Open-Source Post-Quantum Encryptor: Design, Implementation and Deployment

Abstract

This article describes an open-source quantum-resistant network traffic encryptor for the Linux platform. Our encryptor uses a combination of quantum and post-quantum key establishment methods to achieve quantum resistance combined with a fast encryption speed of AES to make quantum-resistant encryption readily available to the public. The packet-by-packet encryption architecture ensures that every bit of information is properly authenticated and encrypted. The combination of multiple key sources further increases the encryptor’s security – be it elliptic curve-based (Elliptic Curve Diffie Hellman, ECDH), quantum (Quantum Key Distribution, QKD) or post-quantum (CRYSTALS-Kyber). Without knowing all the keys obtained from different types of key sources, the final hybrid encryption key can only be obtained by brute-force means. Our contribution is very practical as the encryptor has reasonable performance, despite not being part of the Linux kernel.This article describes an open-source quantum-resistant network traffic encryptor for the Linux platform. Our encryptor uses a combination of quantum and post-quantum key establishment methods to achieve quantum resistance combined with a fast encryption speed of AES to make quantum-resistant encryption readily available to the public. The packet-by-packet encryption architecture ensures that every bit of information is properly authenticated and encrypted. The combination of multiple key sources further increases the encryptor’s security – be it elliptic curve-based (Elliptic Curve Diffie Hellman, ECDH), quantum (Quantum Key Distribution, QKD) or post-quantum (CRYSTALS-Kyber). Without knowing all the keys obtained from different types of key sources, the final hybrid encryption key can only be obtained by brute-force means. Our contribution is very practical as the encryptor has reasonable performance, despite not being part of the Linux kernel.