Send in your ideas. Deadline February 1, 2025

Rosenpass: Hardening the Internet Against Quantum Computer Attacks

The Rosenpass project was released on February 26, 2023. Rosenpass is formally verifiable, state-of-the-art Post Quantum Cryptography which protects against attacks with so-called 'quantum computers'. It initially primarily affects Virtual Private Networks (VPNs). In the future, it may very well be adapted to other key elements of today’s internet security, preserving trust and safety in the coming quantum era.

NLnet supported Rosenpass through the NGI Assure Fund. Sixty percent of the resources went toward security analysis of the protocol in the symbolic model using proverif. The remainder of the funds were used for unit testing of the implementation and documentation.

Rosenpass provides a complement to the well-recognized VPN protocol WireGuard, adding quantum-hardened cryptography and key exchange while keeping the established WireGuard-standard encryption security. Therefore, Rosenpass is not just an add-on or a plug-in, but a coprocessing software that interacts with WireGuard at exactly one point, enhancing WireGuard's predefined key generation and exchange process with Post Quantum Secure (PQS) cryptography, based on the McEliece cryptosystem.

Making the internet future-proof

The problem Rosenpass aims to address is that various companies have presented prototypes of so-called quantum computers in recent years. In the future, these could break the encryption mechanisms of today's Internet. This development could take cybercrime and cyberwar to new levels. It's not just about confidential communication, but about basic functions without which the Internet would no longer work. For example, checking whether the website you are visiting is actually the real thing and not a fake, access to online banking or the name server that forwards Internet addresses to the right place. These are all things that need to be secured against attacks with quantum computers.

Project Rosenpass is run by a team of cryptographers, researchers, open source developers, hackers and designers with a focus on verifiable security improvement, usability and user advantage. Project manager Karolin Varner said: "This software project is a milestone in the development of encryption methods to make the Internet more future-proof".

Rosenpass is free and open software that can be reviewed, tested and further developed by security researchers. It is published under the Apache and MIT licenses. The team will continue to develop Rosenpass and are looking for partners in academic research and industry.

Funding

Rosenpass is funded through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet) programme.

Do you also have an open source project that needs funding? You can apply for one of the theme funds of NLnet.