Skip to Content
All memories

Quantum Tunneler: A Quantum-Safe IPSec Stack in Rust

 — #post-quantum-cryptography#Rust#IPSec#cryptography#no-std#network-security

Introduction

As quantum computing capabilities advance, classical public-key schemes such as RSA and ECC face existential threats. Quantum Tunneler is a ground-up Rust implementation of a fully quantum-safe IPSec stack, demonstrating how to build secure network tunnels that resist adversaries equipped with quantum hardware. This article walks through the motivations, the core architecture, and the deep technical details that make Quantum Tunneler both performant and future-proof.

The Quantum Threat & Motivation

  1. Shor’s Algorithm breaks RSA/ECDSA/ECDH in polynomial time.
  2. Harvest-now, decrypt-later attacks put any recorded IPSec sessions at risk.
  3. Regulatory & compliance demands are shifting toward post-quantum readiness.

Quantum Tunneler addresses these challenges by replacing the classical Diffie-Hellman and signature primitives at every layer of the IPSec stack with NIST-recommended post-quantum algorithms:

  • CRYSTALS-Kyber for Key Encapsulation Mechanism (KEM)
  • Falcon for digital signatures

Post-Quantum Cryptography Primer

Before diving into the implementation, a quick recap of the two core algorithms:

  • Kyber (KEM)
    • KeyGen: outputs (pk, sk)
    • Encapsulate: using pk produces (ct, ss)
    • Decapsulate: using sk and ct recovers the same ss
  • Falcon (Signature)
    • KeyGen: outputs (pk, sk)
    • Sign: using sk signs arbitrary message bytes → sig
    • Verify: using pk, msg, sig → boolean

Both are implemented in pure Rust (with optional no_std) and integrated via generic traits:

pub trait KeyEncapsulation {
    type PublicKey; type SecretKey; type Ciphertext; type SharedSecret;
    fn keygen() -> (PublicKey, SecretKey);
    fn encapsulate(pk: &PublicKey) -> (Ciphertext, SharedSecret);
    fn decapsulate(sk: &SecretKey, ct: &Ciphertext) -> SharedSecret;
}

pub trait DigitalSignature {
    type PublicKey; type SecretKey; type Signature;
    fn keygen() -> (PublicKey, SecretKey);
    fn sign(sk: &SecretKey, message: &[u8]) -> Signature;
    fn verify(pk: &PublicKey, message: &[u8], sig: &Signature) -> bool;
}

IPSec & IKEv2 Overview

IPSec provides confidentiality, integrity, and anti-replay for IP packets via two main components:

  • IKEv2: mutual authentication & key exchange
  • ESP/AH: packet encapsulation & integrity tags

Quantum Tunneler replaces:

  • The classical Diffie-Hellman in IKE_SA_INIT with a Kyber KEM exchange.
  • The RSA/ECDSA signature in IKE_AUTH with Falcon.
  • The symmetric ciphers / MACs in ESP/AH with hybrid or pure-PQC constructs derived from shared secrets.

Architecture & Workspace Layout

Quantum Tunneler is organized as a Rust workspace:

quantum-tunneler/
├── Cargo.toml            # workspace
├── quantum_ipsec/        # core library
│   ├── Cargo.toml
│   └── src/
│       ├── crypto/       # kyber.rs, falcon.rs, traits.rs
│       ├── ikev2/        # initiator.rs, responder.rs, parser.rs
│       ├── ipsec/        # esp.rs, ah.rs, sa.rs, policy.rs
│       └── utils.rs      # common types & helpers
└── cli/                  # command-line interface
    ├── Cargo.toml
    └── src/
        ├── main.rs
        └── commands/     # init.rs, connect.rs, status.rs, benchmark.rs

Core Crate (quantum_ipsec)

  • crypto/

    • kyber.rs: native Rust KEM implementation, optional use of pqcrypto.
    • falcon.rs: signature scheme, vendored C bindings via unsafe FFI or pure-Rust port.
    • traits.rs: defines KeyEncapsulation & DigitalSignature.

  • ikev2/

    • parser.rs: BER-style message parsing / serialization per RFC 7296.
    • initiator.rs / responder.rs: orchestrate IKE_SA_INIT and IKE_AUTH flows.
    • crypto_adapter.rs: bridges IKE messages to crypto module.

  • ipsec/

    • esp.rs: encapsulates and decapsulates IP packets using shared secrets.
    • ah.rs: computes/validates Falcon-based authentication tags.
    • sa.rs: in-memory store of SPIs, nonces, sequence counters.
    • policy.rs: Security Policy Database (SPD) and SAD management.

CLI (quantum-ipsec)

All commands are thin wrappers around core APIs via clap. Sample usage:

# Initialize local peer, generate PQC keypairs
quantum-ipsec init --config default.toml

# Negotiate IKEv2 with remote peer
quantum-ipsec connect --peer 10.0.0.2 --mode tunnel

# Inspect active SAs
quantum-ipsec status --json

# Benchmark handshake & packet throughput
quantum-ipsec benchmark --duration 30s --payload-size 512

Deep Dive: ESP Packet Flow

  1. SA Lookup: find SA by SPI
  2. Key Derivation: derive symmetric key via HKDF from Kyber SharedSecret
  3. Encryption: encrypt payload with XChaCha20-Poly1305 (or pure-PQC hybrid)
  4. MAC: compute Falcon signature over header + ciphertext
  5. Output: [ SPI | Sequence Number | Ciphertext | Signature ]
pub fn encrypt_packet(sa: &SecurityAssociation, plaintext: &[u8]) -> IpPacket {
    let sym_key = hkdf_expand(&sa.shared_secret, b"esp-key");
    let ciphertext = XChaCha20Poly1305::new(&sym_key).encrypt(nonce, plaintext);
    let signature = Falcon::sign(&sa.sk_sig, &ciphertext);
    IpPacket { spi: sa.spi, seq: sa.seq_next(), data: ciphertext, auth: signature }
}

Performance Considerations & Benchmarking

  • Handshake Latency: measured via criterion for 1 000 Kyber encapsulations + Falcon signatures.
  • Throughput: payload encryption/decryption at various sizes (64 B–1500 B).
  • Memory Footprint: no_std build size (~80 KB on Cortex-M4).
  • Concurrency: multi-peer stress tests using asynchronous Tokio drivers.

Testing & Validation

  • Official Test Vectors from NIST for Kyber and Falcon.
  • Fuzzing with proptest on parsers (parser.rs).
  • Integration: two-node TUN/TAP simulation, packet dumps inspected in Wireshark.
  • Fault Injection: truncated messages, invalid SPIs, replayed packets.

Future Extensions

  • Hybrid Mode: combine AES-GCM with Kyber fallback for incremental migration.
  • WebAssembly Front-End: interactive demos in the browser with WASM.
  • TUI Dashboard: live session metrics via ratatui.
  • QUIC Integration: embed quantum-safe IKEv2 into QUIC handshake.

Conclusion

Quantum Tunneler demonstrates that it is entirely feasible to implement a production-grade IPSec stack with post-quantum security in Rust. By modularizing the core cryptographic primitives, protocol logic, and user interface, the project provides a blueprint for next-generation secure networking—ready for the era of quantum adversaries. Contributions, feedback, and forks are highly encouraged!