{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,15]],"date-time":"2026-05-15T03:06:35Z","timestamp":1778814395223,"version":"3.51.4"},"reference-count":47,"publisher":"MDPI AG","issue":"8","license":[{"start":{"date-parts":[[2024,8,21]],"date-time":"2024-08-21T00:00:00Z","timestamp":1724198400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100010665","name":"Marie Sk\u0142odowska-Curie Actions","doi-asserted-by":"publisher","award":["101073355"],"award-info":[{"award-number":["101073355"]}],"id":[{"id":"10.13039\/100010665","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100010665","name":"Marie Sk\u0142odowska-Curie Actions","doi-asserted-by":"publisher","award":["101097560"],"award-info":[{"award-number":["101097560"]}],"id":[{"id":"10.13039\/100010665","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Key Digital Technologies Joint Undertaking program","award":["101073355"],"award-info":[{"award-number":["101073355"]}]},{"name":"Key Digital Technologies Joint Undertaking program","award":["101097560"],"award-info":[{"award-number":["101097560"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>In the near future, commercially accessible quantum computers are anticipated to revolutionize the world as we know it. These advanced machines are predicted to render traditional cryptographic security measures, deeply ingrained in contemporary communication, obsolete. While symmetric cryptography methods like AES can withstand quantum assaults if key sizes are doubled compared to current standards, asymmetric cryptographic techniques, such as RSA, are vulnerable to compromise. Consequently, there is a pressing need to transition towards post-quantum cryptography (PQC) principles in order to safeguard our privacy effectively. A challenge is to include PQC into existing protocols and thus into the existing communication structure. In this work, we report on the first experimental IPsec tunnel secured by the PQC algorithms Falcon, Dilithium, and Kyber. We deploy our IPsec tunnel in two scenarios. The first scenario represents a high-performance data center environment where many machines are interconnected via high-speed networks. We achieve an IPsec tunnel with an AES-256 GCM encrypted east\u2013west throughput of 100 Gbit\/s line rate. The second scenario shows an IPsec tunnel between a wireless NVIDIA Jetson and the cloud that achieves a 0.486 Gbit\/s AES-256 GCM encrypted north\u2013south throughput. This case represents a mobile device that communicates securely with applications running in the cloud.<\/jats:p>","DOI":"10.3390\/fi16080300","type":"journal-article","created":{"date-parts":[[2024,8,22]],"date-time":"2024-08-22T04:26:57Z","timestamp":1724300817000},"page":"300","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Wireless and Fiber-Based Post-Quantum-Cryptography-Secured IPsec Tunnel"],"prefix":"10.3390","volume":"16","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-5966-0682","authenticated-orcid":false,"given":"Daniel Christian","family":"Lawo","sequence":"first","affiliation":[{"name":"Department of Electrical Engineering, Eindhoven University of Technology, 5600 MB Eindhoven, The Netherlands"},{"name":"Software Architecture, Nvidia Corporation, Yokneam Illit 2066730, Israel"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rana","family":"Abu Bakar","sequence":"additional","affiliation":[{"name":"Consorzio Nazioinale Interuniversitario per le Telecomunicazioni, 56124 Pisa, Italy"},{"name":"Istituto di Telecomunicazioni, Informatica e Fotonica, Scuola Superiore Sant\u2019Anna, 56124 Pisa, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Abraham","family":"Cano Aguilera","sequence":"additional","affiliation":[{"name":"Department of Electrical Engineering, Eindhoven University of Technology, 5600 MB Eindhoven, The Netherlands"},{"name":"Software Architecture, Nvidia Corporation, Yokneam Illit 2066730, Israel"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Filippo","family":"Cugini","sequence":"additional","affiliation":[{"name":"Consorzio Nazioinale Interuniversitario per le Telecomunicazioni, 56124 Pisa, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4220-4111","authenticated-orcid":false,"given":"Jos\u00e9 Luis","family":"Ima\u00f1a","sequence":"additional","affiliation":[{"name":"Department of Computer Architecture and Automation, Universidad Complutense de Madrid, 28040 Madrid, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Idelfonso","family":"Tafur Monroy","sequence":"additional","affiliation":[{"name":"Department of Electrical Engineering, Eindhoven University of Technology, 5600 MB