PQConnect: Automated Post-Quantum End-to-End Tunnels
Daniel J. Bernstein
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · Secure Protocols
This talk introduces **PQConnect**, an innovative system designed to establish automated, end-to-end post-quantum secure tunnels for all network traffic originating from a host. Developed as joint work by Daniel J. Bernstein, Tanya Longa, and Bian, PQConnect addresses the critical and looming threat posed by quantum computers to current cryptographic standards, particularly **TLS (Transport Layer Security)**. The project aims to accelerate the deployment of **Post-Quantum Cryptography (PQC)** on the internet by providing a solution that requires no application modifications or prior peer-specific configuration, a significant departure from traditional VPNs.
AI review
DJB doing DJB things — takes a real problem (harvest-now-decrypt-later, TLS ecosystem fragility) and ships an actual working system instead of another whitepaper. The DNS CNAME peer-discovery trick is genuinely clever: zero extra round-trips, backward compatible, and it piggybacks public key commitments on infrastructure that already exists everywhere. Solid contribution.