White Paper

Telco & Communications Service Providers

Cloud Service Providers
Federal & Defense

Arqit and Intel Test Post Quantum

Cryptography (PQC) Solution
Arqit SKA-Platform* achieves quantum-secure and high-performance IPsec
throughput on 4th Gen Intel® Xeon® Scalable processor-based servers

Optimized networking solutions are easy to configure and operate while also re-
maining fast, reliable, and secure. FD.io’s Vector Packet Processor (VPP) is a fast,
scalable layer 2-4 multi-platform network stack, that has become a networking
staple across the world due to its high-performance. While FD.io does not have a
production-ready Internet Key Exchange v2 (IKEv2) implementation, it can be
combined with strongSwan, an open-source and multiplatform IPsec virtual private
network (VPN) library, to provide a comprehensive and secure networking solution.
Intel has previously demonstrated the performance of VPP combined with strong-
Swan (VPP-SSwan), achieving a 1.89 Terabit no drop rate (NDR) IPsec tunnel in
tests using a server based on the 4th Gen Intel® Xeon® Scalable processor1.
However, the key exchange method used by VPP-SSwan to establish IPsec con-
nections will be broken in the near future by cryptographically relevant quantum
computers (CRQC). The risk posed is grave, as stated in the White House-published
National Security Memorandum 10 (NSM-10)2.
“When it becomes available, a [CRQC] could jeopardize civilian and military
communications, undermine supervisory and control systems for critical in-
frastructure, and defeat security protocols for most Internet-based financial
transactions.”
Even before quantum computers become available, it was possible for attackers to
steal and store data today and decrypt it in the future when they can get a CRQC.
Information that needs to be kept secret for a long time (state secrets, personal
health and genomics data, trade secrets, financial data, etc.) are already at risk since
they can be easily siphoned from public networks and stored encrypted in a data
silo until it can be decrypted. This is known as a store now, decrypt later (SNDL)
attack.
Arqit, an Intel® Network Builders community member, offers its SKA-Platform,
which is a cloud-hosted or on-prem service that can secure networks with encryp-
tion that is unbreakable by a quantum computer. The SKA-Platform allows endpoints
to upgrade the security of communication channels they create, such as the IPsec
tunnels created by VPP-SSwan.
This document outlines how the Arqit SKA-Platform can be used to enhance the
Table of Contents
existing FD.io VPP-SSwan setup via highly secure quantum-safe authentication
Arqit’s Solution: SKA-Platform . . 2 and symmetric key agreement (SKA) between endpoints in line with existing stan-
dards and recommendations, including NSM-10.
Arqit SKA-Platform and Intel: Real
World PQC Use Cases. . . . . . . . . . . . . 3
Testing and Results . . . . . . . . . . . . . . . 4
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . 5
White Paper | Arqit and Intel Test Post Quantum Cryptography (PQC) Solution

