Hybrid Quantum Security for IPsec

• URL: http://arxiv.org/abs/2507.09288v1
• Date: Sat, 12 Jul 2025 13:54:04 GMT
• Title: Hybrid Quantum Security for IPsec
• Authors: Javier Blanco-Romero, Pedro Otero García, Daniel Sobral-Blanco, Florina Almenares Mendoza, Ana Fernández Vilas, Manuel Fernández-Veiga,
• Abstract summary: This paper presents the first systematic comparison of sequential versus parallel hybrid QKD-PQC key establishment strategies for IPsec.<n>We introduce two novel approaches for incorporating QKD into Internet Key Exchange version 2 (IKEv2) with support for both ETSI GS QKD 004 stateful and ETSI GS QKD 014 stateless API specifications.<n>Our key insight is that parallel hybrid approaches eliminate the multiplicative latency penalties inherent in sequential methods mandated by RFC 9370.
• Score: 1.8637078358591843
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Quantum Key Distribution (QKD) offers information-theoretic security against quantum computing threats, but integrating QKD into existing security protocols remains an unsolved challenge due to fundamental mismatches between pre-distributed quantum keys and computational key exchange paradigms. This paper presents the first systematic comparison of sequential versus parallel hybrid QKD-PQC key establishment strategies for IPsec, revealing fundamental protocol design principles that extend beyond specific implementations. We introduce two novel approaches for incorporating QKD into Internet Key Exchange version 2 (IKEv2) with support for both ETSI GS QKD 004 stateful and ETSI GS QKD 014 stateless API specifications: (1) a pure QKD approach that replaces computational key derivation with identifier-based quantum key coordination, and (2) a unified QKD-KEM abstraction that enables parallel composition of quantum and post-quantum cryptographic methods within existing protocol frameworks. Our key insight is that parallel hybrid approaches eliminate the multiplicative latency penalties inherent in sequential methods mandated by RFC 9370, achieving significant performance improvements under realistic network conditions. Performance evaluation using a Docker-based testing framework with IDQuantique QKD hardware demonstrates that the parallel hybrid approach significantly outperforms sequential methods under network latency conditions, while pure QKD achieves minimal bandwidth overhead through identifier-based key coordination. Our implementations provide practical quantum-enhanced IPsec solutions suitable for critical infrastructure deployments requiring defense-in-depth security.

Related papers

• A Survey on Continuous Variable Quantum Key Distribution for Secure Data Transmission: Toward the Future of Secured Quantum-Networks [0.0]
  Quantum key distribution (QKD) is a cornerstone of secure communication in the quantum era.<n> continuous-variable QKD (CV-QKD) has emerged as a more practical alternative due to its seamless compatibility with current telecommunications infrastructure.<n>CV-QKD relies on coherent and squeezed states of light, offering significant advantages for integration into modern optical networks.
  arXiv  Detail & Related papers  (2025-06-25T19:58:44Z)
• Hybrid Implementation for Untrusted-node-based Quantum Key Distribution Network [16.242325482656927]
  Quantum key distribution (QKD) serves as a cornerstone of secure quantum communication.<n>We present a hybrid system that seamlessly integrates TF-QKD and MDI-QKD into one untrusted-node-based architecture.<n> Experiments demonstrate secure finite-size key rates for sending-or-not-sending QKD and MDI-QKD over fiber distances of 150 to 431 km.
  arXiv  Detail & Related papers  (2025-03-07T02:27:41Z)
• High-Fidelity Coherent-One-Way QKD Simulation Framework for 6G Networks: Bridging Theory and Reality [105.73011353120471]
  Quantum key distribution (QKD) has been emerged as a promising solution for guaranteeing information-theoretic security.<n>Due to the considerable high-cost of QKD equipment, a lack of QKD communication system design tools is challenging.<n>This paper introduces a QKD communication system design tool.
  arXiv  Detail & Related papers  (2025-01-21T11:03:59Z)
• Practical hybrid PQC-QKD protocols with enhanced security and performance [44.8840598334124]
  We develop hybrid protocols by which QKD and PQC inter-operate within a joint quantum-classical network. In particular, we consider different hybrid designs that may offer enhanced speed and/or security over the individual performance of either approach.
  arXiv  Detail & Related papers  (2024-11-02T00:02:01Z)
• Towards efficient and secure quantum-classical communication networks [47.27205216718476]
  There are two primary approaches to achieving quantum-resistant security: quantum key distribution (QKD) and post-quantum cryptography (PQC) We introduce the pros and cons of these protocols and explore how they can be combined to achieve a higher level of security and/or improved performance in key distribution. We hope our discussion inspires further research into the design of hybrid cryptographic protocols for quantum-classical communication networks.
  arXiv  Detail & Related papers  (2024-11-01T23:36:19Z)
• Quantum-Secured Data Centre Interconnect in a field environment [38.4938584033229]
  Quantum key distribution (QKD) is an established quantum technology at a high readiness level. In this article, we present the successful implementation of a QKD field trial within a commercial data centre environment. The achieved average secret key rate of 2.392 kbps and an average quantum bit error rate of less than 2% demonstrate the commercial feasibility of QKD in real-world scenarios.
  arXiv  Detail & Related papers  (2024-10-14T08:05:25Z)
• The Road to Near-Capacity CV-QKD Reconciliation: An FEC-Agnostic Design [53.67135680812675]
  A new codeword-based QKD reconciliation scheme is proposed. Both the authenticated classical channel (ClC) and the quantum channel (QuC) are protected by separate forward error correction (FEC) coding schemes. The proposed system makes QKD reconciliation compatible with a wide range of FEC schemes.
  arXiv  Detail & Related papers  (2024-03-24T14:47:08Z)
• Practical quantum secure direct communication with squeezed states [37.69303106863453]
  We report the first table-top experimental demonstration of a CV-QSDC system and assess its security.<n>This realization paves the way into future threat-less quantum metropolitan networks, compatible with coexisting advanced wavelength division multiplexing (WDM) systems.
  arXiv  Detail & Related papers  (2023-06-25T19:23:42Z)
• Improved coherent one-way quantum key distribution for high-loss channels [0.0]
  We present a simple variant of COW-QKD and prove its security in the infinite-key limit. Remarkably, the resulting key rate of our protocol is comparable with both the existing upper-bound on COW-QKD key rate and the secure key rate of the coherent-state BB84 protocol.
  arXiv  Detail & Related papers  (2022-06-17T00:07:03Z)
• Authentication of quantum key distribution with post-quantum cryptography and replay attacks [1.8476815769956565]
  Quantum key distribution (QKD) and post-quantum cryptography (PQC) are two cryptographic mechanisms with quantum-resistant security. We propose two protocols based on PQC to realize the full authentication of QKD data post-processing.
  arXiv  Detail & Related papers  (2022-06-02T17:29:34Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.