{"id":484023,"date":"2018-05-22T16:43:06","date_gmt":"2018-05-22T23:43:06","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/?post_type=msr-project&p=484023"},"modified":"2020-09-14T08:07:56","modified_gmt":"2020-09-14T15:07:56","slug":"post-quantum-crypto-vpn","status":"publish","type":"msr-project","link":"https:\/\/www.microsoft.com\/en-us\/research\/project\/post-quantum-crypto-vpn\/","title":{"rendered":"Post-quantum Cryptography VPN"},"content":{"rendered":"
Every time you make a secure connection over the internet – to your bank, to Facebook, or nearly anywhere online – cryptography is what keeps that communication secure. Some of that cryptography\u00a0is based upon\u00a0mathematical problems known to be solvable by a quantum computer. As\u00a0the\u00a0scientists working on quantum computers continue to make progress, cryptographers are at work as well, developing new post-quantum cryptosystems based upon\u00a0mathematical problems which\u00a0we believe are\u00a0resistant to\u00a0quantum attacks.<\/p>\n
When it comes time, migrating all network traffic,\u00a0including communications from services and applications,\u00a0to new post-quantum\u00a0cryptography will be a time-consuming and\u00a0lengthy process. Fortunately, we have some time. Even the most optimistic estimates are that it will be five or more years before a sufficiently powerful and stable quantum computer capable of breaking today’s public-key cryptography\u00a0is running.<\/p>\n
As we and other research teams around the world work\u00a0to develop new cryptosystems, we\u00a0are\u00a0testing how candidates\u00a0work with real-world protocols and applications. One of the most important scenarios for post-quantum crypto\u00a0is VPNs.<\/p>\n
VPNs establish a secure link between two points on the internet and allow applications to run inside them as if they were on the same network.\u00a0In the future, when\u00a0post-quantum cryptosystems have been vetted by efforts like the NIST Post-Quantum Project<\/a>, VPNs that are protected by post-quantum cryptography can be rapidly deployed to protect existing applications, until the applications themselves can be updated to use the new algorithms natively.<\/p>\n You can go directly to our project page at GitHub here.<\/a><\/p>\n This project takes a fork of the OpenVPN software and combines it with post-quantum cryptography. In this way, we can\u00a0test these algorithms with VPNs, evaluating functionality and performance of the quantum resistant\u00a0cryptography. Because this project is experimental, it should not be used to protect sensitive data or communications at this time. Further cryptanalysis and research must first\u00a0be done over the next\u00a0few years to\u00a0determine which algorithms are truly post-quantum safe.<\/p>\n In the current release, traffic is only protected from attack by a quantum computer when the traffic passes through the VPN tunnel between the client and the server.<\/p>\n <\/p>\n After traffic exits the VPN server,\u00a0communication staying within a organization\u2019s own internal network or a trusted cloud provider is protected. When working with this software, construct your test application architecture to ensure this is the case.\u00a0Should traffic go out onto the public internet, as in the above diagram to Server 2, it will only be protected by classical cryptography and would again be vulnerable to attack by a quantum computer.<\/p>\n For more information on how to download and use this software, as well as the source code and build instructions, please see\u00a0our project page at GitHub<\/a><\/u>. Binary releases can be found on the\u00a0GitHub releases page<\/a><\/u>.<\/p>\n More information on post-quantum cryptography can be found on\u00a0the overall post-quantum cryptography project page<\/a><\/u>.<\/p>\n Please file bug reports, feature requests, and other issues with the code on the GitHub issues tracker<\/a>. For contributions via pull requests, please see the section on Contributing on the GitHub project page.<\/p>\n Please send other feedback, questions, and comments to us at msrsc@microsoft.com<\/a> – we’d like to hear from you!<\/p>\n <\/p>\n Karen Easterbrook<\/a><\/p>\n Principal Lead Program Manager<\/p>\n<\/li>\n Kevin Kane<\/a><\/p>\n Principal Software Development Engineer<\/p>\n<\/li>\n Brian LaMacchia<\/a><\/p>\n Distinguished Engineer<\/p>\n<\/li>\n Dan Shumow<\/a><\/p>\n Senior Software Development Engineer<\/p>\n<\/li>\n Greg Zaverucha<\/a><\/p>\n Senior Software Development Engineer<\/p>\n<\/li>\nPost-quantum Crypto VPN Software<\/h2>\n
Figure 1: Traffic between the Client and Server 1 has post-quantum protection, because Server 1 is on the same trusted network as the VPN Server. Traffic between the Client and Server 2 does not have post-quantum crypto protection.<\/h6>\n
Talk to us<\/h2>\n
Research Team<\/h2>\n
\n