Performance testing verifies that the SKA-Platform can be tiple KEMs of different types to increase assurance should
used to upgrade IPsec connections such that they are quan- any single KEM be weakened, and since this is a one-time reg-
tum secure while maintaining maximum performance, there- istration process which is not time sensitive, KEMs with larg-
by showing how Arqit and Intel can provide a joint post-quan- er key sizes and compute requirements can be used (e.g. Clas-
tum cryptography (PQC) solution without compromising the sic McEliece cryptography system). All PQA KEM key
1.89 Terabit NDR IPsec tunnel throughput achieved by Intel1, exchanges are made over a TLS channel, ensuring at least
a leadership feat in the world of post-quantum encryption. classical protection, in line with recommendations from NIST
and others that require hybrid cryptography.
Additionally, the solution is optimal for small form factor de-
vices where security was previously limited by size, weight Once the initial master authentication key has been delivered
and power (SWaP) requirements and the need for specialist it is used by the endpoint to form the initial authentication key
hardware crypto devices. Arqit has developed the SKA-Plat- that will strongly authenticate with the SKA-Platform. In ad-
form as a full endpoint security solution for a range of device dition, the authentication key is ratcheted with each successive
types, with robust methods for endpoint authentication, pro- authentication, meaning a new authentication key is derived
visioning, key agreement, and management that are provably from the previous one in a way that cannot be reversed. This
secure. This is a hybrid solution that provides defense in depth ensures that each authentication key has a relatively short
and crypto agility for future flexibility. lifetime (e.g., minutes or hours), configurable by the user, that
mitigates spoofing attacks and simplifies key revocation. The
This document outlines how the SKA-Platform can interoper-
authentication method used employs irreversible hash func-
ate with existing IPsec solutions such as VPP-SSwan, enabling
tions that are not breakable by any known classical or quantum
an out-the-box PQC-ready solution on a variety of Intel® ar-
algorithm.
chitecture-based hardware. High-grade compute, such as the
4th Gen Intel Xeon Scalable processors, provide extremely This final symmetric authentication key forms the basis of the
high encrypted network throughput rates, such as the 1.89 Tb security association between the endpoint and the platform
NDR IPsec tunnel achieved previously while such encryption meaning that any information the platform sends to the end-
being PQC-ready. Additionally, the solution can also be fully point can be considered quantum safe.
deployed on a platform based on Intel® NetSec Accelerator
Reference Design (i.e., a “server on a card”), opening possi- Symmetric Key Agreement
bilities across edge computing, IoT and small form factor de-
Almost all secure communication today is based on two par-
vices.
ties sharing a symmetric key. The party sending data uses the
key to encrypt data, and the recipient uses the same key to
Arqit’s Solution: SKA-Platform decrypt it. The encryption and decryption ciphers (e.g.,
The following sections outline the device lifecycle, describing AES256) are extremely efficient and are often optimized at
how an endpoint is registered with the SKA-Platform and sub- the hardware layer. If the key has sufficient length (i.e., great-
sequently agrees symmetric keys for connections with other er than 128 bits), these methods are known to be extremely
endpoints. This is all facilitated by lightweight software at the secure and robust against even quantum-based attacks.
endpoint, providing flexible tools to ensure any device can
The problem with these methods is how two endpoints, Alice
utilize the SKA-Platform.
and Bob, agree to a shared symmetric key in the first place.
This is known as the key distribution problem – if Alice must
Authentication transmit the key to Bob in advance it creates the opportunity
Authentication, or the ability to ensure the identity of an indi- for a bad actor to steal the key and eavesdrop on their com-
vidual, has central importance in security. Arqit takes an ap- munication.
proach to authentication that ensures the highest level of
There are two widely used methods to solve this problem:
security available today, so that all devices within a network
can be trusted. 1. Manual key delivery/pre-shared keys. A trusted courier
manually delivers the key to Alice and Bob without using
This process begins with the delivery of a master authentica-
a network. This can be highly secure but is also extreme-
tion key, which serves as a root-of-trust and can be stored us-
ly impractical and expensive for large, disparate networks.
ing secure or verified hardware. This key is generated in the
These keys are also infrequently replaced, meaning large
SKA-Platform and is then either delivered securely out-of-
volumes of information can be decrypted if one is lost or
band or encapsulated with keys generated through multiple
stolen. This can be an O[n2] solution in the worst case.
post-quantum key encapsulation mechanism (KEM) algo-
rithms. 2. Public-key protocols. These rely on a mathematical
problem that is difficult for a classical computer to invert,
In the latter scenario, the encapsulated key is delivered to the
e.g. factorizing large integers. The most used protocol is
endpoint at point of registration. These algorithms are drawn
Diffie-Hellman key exchange. While these methods are
from the candidates in NIST’s Post-Quantum Cryptography
much more convenient than manual delivery, the functions
Standardization Process3 and are intended as quantum-safe
they rely on will be efficiently inverted by quantum com-
replacements for public-key protocols.
puters in the future making them much less secure than
These methods are not yet standardized so Arqit uses mul- initially believed.
White Paper | Arqit and Intel Test Post Quantum Cryptography (PQC) Solution

