Assessing the Viability of Quantum-Resistant IKEv2 over Constrained and Internet-Scale Networks

TL;DR

This paper evaluates the performance challenges of implementing quantum-resistant IKEv2 in real-world network conditions, highlighting significant overheads and bottlenecks that hinder adoption in constrained and large-scale networks.

Contribution

It develops a reproducible testbed to measure RFC proposals for quantum-resistant IKEv2, revealing performance issues under realistic network conditions and emphasizing the need for further optimization.

Findings

High data overhead (400-1000x) in lossy wireless links.

Bottlenecks at high round-trip times and packet loss.

Current RFCs are insufficient for practical deployment.

Abstract

Within 1-2 decades, quantum computers may become powerful enough to break current public-key cryptography, prompting authorities such as the IETF and NIST to push for adopting quantum-resistant cryptography (QRC) in ecosystems like Internet Protocol Security (IPsec). Yet, IPsec struggles to adopt QRC, primarily because Internet Key Exchange Protocol Version 2 (IKEv2), which sets up IPsec sessions, cannot easily tolerate the large public keys and digital signatures of QRC. Many IETF RFCs have been proposed to integrate QRC into IKEv2, but their performance and interplay remain largely untested in practice. In this paper, we measure the performance of these RFCs over constrained links by developing a flexible, reproducible measurement testbed for IPsec with quantum-resistant IKEv2 proposals. Deploying our testbed in lossy wireless links and on the internationally distributed FABRIC testbed for Internet scenarios, we reveal that bottlenecks arise with quantum-resistant IKEv2 under high round-trip times, non-trivial packet loss, or other constraints. Our results, including the revelation of a 400-1000-fold increase in data overhead over high-loss wireless links, expose the shortcomings of today's RFCs and call for further work in this vital area of post-quantum network security.