Microsoft has recently published an interesting open source project called “PQCrypto-VPN” which implements post-quantum cryptography (PQC) within OpenVPN. Being developed by the Microsoft Research Security and Cryptography group as part of their research into post-quantum cryptography, this fork is being used to test PQC algorithms and their performance and functionality when used with VPNs.
Post-quantum cryptography algorithms are encryption algorithms that are designed to be secure against attack by quantum computers.
While quantum computers are still in their early stages it is theorized that current encryption algorithms can be cracked using a sufficiently powerful quantum computer in a short period of time. Due to this fact, researchers are creating new algorithms that are designed to protect a user’s privacy and sensitive data as quantum computers become more readily available.
Microsoft’s PQCrypto-VPN is published on Github – which is now owned by microsoft – and allows anyone to build an OpenVPN implementation that can encrypt communications using three different post-quantum cryptography protocols, with more coming as they are developed. These protocols are:
- Frodo: a key exchange protocol based on the learning with errors problem
- SIKE: a key exchange protocol based on Supersingular Isogeny Diffie-Hellman
- Picnic: a signature algorithm using symmetric-key primitives and non-interactive zero-knowledge proofs
The project also contains instructions on how to build the PQCrypto-VPN OpenVPN implementation for both Linux and Windows. Another nice feature are instructions on how to build a Raspberry Pi 3 WiFi access point that tunnels all of its traffic over the post-quantum VPN. This allows all connected clients to automatically use these new encryption algorithms while they are connected to the Raspberry Pi.