Bringing IPsec into the Quantum Safe Era

By Cristian Boian, Principal Engineer, Software Development

March 7, 2025

Over the next five years, all security protocols and public key cryptography will undergo a comprehensive overhaul to ensure quantum safety. This represents the most significant change in these domains since the advent of public key cryptography.

Quantum Safe Cryptography

With rapid advances in quantum computers, which have the potential to break public key cryptography, the scenario of “harvest now, decrypt later” becomes more and more plausible. So, authorities, academics and businesses operating in the security and cryptography field have started to design, test and standardize new cryptographic algorithms which should be resistant to a quantum computer attack.

These new quantum-safe or “post quantum” algorithms are now set to become mandatory by 2030, either completely replacing “classic” algorithms or working alongside them in a “hybrid” mode.

The switch to quantum-safe algorithms requires significant changes to security protocols like IPsec and TLS.
Quantum Safe IPsec Toolkit 1.1 supported standards and RFCs:

Rambus is at the forefront of the transition to quantum-safe security, and we have introduced a new software product: Quantum Safe IPsec Toolkit.  Already at version 1.1 Quantum Safe IPsec Toolkit is the first-to-market IPsec implementation which supports both ML-KEM and ML-DSA, based on latest standards and RFCs.

NIST standards:

• ML-KEM FIPS 203 (based on Kyber)
• ML-DSA FIPS 204 (based on Dilithium)

IPsec/IKEv2 quantum-safe features, RFCs and drafts:

• RFC 9242: Intermediate Exchange in IKEv2
• RFC 9370: Multiple Key Exchanges in IKEv2
• ML-KEM for IKE negotiation based on draft-kampanakis-ml-kem-ikev2
• ML-DSA in certificates based on RFC draft-ietf-lamps-dilithium-certificates
• ML-DSA in IKEv2 signature authentication, based on RFC 7427.
• ML-DSA in IKEv2 raw public key authentication, based on RFC 7670.

Performance Focus

Quantum-safe IPsec is only half the story of the Quantum Safe IPsec Toolkit, the other half is its performance and scalability. We have built upon the extensive experience of IPsec Toolkit and increased our focus on performance making Quantum Safe IPsec Toolkit the fastest IKE implementation available on the market. We have increased overall performance by up to 20% when compared to last IPsec Toolkit release 10.

Quantum safe cryptography brings overall slightly better performance than ‘classic’ algorithms with ML-KEM outperforming ‘classic’ DH groups while ML-DSA is on par with RSA. You can see in the graph below that ML-KEM-768 is faster than the fastest ECP group, DH group 19 (ECP 256), and ML-DSA-65 certificate authentication has similar performance with RSA2048 certificates.

• Test HW environment: Intel Core i7-4790K 4.0 GHz 8 core, direct 10Gbps connection
• Additional test parameters: IKEv2, PSK, Diffie-Hellman group 19 (ECP-256), AES128-GCM (AES-NI) and SHA 256
• Product: Quantum Safe IPsec Toolkit 1.1

The graph above shows the performance of a selection of the new quantum-safe configurations and a few commonly used classic ones, operating both stand-alone and in hybrid mode. The data shows number of SAs per second, negotiated and installed in the Linux kernel data plane. SA stand for Security Association also known as “states” in Linux. The OS for this test is Debian Linux 12 “Bookworm” with current long term kernel versions.

Learn more about Quantum Safe IPsec Toolkit here.