Arqit’s alternative solution is Symmetric Key Agreement which Importantly, the platform does not have all the information it
combines the high security of manual key delivery with the needs to create the same key as it does not know the secret
convenience and scalability of public-key protocols. that Alice and Bob shared in step 2. This is a split-trust mech-
anism, meaning that information is split between multiple
This balance is achieved through the introduction of a split-
channels. Any attack on the SKA-Platform would not result
trust4 third party, the Arqit SKA-Platform, which assists Alice
in the loss of encryption keys, keeping the data secure.
and Bob in creating symmetric keys on demand. Entities reg-
ister once with the platform and dynamically agree on keys This shared symmetric key can now be used in many ways to
between themselves, leading to a much simpler solution. This secure the data passing between endpoints, e.g. in an IPsec
method of key agreement is secure because it relies on sym- tunnel, or at the application level to encrypt data with AES. A
metric cryptography, which is a type of PQC that’s extremely new key can be requested as often as required for the use case.
secure against attacks including by quantum computers. It’s Since the key is a standard 256-bit symmetric key it can also
also efficient and scalable due to the hub-and-spoke topology be easily mixed with other keys generated through other meth-
of a single platform coordinating key agreement among all ods for a robust defense-in-depth approach.
endpoints.
Alice now wants to create a shared key with another endpoint, Arqit SKA-Platform and Intel: Real World PQC
Bob, which they can use to secure communication between Use Cases
them. We assume that both Alice and Bob are fully authenti- The principles outlined in the previous sections can be applied
cated and provisioned with the platform. Arqit has created its to a wide range of real-world use cases. In writing this docu-
own protocol that allows Alice and Bob to create a shared sym- ment, one specific architecture was developed for perfor-
metric key using the platform as a broker as seen below: mance testing and proof-of-concept purposes, but this can
1. Alice and Bob use a confidential channel to create a be extended for deployment across edge computing, IoT,
shared secret using a traditional (not necessarily quan- legacy systems and more.
tum-safe) method, e.g. over TLS.
Site-to-site PQC IPsec
2. Alice sends a request to the SKA-Platform over the
quantum-safe channel using the session key, created when The performance test results in the following section were
she authenticated using her authentication key, to create produced using a standard site-to-site IPsec gateway between
an intermediate key based on knowledge of Alice’s ID from two GCP C3 hosts based on 4th Gen Intel Xeon Scalable pro-
her authentication token and Bob’s ID sent by Alice. The cessors. The underlying technology builds upon the VPP-
SKA-Platform takes a key from its HSM and hashes it with SSwan work completed previously, where the two popular
this information to create the intermediate key, which is open-source projects, strongSwan and VPP, were combined
then returned to Alice. by Intel to demonstrate easy-to-use functionality and incred-
ibly fast packet processing speeds on Intel Xeon Scalable
3. Bob sends a request to the server, also over a quantum- processor platforms.
safe connection using his session key, and receives the
same intermediate key based on his ID from his authenti- The reason this IPsec VPN setup can be upgraded from clas-
cation token and Alice’s ID sent by Bob. sical cryptography to PQC is because strongSwan implements
the RFC 8784 standard5 from version 5.7.0 onwards. This
4. Both Alice and Bob now hash the intermediate key with allows a post-quantum pre-shared key (PPK) in addition to the
their shared secret and recover the same shared sym- authentication method that is already provided by IKEv2. This
metric key. additional PPK is stirred into the exchange such that quantum
resistance is provided to the IPsec security associations (SAs),
protecting data-in-transit against quantum attack.
The SKA-Platform removes the cumbersome requirement
of pre-sharing this key in typical systems, instead generating
the key directly at the endpoints. The Arqit endpoint software
is lightweight and easily deployable on any device, agreeing
symmetric keys that are provided as PPKs to strongSwan as
and when the IPsec VPN connection is required. Furthermore,
keys can be automatically rotated extremely frequently, unlike
typical pre-shared keys which are difficult to change once
implemented in a system.

Figure 1. Schematic showing how two endpoints interact

with the SKA to create a symmetric key.
White Paper | Arqit and Intel Test Post Quantum Cryptography (PQC) Solution

Figure 2. Example quantum-secure IPsec architecture using the SKA-Platform and VPP-SSwan on two Intel hosts.

Testing and Results SSwan such that data can be transmitted between them. The
AES256-GCM encryption algorithm was used along with a
The throughput test deployment is not designed for hitting 256-bit elliptic curve group to provide the public key infra-
maximum performance but is instead architected such that structure (PKI) component needed to agree on the final key.
the results prove that IPsec throughput remains unchanged However, two different scenarios were considered:
when the SKA-Platform is incorporated into the system. The
main aim was to prove that an out-of-the-box PQC-ready solu- 1. The two hosts do not use the SKA-Platform and there-
tion could be achieved without compromising performance. fore do not mix a PPK into the key material, so this is not
With the correct network configuration and hardware stack, quantum safe as it is fully dependent on the underlying
it would then be possible to achieve the record breaking 1.89 PKI.
Tb solution with PQC in place to mitigate against the quantum
2. The two hosts use the SKA-Platform to agree on the
attack.
shared PPK, which stirred into the key material to enable
a quantum safe connection.
Deloyment Setup
The specifications of the two Intel hosts used for testing can
The deployment architecture is exactly as laid out in Figure 2.
be found in Table 1. As noted, the individual elements in this
Two Intel hosts establish an IPsec VPN tunnel using VPP-
case hold little importance as it is the comparison between
the throughput measurements that provides real value.

Table 1. Testbed system setup.

White Paper | Arqit and Intel Test Post Quantum Cryptography (PQC) Solution

Table 2. Configuration for the iperf3 throughout measurement.

