Calls: Send in your ideas. Deadline February 1st, 2023.
Source code :
More info available :


Post Quantum Security Add-On for WireGuard

Rosenpass is a formally verified, post-quantum secure VPN that uses WireGuard to transport the actual data. The project is planned for a release in the next couple of months.

The implementation does not create a VPN connection itself, instead it performs a key exchange and hands this key to WireGuard; i.e. it *enhances* WireGuard's security without replacing it. This reduces the complexity of implementing the protocol and ensures that all the performance-advantages of WireGuard are available with Rosenpass. There is some extra latency to make a connection, but after that, WireGuard and Rosenpass are as fast.

The protocol used by Rosenpass is based on the handshake designed by Hülsing, Ning, Schwabe, Weber and Zimmermann and improves upon the protocol by using cookies to provide resistance against state-disruption attacks. State-disruption attacks exist against the first version of the post-quantum WireGuard protocol and against classic WireGuard when NTP is used to synchronize the system-clock.

Internally, the protocol uses two post-quantum KEMs (key exchange methods) and no post-quantum signature schemes to provide ephemeral secrecy and deniability.

Logo NLnet: abstract logo of four people seen from above Logo NGI Assure: letterlogo shaped like a tag

This project was funded through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 957073.

Navigate projects

Please check out NLnet's theme funds, such as NGI Assure and NGI Zero Entrust.

Want to help but no money to spend? Help us by protecting open source and its users.