Eindhoven, The Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Juan Jose","family":"Vegas Olmos","sequence":"additional","affiliation":[{"name":"Software Architecture, Nvidia Corporation, Yokneam Illit 2066730, Israel"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2024,8,21]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"505","DOI":"10.1038\/s41586-019-1666-5","article-title":"Quantum supremacy using a programmable superconducting processor","volume":"574","author":"Arute","year":"2019","journal-title":"Nature"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Crippa, L., Tacchino, F., Chizzini, M., Aita, A., Grossi, M., Chiesa, A., Santini, P., Tavernelli, I., and Carretta, S. (2021). Simulating Static and Dynamic Properties of Magnetic Molecules with Prototype Quantum Computers. Magnetochemistry, 7.","DOI":"10.3390\/magnetochemistry7080117"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Codognet, P., Diaz, D., and Abreu, S. (2022, January 10\u201316). Quantum and Digital Annealing for the Quadratic Assignment Problem. Proceedings of the 2022 IEEE International Conference on Quantum Software (QSW), Barcelona, Spain.","DOI":"10.1109\/QSW55613.2022.00016"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"054062","DOI":"10.1103\/PhysRevApplied.13.054062","article-title":"Quantum Advantage in Cryptography with a Low-Connectivity Quantum Annealer","volume":"13","author":"Hu","year":"2020","journal-title":"Phys. Rev. Appl."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"73","DOI":"10.1080\/23335777.2020.1811384","article-title":"Leveraging the power of quantum computing for breaking RSA encryption","volume":"7","author":"Sharma","year":"2021","journal-title":"Cyber-Phys. Syst."},{"key":"ref_6","unstructured":"Dworkin, M.J., Barker, E.B., Nechvatal, J.R., Foti, J., Bassham, L.E., Roback, E., and Dray, J.F. (2024, January 17). Advanced Encryption Standard (AES), Available online: https:\/\/nvlpubs.nist.gov\/nistpubs\/fips\/nist.fips.197.pdf."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"55","DOI":"10.46586\/tosc.v2019.i2.55-93","article-title":"Quantum Security Analysis of AES","volume":"2019","author":"Bonnetain","year":"2019","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Alagic, G., Cooper, D., Dang, Q., Dang, T., Kelsey, J.M., Lichtinger, J., Liu, Y.K., Miller, C.A., Moody, D., and Peralta, R. (2024, January 18). Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process, Available online: https:\/\/nvlpubs.nist.gov\/nistpubs\/ir\/2022\/NIST.IR.8413.pdf.","DOI":"10.6028\/NIST.IR.8413"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Bernstein, D.J., Buchmann, J., and Dahmen, E. (2009). Introduction to post-quantum cryptography. Post-Quantum Cryptography, Springer.","DOI":"10.1007\/978-3-540-88702-7"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Ding, J., and Schmidt, D. (2005). Rainbow, a New Multivariable Polynomial Signature Scheme. Applied Cryptography and Network Security, Springer.","DOI":"10.1007\/11496137_12"},{"key":"ref_11","unstructured":"Bernstein, D.J., H\u00fclsing, A., K\u00f6lbl, S., Niederhagen, R., Rijneveld, J., and Schwabe, P. (2023, December 20). The SPHINCS+ Signature Framework. Available online: https:\/\/eprint.iacr.org\/2019\/1086."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Bernstein, D.J., Buchmann, J., and Dahmen, E. (2009). Code-based cryptography. Post-Quantum Cryptography, Springer.","DOI":"10.1007\/978-3-540-88702-7"},{"key":"ref_13","unstructured":"Albrecht, M.R., Bernstein, D.J., Chou, T., Cid, C., Gilcher, J., Lange, T., Maram, V., Von Maurich, I., Misoczki, R., and Niederhagen, R. (2024, January 13). Classic McEliece: Conservative Code-Based Cryptography. Available online: https:\/\/inria.hal.science\/hal-04288769\/document."},{"key":"ref_14","unstructured":"Fouque, P.-A., Hoffstein, J., Kirchner, P., Lyubashevsky, V., Pornin, T., Prest, T., Ricosset, T., Seiler, G., Whyte, W., and Zhang, Z. (2024, January 15). Fast-Fourier Lattice-Based Compact Signatures over NTRU. Available online: https:\/\/falcon-sign.info\/."