C. Henry
SeraphVPN,
United States
Keywords: quantum, networking, cybersecurity
Summary:
The rapid advancement of cryptographically relevant quantum computers poses a material risk to today’s VPN infrastructure, which overwhelmingly depends on classical public-key cryptography that will become vulnerable under quantum attack. While post-quantum cryptographic (PQC) algorithms have now been standardized, most existing VPN solutions treat PQC as a drop-in replacement rather than re-examining the deeper protocol assumptions around authentication, replay, control-plane trust, and failure behavior. This gap leaves many “post-quantum” solutions vulnerable to downgrade, replay, or authorization ambiguity—even when strong algorithms are used. PALISADE is a post-quantum-native tunneling protocol designed from first principles around quantum-era threat models, and SeraphVPN is a production-grade VPN system built to demonstrate PALISADE’s real-world viability. Rather than retrofitting PQC into legacy designs, PALISADE restructures tunnel establishment itself as a cryptographically authorized event with explicit, fail-closed semantics. Its security-critical path relies exclusively on standardized post-quantum primitives—ML-KEM-768 for key establishment and Dilithium-3 for authentication—without fallback to classical public-key cryptography. PALISADE combines several properties not previously unified in VPN protocols: deterministic handshake canonicalization, transcript-bound key derivation, strict replay resistance based on epochs and sequence numbers (independent of timestamps), encrypted packet headers with minimal exposed metadata, formally specified post-quantum 0-RTT resumption with bounded replay risk, and authenticated session migration governed by cryptographic epochs. A hierarchical key schedule enables rekeying and forward secrecy while maintaining clear separation between cryptographic domains. A distinguishing architectural contribution is the tight binding of control-plane authorization to tunnel establishment. In SeraphVPN, post-quantum proof-of-possession authentication is used to issue short-lived session grants that are cryptographically validated during the handshake itself. This eliminates reliance on long-lived credentials, prevents unauthorized tunnel creation under replay, and removes implicit trust in out-of-band control channels. Control-plane authorization, authentication, replay protection, rekeying, resumption, and migration are all enforced through a single transcript-driven security model rather than loosely coupled subsystems. PALISADE’s specification emphasizes not only cryptographic strength but also correctness under failure. The protocol defines explicit security invariants and includes negative end-to-end test cases demonstrating fail-closed behavior under handshake tampering, packet replay, early-data abuse, and resource-exhaustion attempts. This focus on failure semantics addresses real operational risks often overlooked in protocol design. Together, PALISADE and SeraphVPN show that fully post-quantum VPN infrastructure can be deployed today using standardized PQC algorithms, without sacrificing performance, operational clarity, or security rigor. The result is not merely a VPN that uses post-quantum cryptography, but an original protocol architecture intentionally shaped around post-quantum threats, modern deployment realities, and long-term security assurance.