Migrating Protocols to the Post-Quantum Setting: The Case of Wireguard — Guilhem Niot
Date : 03 juin 2026 à 15:00 — 15 min.
WireGuard is widely deployed in industry thanks to its performance, simplicity, and reduced attack surface. As organizations prepare for the post-quantum transition and the "harvest now, decrypt later" threat, VPN handshakes must evolve without compromising operational constraints such as packet size, latency, and extended attack mitigation. In this talk, we revisit post-quantum WireGuard, presenting a redesign that significantly improves deployment feasibility compared to prior work. Our construction reduces server-side key storage requirements by factors of 190–390× while strictly adhering to WireGuard’s practical constraints. Along the way, we discuss the challenges of migrating real-world protocols to the post-quantum setting, highlighting how we uncovered and addressed several pitfalls in earlier proposals.
This presentation is based on our full paper, to appear at S&P 2026. This talk focuses on the high-level ideas and practical implications of our work.