PQC-Enhanced QKD Networks: A Layered Approach

Andreas Neuhold; Paul Spooren; Sebastian Ramacher; Thomas H\"uhn

arxiv: 2604.05599 · v1 · submitted 2026-04-07 · 🪐 quant-ph · cs.CR

PQC-Enhanced QKD Networks: A Layered Approach

Paul Spooren , Andreas Neuhold , Sebastian Ramacher , Thomas H\"uhn This is my paper

Pith reviewed 2026-05-10 19:49 UTC · model grok-4.3

classification 🪐 quant-ph cs.CR

keywords quantum key distributionpost-quantum cryptographynetwork architectureforward secrecymulti-hop networkscompositional securitywireguardrosenpass

0 comments

The pith

A dual-layer design stacks QKD hop protection with PQC end-to-end exchange to deliver post-quantum forward secrecy in multi-hop networks.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper describes a modular architecture that secures each network hop with QKD-sourced keys inside WireGuard tunnels while adding an overlay of Rosenpass for post-quantum key exchange across the full path. This setup runs on existing QKD devices and standard protocols without modification. A sympathetic reader would care because it tackles the practical limits of QKD over long distances and multiple hops by adding quantum-resistant end-to-end protection. Experiments in simulations and lab testbeds confirm uninterrupted multi-hop operation, low overhead, and built-in fail-safes.

Core claim

The authors present a layered architecture in which hop-wise tunnels between trusted nodes are protected by WireGuard using periodically rotated pre-shared keys obtained via the ETSI GS QKD 014 interface, with Rosenpass performing a PQC key exchange on top to establish end-to-end channels. This dual-layer composition yields post-quantum forward secrecy and authenticity under practical assumptions while preserving interoperability.

What carries the argument

The dual-layer composition of hop-wise QKD-protected WireGuard tunnels and end-to-end Rosenpass PQC key exchange, which carries the argument by preserving the security of each component under their combination.

If this is right

Multi-hop paths operate without interruption and include fail-safe mechanisms.
The system maintains a low resource footprint suitable for practical deployment.
Operators receive outlined migration paths for adding QKD-aware overlays to existing networks.
Compositional security holds so that the strengths of each layer remain effective in the full system.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

This stacking pattern could apply to other hybrid classical-quantum security designs beyond quantum networks.
Real-world field trials would test whether the low overhead observed in labs scales to production traffic loads.
Replacing Rosenpass with alternative PQC key-exchange protocols would check how sensitive the overall security is to the choice of PQC primitive.

Load-bearing premise

The security guarantees of the QKD and PQC components stay intact and do not create new weaknesses when placed together in this layered setup.

What would settle it

An experiment showing that an attacker can compromise end-to-end forward secrecy or authenticity by targeting the interaction between the QKD tunnels and the PQC overlay.

Figures

Figures reproduced from arXiv: 2604.05599 by Andreas Neuhold, Paul Spooren, Sebastian Ramacher, Thomas H\"uhn.

**Figure 2.** Figure 2: Schematic representation of a layered network [PITH_FULL_IMAGE:figures/full_fig_p006_2.png] view at source ↗

**Figure 3.** Figure 3: Multi-hop setup with Alice, Bob and a trusted node in-between 5 Evaluation 5.1 Simulation and Emulation Results This section presents six experiments to validate the design, evaluate the performance, scalability, and practicality of the combined QKD–PQC architecture under simulated and lab conditions. The experiments cover system scalability, software efficiency, resource usage and cryptographic agility. … view at source ↗

**Figure 4.** Figure 4: Testbed configuration for evaluating the design [PITH_FULL_IMAGE:figures/full_fig_p010_4.png] view at source ↗

**Figure 5.** Figure 5: Simulated testbed featuring two QKD daisy chains and two PQC handshake implementations Test 3 – Enforced Dual QKD Link & Cryptographic Agility [PITH_FULL_IMAGE:figures/full_fig_p011_5.png] view at source ↗