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"238","DOI":"10.46586\/tches.v2018.i1.238-268","article-title":"CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme","volume":"2018","author":"Ducas","year":"2018","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Bos, J., Ducas, L., Kiltz, E., Lepoint, T., Lyubashevsky, V., Schanck, J.M., Schwabe, P., Seiler, G., and Stehle, D. (2018, January 24\u201326). CRYSTALS\u2014Kyber: A CCA-Secure Module-Lattice-Based KEM. Proceedings of the 2018 IEEE European Symposium on Security and Privacy (EuroS&P), London, UK.","DOI":"10.1109\/EuroSP.2018.00032"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Fitzgibbon, G., and Ottaviani, C. (2024). Constrained Device Performance Benchmarking with the Implementation of Post-Quantum Cryptography. Cryptography, 8.","DOI":"10.3390\/cryptography8020021"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Vidakovi\u0107, M., and Mili\u010devi\u0107, K. (2023). Performance and Applicability of Post-Quantum Digital Signature Algorithms in Resource-Constrained Environments. Algorithms, 16.","DOI":"10.3390\/a16110518"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"345","DOI":"10.1016\/j.comcom.2023.11.010","article-title":"Quantum-resistant Transport Layer Security","volume":"213","author":"Rommel","year":"2024","journal-title":"Comput. Commun."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Paul, S., Kuzovkova, Y., Lahr, N., and Niederhagen, R. (June, January 30). Mixed Certificate Chains for the Transition to Post-Quantum Authentication in TLS 1.3. Proceedings of the ASIA CCS \u201922: 2022 ACM on Asia Conference on Computer and Communications Security, New York, NY, USA.","DOI":"10.1145\/3488932.3497755"},{"key":"ref_21","first-page":"908","article-title":"A Hardware-Software Co-Design for the Discrete Gaussian Sampling of FALCON Digital Signature","volume":"2023","author":"Karabulut","year":"2023","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"372","DOI":"10.46586\/tches.v2018.i3.372-393","article-title":"Standard Lattice-Based Key Encapsulation on Embedded Devices","volume":"2018","author":"Howe","year":"2018","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"575","DOI":"10.1109\/TPDS.2020.3025691","article-title":"PQC Acceleration Using GPUs: FrodoKEM, NewHope, and Kyber","volume":"32","author":"Gupta","year":"2021","journal-title":"IEEE Trans. Parallel Distrib. Syst."},{"key":"ref_24","unstructured":"Gupta, N., Jati, A., Chattopadhyay, A., and Jha, G. (2024, January 16). Lightweight Hardware Accelerator for Post-Quantum Digital Signature CRYSTALS-Dilithium. Available online: https:\/\/eprint.iacr.org\/2022\/496."},{"key":"ref_25","unstructured":"Karl, P., Schupp, J., Fritzmann, T., and Sigl, G. (2024, January 20). Post-Quantum Signatures on RISC-V with Hardware Acceleration. Available online: https:\/\/eprint.iacr.org\/2022\/538."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Yaman, F., Mert, A.C., \u00d6zt\u00fcrk, E., and Sava\u015f, E. (2021, January 1\u20135). A Hardware Accelerator for Polynomial Multiplication Operation of CRYSTALS-KYBER PQC Scheme. Proceedings of the 2021 Design, Automation & Test in Europe Conference & Exhibition (DATE), Grenoble, France.","DOI":"10.23919\/DATE51398.2021.9474139"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Mert, A.C., \u00d6zt\u00fcrk, E., and Sava\u015f, E. (2019, January 28\u201330). Design and Implementation of a Fast and Scalable NTT-Based Polynomial Multiplier Architecture. Proceedings of the 2019 22nd Euromicro Conference on Digital System Design (DSD), Kallithea, Greece.","DOI":"10.1109\/DSD.2019.00045"},{"key":"ref_28","unstructured":"\u015eah \u00d6zcan, A., and Sava\u015f, E. (2024, January 20). Two Algorithms for Fast GPU Implementation of NTT. Available online: https:\/\/eprint.iacr.org\/2023\/1410."},{"key":"ref_29","unstructured":"Schmid, M., Amiet, D., Wendler, J., Zbinden, P., and Wei, T. (2024, January 20). Falcon Takes Off\u2014A Hardware Implementation of the Falcon Signature Scheme. Available online: https:\/\/eprint.iacr.org\/2023\/1885."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"112","DOI":"10.1016\/j.future.2020.01.049","article-title":"IPsec for high speed network links: Performance analysis and enhancements","volume":"107","author":"Ullah","year":"2020","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"e12901","DOI":"10.1049\/ell2.12901","article-title":"First end-to-end PQC protected DPU-to-DPU communications","volume":"59","author":"Aguilera","year":"2023","journal-title":"Electron. Lett."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"38048","DOI":"10.1109\/ACCESS.2024.3374629","article-title":"Falcon\/Kyber and Dilithium\/Kyber Network Stack on Nvidia\u2019s Data Processing Unit Platform","volume":"12","author":"Lawo","year":"2024","journal-title":"IEEE Access"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Aguilera, A.C., Abu Bakar, R., Alhamed, F., Garcia, C.R., Ima\u00f1a, J., Monroy, I.T., Cugini, F., and Olmos, J.V. (2024, January 26\u201328). First Line-rate End-to-End Post-Quantum Encrypted Optical Fiber Link Using Data Processing Units (DPUs). Proceedings of the 2024 Optical Fiber Communications Conference and Exhibition (OFC), San Diego, CA, USA.","DOI":"10.1364\/OFC.2024.M1G.4"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Alia, O., Huang, A., Luo, H., Amer, O., Pistoia, M., and Lim, C. (2024, January 24\u201328). Quantum-safe 10 Gbps Site-to-Site IPsec VPN Tunnel over 46 km Deployed Fibre. Proceedings of the Optical Fiber Communication Conference (OFC) 2024, San Diego, CA, USA.","DOI":"10.1364\/OFC.2024.Th3B.5"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"420","DOI":"10.1016\/j.procs.2024.06.189","article-title":"Hybrid QKD-based framework for secure enterprise communication system","volume":"239","author":"Rencis","year":"2024","journal-title":"Procedia Comput. Sci."