2021
Evenement	2021 IEEE Symposium on Security and Privacy, SP 2021 - Virtual Duur: 24 mei 2021 → 27 mei 2021

Congres

Congres	2021 IEEE Symposium on Security and Privacy, SP 2021
Verkorte titel	SP 2021
Stad	Virtual
Periode	24/05/21 → 27/05/21

Toegang tot document

10.1109/SP40001.2021.00030

pdfDefinitieve gepubliceerde versie, 809 KBLicentie: TAVERNE

https://doi.ieeecomputersociety.org/10.1109/SP40001.2021.00030

Andere bestanden en links

Link naar publicatie in Scopus

Citeer dit

@inproceedings{ca4cb868eec94abeba4b47391cf631cd,

title = "Post-Quantum WireGuard",

abstract = "In this paper we present PQ-WireGuard, a post-quantum variant of the handshake in the WireGuard VPN protocol (NDSS 2017). Unlike most previous work on post-quantum security for real-world protocols, this variant does not only consider post-quantum confidentiality (or forward secrecy) but also post-quantum authentication. To achieve this, we replace the Diffie-Hellman-based handshake by a more generic approach only using key-encapsulation mechanisms (KEMs). We establish security of PQ-WireGuard, adapting the security proofs for WireGuard in the symbolic model and in the standard model to our construction. We then instantiate this generic construction with concrete post-quantum secure KEMs, which we carefully select to achieve high security and speed. We demonstrate competitiveness of PQ-WireGuard presenting extensive bench-marking results comparing to widely deployed VPN solutions.",

author = "A. H{\"u}lsing and K. Ning and P. Schwabe and F. Weber and P.R. Zimmermann",

year = "2021",

month = aug,

day = "26",

doi = "10.1109/SP40001.2021.00030",

language = "English",

pages = "304--321",

booktitle = "2021 IEEE Symposium on Security and Privacy, SP 2021",

publisher = "Institute of Electrical and Electronics Engineers",

address = "United States",

note = "2021 IEEE Symposium on Security and Privacy, SP 2021, SP 2021 ; Conference date: 24-05-2021 Through 27-05-2021",

}

TY - GEN

T1 - Post-Quantum WireGuard

AU - Hülsing, A.

AU - Ning, K.

AU - Schwabe, P.

AU - Weber, F.

AU - Zimmermann, P.R.

PY - 2021/8/26

Y1 - 2021/8/26

N2 - In this paper we present PQ-WireGuard, a post-quantum variant of the handshake in the WireGuard VPN protocol (NDSS 2017). Unlike most previous work on post-quantum security for real-world protocols, this variant does not only consider post-quantum confidentiality (or forward secrecy) but also post-quantum authentication. To achieve this, we replace the Diffie-Hellman-based handshake by a more generic approach only using key-encapsulation mechanisms (KEMs). We establish security of PQ-WireGuard, adapting the security proofs for WireGuard in the symbolic model and in the standard model to our construction. We then instantiate this generic construction with concrete post-quantum secure KEMs, which we carefully select to achieve high security and speed. We demonstrate competitiveness of PQ-WireGuard presenting extensive bench-marking results comparing to widely deployed VPN solutions.

AB - In this paper we present PQ-WireGuard, a post-quantum variant of the handshake in the WireGuard VPN protocol (NDSS 2017). Unlike most previous work on post-quantum security for real-world protocols, this variant does not only consider post-quantum confidentiality (or forward secrecy) but also post-quantum authentication. To achieve this, we replace the Diffie-Hellman-based handshake by a more generic approach only using key-encapsulation mechanisms (KEMs). We establish security of PQ-WireGuard, adapting the security proofs for WireGuard in the symbolic model and in the standard model to our construction. We then instantiate this generic construction with concrete post-quantum secure KEMs, which we carefully select to achieve high security and speed. We demonstrate competitiveness of PQ-WireGuard presenting extensive bench-marking results comparing to widely deployed VPN solutions.

UR - https://www.scopus.com/pages/publications/85113214330

U2 - 10.1109/SP40001.2021.00030

DO - 10.1109/SP40001.2021.00030

M3 - Conference contribution

SP - 304

EP - 321

BT - 2021 IEEE Symposium on Security and Privacy, SP 2021

PB - Institute of Electrical and Electronics Engineers

T2 - 2021 IEEE Symposium on Security and Privacy, SP 2021

Y2 - 24 May 2021 through 27 May 2021

ER -

Post-Quantum WireGuard

Samenvatting

Congres

Toegang tot document

Andere bestanden en links

Vingerafdruk

Citeer dit