June 27 2024 GM

From TCU Wiki
Glitter Meetups

Rosenpass – Securing Cryptographic Applications Against Quantum Computer Attacks

Join us on 27th June to hear from Karolin, a cryptographer at Max Planck Institute for Security and Privacy in Germany, who will be talking about:

  • Rosenpass, an add-on for WireGuard that adds post-quantum security to WireGuard.
  • The importance of how post-quantum security provides a layer of protection for cryptographic applications against quantum computers.
  • Why quantum computers can attack modern cryptographic applications and what techniques are used to protect applications.
  • How Rosenpass can be used by tech-savvy users to protect their own infrastructure against quantum attacks.

Bio: Karolin is a cryptographer at Max Planck Institute for Security and Privacy in Germany. She spent over a decade building various products for start-ups and large tech corporations alike before dedicating herself to cryptography research out of disillusionment with the non-inclusive and often useless products she built in industry. Her research focuses on post-quantum cryptography and applying the mathematical principles of cryptography research to building resilient social structures. In Rosenpass e.V. – the governance organization attached to the Rosenpass project – she acts as chairperson, organizer and project manager.

What is Glitter Meetup?

Glitter Meetup is the weekly town hall of the digital rights and Internet Freedom community at the IF Square on the TCU Mattermost, at 9am EDT / 1pm UTC. It is a text-based chat where digital rights defenders can share regional and project updates, expertise, ask questions, and connect with others from all over the world! Do you need an invite? Learn how to get one here.


Can you tell us can you tell us a little bit about Rosenpass, and why you started it?
  • Rosenpass is a post quantum key exchange protocol that operates as an Add-On to WireGuard.
  • So WireGuard is a VPN in the linux kernel. Its small, efficient and widely used. Its not designed as a user-facing application, but there are ways for users to use it directly. Rather it serves as a base technology for lots of VPN applications that build on it.
  • There are some providers of privacy friendly VPNs so you can connect to the internet with a bit more anonymity; there are lots of datacenters connected through WireGuard, there are corporate VPNs; in short, all sorts of connections.
  • Key Exchange Protocol? Shouldn't you already have keys before running your crypto connection? Yes, but there is this thing called asymmetric encryption; its quite slow but you get a public and a private keypair. Much easier to share your key with someone else if you can just put it on the internet somewhere that to personally send it over.
  • Public key crypto basically makes it possible to create a private (surveylance free) channel if all you have is a channel where the origin of a message (the person who gives you the private key) is authentic.
  • So surveilance free channel from a public but authentic channel.
  • The process that gets you this private channel is a Key Exchange Protocol.
  • The KEX (Key EXchange) gives you a symmetric key shared with the other person; then you just use that shared key for further crypto. Shared key crypto is much faster anyways, so thats all good.
  • WireGuard does the Key Exchange part and the symmetric part, but the key exchange part is not secure against…dum dum dum…quantum computers.
  • I am not going to get into the details about quantum attacks; I'll just link you wikipedia:
  • Shor's algorithm is the important one.
  • Unfortunately, the most efficient asymmetric crypto, the one everybody has used in the last 40 years can be attacked with shor's algorithm. It really is a pity.
How does Post Quantum Secure Cryptography enhance encryption, and, if quantum computers are still in their early stages, why is it important to have cryptography that makes it hard for quantum computers to break?
  • First: So cryptographers started to develop alternatives. Here is the one NIST (american standardization institute) picked: https://pq-crystals.org/kyber/index.shtml
  • So the basic building blocks are already there and they are fairly interchangable. They are slightly different to use than the stuff we have been using previously, so some extra work was needed to make this work in key exchange protocols. The translation was not straight-forward. This translation is what we are working on.
  • So when you are using Rosenpass, you are using this new stuff that can not be attacked by quantum computers. It does what the key exchange in WireGuard does, pretty much precisely. The main difference is: Its unfortunately a bit less efficient, and it can not be broken by quantum computers. The user does not even really see a change, its just not vulnerable.
  • Second, if quantum computers are still in their early stages, why is it important to have cryptography that makes it hard for quantum computers to break. This is the really important bit; and its quite obvious if you think about it: Attackers can just store data transmitted now and decrypt it in the future.
  • A 19TB tape drive goes for around 50 bucks. You can save a lot of chat messages on that tape drive. You can store multiple lifetimes worth of chat messages on that probably. The attack is called "store now decrypt later"
  • If you care about your data not being exposed ten years down the road, you should protect yourself now. No cryptographer should make predictions about when QC takes of, it might never. QC engineers should not make predictions either. Its a risk though.
The setup is more focused on developers or someone running their own WG, not intended for someone using a more mainstream VPN client. Is that correct?
  • Exactly! We do not have the resources to migrate all VPN applications out there. Some applications are already working with us, we hope the number will increase.
  • I should concede that right now we are trying to make it easy for users to use Rosenpass; I think anyone can do it but some experience administrating linux systems is required at the moment unfortunately.
  • Excellent usability is product work. Our forte as a group is knowledge in very specialized areas, not a ton of resources to build a user friendly application.
How do Rosenpass and WireGuard interact?
  • We did not want to just replace WireGuard. Future quantum attacks are a risk, but so are security flaws in a new cryptographic protocol, in new cryptographic building blocks and in our implementation.
  • Even if we replace cryptography with something new, very shiny, very secure and we introduce a bug to our code which allows attackers to gain remote access to the machine somebody is trying to protect, this makes the situation worse.
  • So we decided to go for a hybrid approach. WireGuard does its own asymmetric crypto, but you can specify an additional PSK – pre shared key.
  • So we just generate a PSK for WireGuard – one generated in a quantum-secure way and by using that in addition to its own crypto, WireGuard becomes safe against quantum attack.
  • If there is a cryptographic flaw in rosenpass, the WireGuard key exchange remains as secure as it was.
  • With regards to security flaws in the implementation that would alllow an attacker to gain access to a machine: We are deliberately Running Rosenpass is a more sandboxed area than WireGuard. Our sandbox could be improved a lot though, and thats one of our current research topics
  • We are also in discussions with some other important secure communications projects to integrate Rosenpass without using WireGuard at all. No need to do the same work over an over. Our cryptographic advancements hold in a lot of areas, not just WireGuard.
So this would use OpenVPN or will it be a VPN on its own?
  • OpenVPN uses OpenSSL internally, not WireGuard. We are working on a proof of concept showing that RP can be used with OpenSSL, but it won't be something user facing.
  • There is quite a few network managers supporting configuration of WireGuard, so you could just NetworkManager or install one of those tools and hopefully these will integrate Rosenpass.
Following the conversation on the developer and user facing versions, what are some of the important use cases you envision and have seen with Rosenpass on the internet’s landscape?
  • Thats hard to answer; Rosenpass is a base technology so its a bit like asking "what are use cases for the internet?".
  • I am using WireGuard based VPNs to secure the connection to my personal server. I use a VPN when I want to be more anonymous on the internet but I need more bandwith than Tor allows for.
  • People are using WireGuard VPNs to connect their datacenters between different locations; Working from home is a use case.
  • Any area where an extra layer of security is desired.