Rosenpass
Post Quantum Security Add-On for WireGuard
Rosenpass is a formally verified, post-quantum secure VPN that uses WireGuard to transport the actual data. The implementation does not create a VPN connection itself, instead it performs a key exchange and hands this key to WireGuard; i.e. it *enhances* WireGuard's security without replacing it. This reduces the complexity of implementing the protocol and ensures that all the performance-advantages of WireGuard are available with Rosenpass. There is some extra latency to make a connection, but after that, WireGuard and Rosenpass are as fast.
The protocol used by Rosenpass is based on the handshake designed by Hülsing, Ning, Schwabe, Weber and Zimmermann and improves upon the protocol by using cookies to provide resistance against state-disruption attacks. State-disruption attacks exist against the first version of the post-quantum WireGuard protocol and against classic WireGuard when NTP is used to synchronize the system-clock.
Internally, the protocol uses two post-quantum KEMs (key exchange methods) and no post-quantum signature schemes to provide ephemeral secrecy and deniability.
- The project's own website: https://rosenpass.eu
Why does this actually matter to end users?
Today, Virtual Private Networks (VPNs) are a cornerstone of the modern Internet. When you go online outside of your house or office, for instance on a public wifi spot in your favourite restaurant - your connection can be vulnerable to so called man-in-the-middle attacks. Instead of the hotspot connecting you to the internet as you would assume to be the case, someone operating the network you use to access the internet can tamper with your traffic.
Obviously, that can have disastrous results in terms of security. In professional context, VPNs are therefore meanwhile everywhere. Whenever you connect to your workplace from your "home office", you most probably already, consciously or not, use VPN software to ensure that all data flowing from your computer at home to your employer’s office are safe from being tampered with. There are many more common, daily use cases ‒ from online research to increasing privacy to bypassing network misconfigurations and other disturbances.
In recent years, we have seen the rise of “Quantum Computers”‒ a new class of specialised computers that operate in a fundamentally different way from how traditional computers operate. While practical utility of such Quantum Computers for most day to day usage would for now still be limited (this will change in the future, no doubt), and the earliest computers of this type are prohibitively expensive (so not many organisations can afford one), they are known to do at least one thing particularly well: solving the kind of mathematical challenges on which many cryptographic standards are based.
The increasing availability and equally growing capabilities of Quantum Computers means traditional cryptography has to be phased out. While some of the most widely used cryptography is still considered safe on conventional computers for now, it is no longer something you can trust on for protecting confidentiality - and this will get worse and worse once Quantum Computers become more powerful and more widely available. Of course this not only impacts the safety of our online banking or the authenticity of a website pretending - it also impacts VPNs which are essentially encrypted tunnels across the internet.
Rosenpass is an important practical countermeasure. You use Rosenpass in conjunction with the widely used WireGuard technology (which is a.o. part of the Linux kernel). Because it uses specific Post Quantum Secure (PQS) cryptography, based on the McEliece cryptosystem, it is expected to withstand Quantum Computer attacks. Rosenpass doesn’t change the way WireGuard works (in fact, WireGuard encryption continue to work as it used to without Rosenguard). It does provide a post-quantum-secure key exchange in the spirit of the Noise protocol used by many of todays instant messaging solutions like Matrix, Signal, WhatsApp and XMPP.
This project was funded through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 957073.
