Microsoft has recently published an interesting open source project called "PQCrypto-VPN" that implements post-quantum cryptography (PQC) within OpenVPN. Being developed by the Microsoft Research Security and Cryptography group as part of their research into post-quantum cryptography, this fork is being used to test PQC algorithms and their performance and functionality when used with VPNs.
Post-quantum cryptography algorithms are encryption algorithms that are designed to be secure against attack by quantum computers. While quantum computers are still in their infancy, it is theorized that current encryption algorithms can be cracked using a sufficiently powerful quantum computer in a short period of time. Due to this, researchers are creating new algorithms that are designed to protect a user's privacy and sensitive data as quantum computers become more readily available.
Microsoft's PQCrypto-VPN is published on Github and allows anyone to build an OpenVPN implementation that can encrypt communications using three different post-quantum cryptography protocols, with more coming as they are developed. These protocols are:
- Frodo: a key exchange protocol based on the learning with errors problem
- SIKE: a key exchange protocol based on Supersingular Isogeny Diffie-Hellman
- Picnic: a signature algorithm using symmetric-key primitives and non-interactive zero-knowledge proofs
The project also contains instructions on how to build the PQCrypto-VPN OpenVPN implementation for both Linux and Windows. Another nice feature are instructions on how to build a Raspberry Pi 3 WiFi access point that tunnels all of its traffic over the post-quantum VPN. This allows all connected clients to automatically use these new encryption algorithms while they are connected to the Raspberry Pi.
Microsoft warns, though, that this project is still experimental and that it will be a few years before it can even be determined if the algorithms are actually safe from a quantum computing attack. Therefore, it should not be used for protecting sensitive data.
"Because this project is experimental, it should not be used to protect sensitive data or communications at this time. Further cryptanalysis and research must first be done over the next few years to determine which algorithms are truly post-quantum safe."
Governments investing heavily in Quantum Research
Quantum research has quickly become an arms race with governments investing heavily into quantum computing research. This is because whoever dominates in this field will have significant advantages in artificial intelligence, medicine, code breaking, and defense.
This is especially true when it comes to cracking encrypted communications, which with quantum computers would theoretically take little time to complete. Therefore, it is important for researchers to developer post-quantum algorithms that can continue to protect data and communications even when quantum computing becomes available.
Comments
UG26 - 5 years ago
Microsoft's work on OpenVPN does not hurt -- but Wireguard is the next generation VPN technology. It not only attempts to address the same issues as Microsoft is doing here, it's also vastly better performing, with a much smaller and more manageable code base that's easier to audit.
https://www.wireguard.com/performance/