Ottawa, Ontario, September 23, 2024 –- Quantropi is excited to announce it has partnered with Palo Alto Networks to bring its QiSpace PPK (Post-Quantum Preshared Keys) Generator to customers. This Palo Alto Networks validated Partner solution provides an elevated security posture protecting IPSec VPN traffic against “Harvest Now, Decrypt Later” attacks posed by quantum computing. QiSpace PPK Generator is an RFC 8784 standard compliant solution which provides immediate protection independent of post-quantum cryptography (PQC) standards.

Organizations rely on site-to-site IPSec VPN security to protect their critical data. However, threat actors are storing encrypted communications and data today in order to decrypt them in the future using quantum computing or other advanced capabilities with an attack method called “Harvest Now, Decrypt Later”. To counter this attack vector, IPSec VPNs are beginning to incorporate new NIST PQC algorithms and hybrids, but this approach alone may not be sufficient.

It will take some time before fully approved FIPS-validated software packages with NIST PQC algorithms are available. In addition, the new algorithms do not have the same decades of vetting duration as the classic algorithms in use today.

According to Michael Redding, Quantropi CTO: An immediate/complementary solution such as Post-quantum Preshared Keys is vital to protect critical data and communications and provides a “defense in depth” approach to further mitigate risks

The IETF RFC 8784 standard provides a mechanism to create quantum-secure IPSec VPN connections and is recommended by several government agencies, including NIAP, the NSA, and the German Federal Office for Information Security. It uses Post-quantum Preshared Keys (PPKs) that are shared by an out of band mechanism. The PPKs are “mixed” with the classic keys from the key exchange process and the resulting mixed keys are used to encrypt communications. These mixed keys are secure against Shor’s algorithm running on a quantum computer and other advanced attacks targeting the key exchange process. RFC 8784 protects IPSec VPNs against “Harvest Now, Decrypt Later” and is an immediate low-risk solution to harden communication security, that is independent of upgrading to PQC algorithms.

According to Palo Alto Networks Sr. Principal Product Manager, Philip Kwan: Implementing Post-quantum Preshared Keys as defined by RFC 8784 for IPSec VPNs is by far the easiest way to move to a post-quantum capability. The RFC 8784 standard is fully supported and available today in Palo Alto Networks solutions and will immediately harden VPNs to a post-quantum posture.