Throughput Testing Process The maximum throughput achieved during testing was iden-
tical in both cases, with a value of 1.55 Gbps achieved. The
The throughput tests were executed using iperf3 , a simple
6
average throughput was 1.44 Gbps and 1.37 Gbps with and
tool for measuring IP network bandwidth. Once the IPsec
without the SKA-Platform respectively, again proving Arqit
tunnel was established in each case, one host acts as the iperf3
can provide PQC capability without any reduction in through-
client and the other the server, with the tool transmitting data
put performance.
for five minutes. The parameters can be found in Table 2.
The results would be identical if not for random fluctuations
Results in network performance (e.g., a throughput measurement in
a given second could differ from the average by up to ~0.3
The results (see Figure 3) demonstrate that IPsec throughput
Gbps).
was unchanged with and without the SKA-Platform, proving
that a PQC solution can be achieved without compromising Overall, it is clear that a quantum secure IPsec tunnel can be
performance. achieved without compromising performance if Arqit SKA
provides a dynamically generated PPK.

Figure 3. IPsec throughput performance with and without the SKA-Platform.

White Paper | Arqit and Intel Test Post Quantum Cryptography (PQC) Solution

Summary Furthermore, the Arqit SKA-Platform and VPP-SSwan sup-

port a wide range of protocols and encryption algorithms,
The Arqit SKA-Platform is a cloud-hosted or on-prem service
offering users the flexibility to select the best option for their
that can secure networks with encryption that is unbreakable
specific needs. With strongSwan's user-friendly interface and
by a quantum computer. This allows endpoints to upgrade the
Arqit’s easy-to-use SKA-Platform and SDK, setting up and
security of communication channels they create such as IPsec
managing VPN connections is simple, even for those with
tunnels.
limited networking experience.
VPP-SSwan is a software solution that combines the advan-
Overall, the Arqit SKA-Platform and VPP-SSwan is an excel-
tages of two popular open-source projects, strongSwan and
lent choice for anyone looking for a quantum safe VPN solution
FD.io VPP. strongSwan provides a user-friendly interface for
that combines ease-of-use with high-performance networking
setting up secure communication channels using VPNs, while
capabilities and lightweight software requirements.
VPP is a high-performance networking stack that uses hard-
ware acceleration to achieve incredibly fast packet processing
speeds on platforms based on Intel Xeon Scalable processors. Learn More
By merging these three technologies, this integration provides Arqit Website
users with an easy-to-use VPN solution that delivers excep-
strongSwan
tional performance and is also quantum safe. With VPP's
packet processing capabilities, VPP-SSwan can handle large FD.io VPP
volumes of network traffic with low latency, making it ideal for
use in high-performance computing environments. The Ar- 4th Gen Intel Xeon Scalable processors
qit SKA-Platform and lightweight endpoint software enhanc- Intel NetSec Accelerator Reference Design
es the VPN solution, enabling post-quantum security without
compromising performance. Intel Network Builders

In addition to high-performance architectures, the lightweight

nature of the software solution means small form factor de-
vices can now be provided with this technology. While these
endpoints and systems were previously limited by SWaP re-
quirements and hardware crypto devices, this solution now
provides quantum secure symmetric encryption to small form
factor for the first time.

1
Intel, “FD.io VPP-SSwan and Linux-CP – Integrate StrongSwan with World’s First Open Sourced 1.89 Tb IPsec Solution Technology Guide” (Network &
Edge Platform documents, Intel Corporation, 2023)
2
White House, “National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryp-
tographic Systems” (official memorandum, Washington, DC: White House, 2022)
3
“Post-Quantum Cryptography”, NIST, https://csrc.nist.gov/projects/post-quantum-cryptography
4
Despite the introduction of a third party, we consider the SKA to be split trust because it does not have enough information to know the key agreed by Alice
and Bob.
5
IETF, “Mixing Preshared Keys in the Internet Key Exchange Protocol Version 2 (IKEv2) for Post-quantum Security” (Internet Standards Track document,
Internet Engineering Task Force, 2020).
6
iperf3, https://iperf.fr/ (iperf Official Website, 2024).
7
TCP Slowstart, https://en.wikipedia.org/wiki/TCP_congestion_control#Slow_start (Wikipedia, 2024).
8
IETF, “Type of Service in the Internet Protocol Suite” (Internet Standards Track document, Internet Engineering Task Force, 1992).

Notices & Disclaimers

Performance varies by use, configuration and other factors. Learn more on the Performance Index site.
Performance results are based on testing as of dates shown in configurations and may not reflect all publicly available updates. No product or component can be absolutely secure.
Intel does not control or audit third-party data. You should consult other sources to evaluate accuracy.
Intel technologies may require enabled hardware, software or service activation.
No product or component can be absolutely secure.
Your costs and results may vary.

© Intel Corporation. Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries. *Other names and brands may be claimed as the property of others.

0424/DC/DJA/PDF Please Recycle 359830 -001US