Funding

Funding since July 2021, 65 months by dtec.bw – Digitalization and
Technology Research Center of the Bundeswehr.
dtec.bw is funded by the European Union – NextGenerationEU

Contact

M. Sc. David Schatz (technical)
Prof. Dr.-Ing. Günter Schäfer (administrative)

Website of the main project

Motivation and Goal

Asymmetric cryptography is a key enabler for a scalable realization of secure communications in modern IT infrastructures. Unfortunately, the security of currently deployed schemes, such as RSA and the Diffie-Hellman key exchange, is threatened by the ongoing research in quantum computing. As soon as sufficiently large quantum computers exist, these approaches can be broken by Shors's algorithm. Furthermore, a transition to quantum-resistant solutions for key exchange is urgent: Attackers could already store encrypted traffic today, in the hope to decrypt it in the future ("store now, decrypt later").

One mandatory countermeasure is the additional use of post quantum cryptography (PQC), in hybrid constructs with traditional cryptography. Unfortunately, the practical aspects (e.g., implementation security) for the deployment of PQC are not studied as well as for their traditional counterparts, yet. And even long term security vulnerabilities in PQC algorithms cannot be completely ruled out as of today. Consequently, alternative solutions that can be deployed alongside PQC are still being researched.

The goal of the MuQuaNet project is to design, deploy, and maintain a quantum-resistant communication network in the Munich area. The network shall be used for research and evaluation, also by providing access to other research institutes and organizations. One approach that is in the focus of the research is Quantum Key Distribution (QKD). In contrast to PQC, the security of QKD does not rely on mathematical assumptions, but on the laws of quantum mechanics.

As part of the MuQuaNet projects, the research at the department Telematics/Computer Networks especially focuses on quantum-resistant communication in IPsec-based virtual private networks (VPNs).

Approach

TU Ilmenau
Figure 1
TU Ilmenau
Figure 2

As baseline countermeasure, PQC is deployed within the IKEv2 protocol (Internet Key Exchange) as already standardized. On top, our approach aims to maximize cryptographic agility by supporting as many different alternative approaches as possible. One fundamental concept to achieve this goal is the concept of opportunistic re-keying [LSS25], as depicted in Figure 1. Basically, opportunistic re-keying is a chained application of a key derivation function (KDF). At each step, the current internal state is combined with newly available key material to derive the next state and a new session key. This key chain has the special property (proven in the random oracle model) that even a single input that is unknown to attackers is sufficient to guarantee the security of all following session keys [LSS25]. This also holds if attackers know or even control all other inputs (resilience). The only assumption about the input keys is that all inputs that are not known/controlled by attackers have a certain amount of minimum entropy. As no other assumptions about the source of the inputs are made, cryptographic agility is maximized.

While opportunistic re-keying already provides security in depth regarding the used key exchange methods (the attacker has to break them all), we also aim for security in depth in terms of implementation security. Therefore, we use the derived session keys to encrypt all packets sent during the IKEv2 protocol as a whole, using a separate component called IKE proxy (see Figure 2) [SKS+23, SASM24]. Another function of the IKE proxy is to perform a simple key synchronization protocol so that pairwise communication partners always derive the identical key chain and consequently identical session keys.

Apart from QKD, we mainly research the following other alternatives for a quantum-resistant key exchange:

  • Classic McEliece is the most conservative PQC algorithm today, but cannot be used within the IKEv2 protocol due to its very large public keys. Instead, it can be performed periodically by the IKE proxy with known communication partners, and the exchanged keys can then be used as input for the corresponding key chain.

  • The idea of the Business Trip Key Exchange (BTKE) is to automatically distribute key material out-of-band [SKS26a]. To be more precise, the goal is to leverage business trips between sites of an organization by using the mobile devices of employees as transport medium for key material. While one can argue that each individual device might be susceptible for compromise, the security of our overall approach is not threatened by this due to the resilience of opportunistic re-keying. Furthermore, the required effort for attackers is drastically increased because he is forced to always compromise a large fraction of all mobile devices in order to never "miss" any key material.

  • Multipath Key Reinforcement (MKR) describes the idea to distribute key material in-band over different paths in the VPN [SKS26b]. If attackers do not manage to always eavesdrop all paths (and break the mandatorily used PQC on these paths), additional point-to-point security (e.g., achieved by Classic McEliece, QKD, or BTKE) can quickly "spread" throughout the complete VPN.

Publications

[SKS26b]

 

Schatz, David; Koerfgen, Hedwig; Schaefer, Guenter: A Distributed Protocol for Multipath Key Reinforcement in Virtual Private Networks. QSNS, 2026. Accepted and in Press.

[KSS+26]

 

Koerfgen, Hedwig; Schatz, David; Smeenk, Guido E.; Schaefer, Guenter; Koch, David: A Shared Risk Link Group Approach for Multi-Path Key Relay in QKD Networks. QCNC, 2026. Accepted and in Press.

[SKS26a]

 

Schatz, David; Koerfgen, Hedwig; Schaefer, Guenter: Automated Distribution of Out-of-Band Key Material in Virtual Private Networks. ICISSP, 2026. Accepted and in Press. Preprint.

[LSS25]

 

Lucks, Stefan; Schatz, David; Schaefer, Guenter: On the Security of Opportunistic Re-Keying. SECRYPT, 2025. Preprint.

[SASM24]

 

Schatz, David; Altheide, Friedrich; Schaefer, Guenter; Martius, Kai: Quantensichere VPN-Infrastrukturen. 20. Deutscher IT-Sicherheitskongress, 2024.

[SAK+23]

 

Schatz, David; Altheide, Friedrich; Koerfgen, Hedwig; Rossberg, Michael; Schaefer, Guenter: Virtual Private Networks in the Quantum Era: A Security in Depth Approach. SECRYPT, 2023. Preprint.