},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Seo, S.H., and Seo, H. (2023). A Performance Evaluation of IPsec with Post-Quantum Cryptography. Information Security and Cryptology\u2014ICISC 2022, Springer.","DOI":"10.1007\/978-3-031-29371-9"},{"key":"ref_37","first-page":"461","article-title":"The osi model: Overview on the seven layers of computer networks","volume":"2","author":"Kumar","year":"2014","journal-title":"Int. J. Comput. Sci. Inf. Technol. Res."},{"key":"ref_38","unstructured":"Hamed, H., Al-Shaer, E., and Marrero, W. (2005, January 6\u20139). Modeling and verification of IPSec and VPN security policies. Proceedings of the 13TH IEEE International Conference on Network Protocols (ICNP\u201905), Boston, MA, USA."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Dhall, H., Dhall, D., Batra, S., and Rani, P. (2012, January 7\u20138). Implementation of IPSec Protocol. Proceedings of the 2012 Second International Conference on Advanced Computing & Communication Technologies, Rohtak, India.","DOI":"10.1109\/ACCT.2012.64"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Sadikin, M.A., and Wardhani, R.W. (2016, January 28\u201330). Implementation of RSA 2048-bit and AES 256-bit with digital signature for secure electronic health record application. Proceedings of the 2016 International Seminar on Intelligent Technology and Its Applications (ISITIA), Lombok, Indonesia.","DOI":"10.1109\/ISITIA.2016.7828691"},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"147","DOI":"10.1023\/A:1008302122286","article-title":"The Diffie\u2013Hellman Protocol","volume":"19","author":"Maurer","year":"2000","journal-title":"Des. Codes Cryptogr."},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Gentry, C., Peikert, C., and Vaikuntanathan, V. (2024, January 20). Trapdoors for Hard Lattices and New Cryptographic Constructions. Available online: https:\/\/eprint.iacr.org\/2007\/432.","DOI":"10.1145\/1374376.1374407"},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Soni, D., Basu, K., Nabeel, M., Aaraj, N., Manzano, M., and Karri, R. (2021). Hardware Architectures for Post-Quantum Digital Signature Schemes. Hardware Architectures for Post-Quantum Digital Signature Schemes, Springer International Publishing.","DOI":"10.1007\/978-3-030-57682-0"},{"key":"ref_44","unstructured":"Aragon, N., Barreto, P., Bettaieb, S., Bidoux, L., Blazy, O., Deneuville, J.C., Gaborit, P., Ghosh, S., Gueron, S., and G\u00fcneysu, T. (2024, January 15). BIKE: Bit Flipping Key Encapsulation. Available online: https:\/\/bikesuite.org\/."},{"key":"ref_45","unstructured":"Jao, D., Azarderakhsh, R., Campagna, M., Costello, C., De Feo, L., Hess, B., Jalili, A., Koziel, B., LaMacchia, B., and Longa, P. (2024, January 15). SIKE: Supersingular Isogeny Key Encapsulation. Available online: https:\/\/static1.squarespace.com\/static\/5fdbb09f31d71c1227082339\/t\/5ff378bdac5ecf06b683b05b\/1609791681245\/2017-ECCinvitedtalk.pdf."},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"629","DOI":"10.21817\/indjcse\/2021\/v12i3\/211203138","article-title":"New Approach to Combine Secret Keys for Post-Quantum (PQ) Transition","volume":"12","author":"Meher","year":"2021","journal-title":"Indian J. Comput. Sci. Eng."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"108","DOI":"10.1109\/MNET.002.2100538","article-title":"Low-latency PON PHY implementation on GPUs for fully software-defined access networks","volume":"36","author":"Suzuki","year":"2022","journal-title":"IEEE Netw."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/16\/8\/300\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T15:40:14Z","timestamp":1760110814000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/16\/8\/300"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,8,21]]},"references-count":47,"journal-issue":{"issue":"8","published-online":{"date-parts":[[2024,8]]}},"alternative-id":["fi16080300"],"URL":"https:\/\/doi.org\/10.3390\/fi16080300","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,8,21]]}}}