Documentation
Welcome to the documentation page for Rosenpass! This guide contains everything you need to get started with Rosenpass as a software developer, a scientist, a potential collaborator, or as anyone looking to upgrade their security to be post-quantum secure.
The content found here can be broadly split into two categories: software and science. You will find links to installation and compilation guides, versioning information, and command-line manuals, as well as to our whitepaper describing the Rosenpass protocol, presentations looking to communicate the scientific underpinnings of our project, and the results of a penetration test performed on our software.
Quick Start
If you simply want to get the Rosenpass tool up and running quickly, you are best served using our Quick Start Guide. It contains everything you need to download, configure, and start a WireGuard connection using the Rosenpass key exchange.
The Rosenpass Project
Rosenpass is a project to produce free/libre, open source, and open science cryptographic tooling to aid the migration of the internet’s infrastructure towards post-quantum secure cryptography, e.g. encryption and authentication.
Currently, the project consists of the Rosenpass protocol, a cryptographic analysis of its security using ProVerif, and its implementation in the Rosenpass tool. We focus our work towards better integration of academic cryptography, the development of software, and its deployment in industry and infrastructure.
This document is a guide for engineers and researchers implementing the protocol. It is a scientific paper discussing the secruity properties of Rosenpass as a work-in-progress.
Radically Open Security's January 2024 report on their penetration test of the Rosenpass tool late in 2023. This document outlines several attacks, tests, and reviews of code and practice relating to the Rosenpass tool, and a summary of the findings.
As part of our work, we give numerous talks and presentations aimed at communicating the science behind the Rosenpass tool, project and protocol, as well as cryptography more generally. This section contains the presentation slides for several of these talks and, where available, video recordings of them. Please be aware that some of these talks are not in English, but are clearly marked as such.
The Rosenpass Tool
The Rosenpass tool is a daemon, written in Rust, that implements the Rosenpass protocol to create and exchange hybridised post-quantum and classically secure keys between two peers. Using a hybrid security model allows us to preserve the reliability of battle-proven classical cryptography whilst still providing the necessary upgrade to secure against decryption of data by quantum computers (i.e., protect against “store-now decrypt-later attacks”).
The Rosenpass tool works best and most natively with WireGuard, as it was first envisioned specifically to inject post-quantum secured keys into WireGuard using its Pre-Shared Key parameter. However, as the Rosenpass tool can export its shared secrets to a file, it can be implemented in other use cases. We were able to demonstrate its potential for integration with Transport Layer Security (TLS), in this tutorial on using OpenSSL with Rosenpass.
A quick start guide on downloading, configuring, and booting the Rosenpass tool for use with a WireGuard connection.
A summary of the major changes and fixes across full Rosenpass tool releases.
A guide on how to compile the Rosenpass tool yourself, including installation via the binary files. This is useful if you want to use the Rosenpass tool on systems we do not currently provide packages for.
A link to the Rosenpass tool's source code in its GitHub repository. Much of the Rosenpass tool's development is monitored there, and we are responsive to issues, feature requests, and other topics raised directly in the repository.
The Rosenpass tool's man pages explaining the command line interfaces, converted for viewing in a web browser.