**Figure 6.** Figure 6: Simulated testbed with QKD daisy chain and challenging network conditions Test 4 – Degraded Link Connectivity To evaluate behavior under degraded connectivity, two end nodes were connected through a daisy chain of two intermediate trusted nodes. The link between the trusted nodes was configured with 300 ms latency, 100 ms jitter, and 1% packet loss. These impairments affected both the QKD key negotiation … view at source ↗

read the original abstract

We present a layered and modular network architecture that combines Quantum Key Distribution (QKD) and Post-Quantum Cryptography (PQC) to provide scalable end-to-end security across long distance multi-hop, trusted-node quantum networks. To ensure interoperability and efficient practical deployment, hop-wise tunnels between physically secured nodes are protected by WireGuard with periodically rotated pre-shared keys sourced via the ETSI GS QKD 014 interface. On top, Rosenpass performs a PQC key exchange to establish an end-to-end data channel without modifying deployed QKD devices or network protocols. This dual-layer composition yields post-quantum forward secrecy and authenticity under practical assumptions. We implement the design using open-source components and validate and evaluate it in simulated and lab test-beds. Experiments show uninterrupted operation over multi-hop paths, low resource footprint and fail-safe mechanisms. We further discuss the design's compositional security, wherein the security of each individual component is preserved under their combination and outline migration paths for operators integrating QKD-aware overlays in existing infrastructures.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

read the letter

This paper gives a working engineering integration of QKD hops via WireGuard with Rosenpass PQC end-to-end in trusted-node networks, backed by basic lab tests, but leaves the compositional security as an informal discussion. They source rotated pre-shared keys from QKD devices through the ETSI GS QKD 014 interface to secure hop-wise WireGuard tunnels, then layer Rosenpass on top for an end-to-end post-quantum channel. The approach avoids modifying existing QKD hardware or protocols and includes key rotation plus fail-safe mechanisms. They built it with open-source components and ran it in both simulated and lab testbeds, confirming that multi-hop paths continue without interruption and that the resource use stays modest. The modularity and migration outline are the practical strengths here, as they show how operators could add this overlay to current infrastructures without a full replacement. The main limitation is the security argument. The paper states that the dual-layer design preserves the information-theoretic secrecy of the QKD hops and the post-quantum properties of Rosenpass under practical assumptions, and it discusses compositional security. Yet this stays at the level of an outline rather than a security model, game reduction, or analysis of boundary points such as PSK handoff or tunnel re-establishment. No quantitative performance numbers, error rates, or detailed experiment logs appear in the summary, which makes it harder to judge scalability or edge cases. This work is aimed at engineers and operators who are already deploying or planning QKD networks for critical infrastructure and want a concrete way to add post-quantum protection on top. It is not a theoretical advance or new primitive. I would send it to peer review so referees can examine the implementation details and test whether the informal security discussion holds up or needs more rigor.

Referee Report

2 major / 2 minor

Summary. The manuscript proposes a layered architecture for QKD networks that combines hop-wise WireGuard tunnels (using ETSI GS QKD 014-sourced, periodically rotated PSKs) with an overlay Rosenpass PQC key exchange for end-to-end channels. It claims this dual-layer design delivers post-quantum forward secrecy and authenticity under practical assumptions while preserving the information-theoretic security of individual QKD links. The authors implement the system with open-source components, demonstrate uninterrupted multi-hop operation in simulated and laboratory testbeds, and discuss migration paths for existing infrastructures.

Significance. If the compositional security arguments can be formalized, the work would provide a practical, modular path for enhancing deployed QKD networks with PQC without hardware modifications, supporting scalable long-distance operation and operator migration. The use of open-source tools (WireGuard, Rosenpass, ETSI interface) and testbed validation are concrete strengths that aid reproducibility.

major comments (2)

[Compositional security discussion] In the section on compositional security, the central claim that 'the security of each individual component is preserved under their combination' is asserted via informal discussion and outline of practical assumptions, without a security model, game-based reduction, or proof that an adversary breaking the composite system (e.g., at PSK handoff or tunnel re-establishment) can be reduced to breaking QKD or PQC individually. This is load-bearing for the headline result of post-quantum forward secrecy and authenticity.
[Experimental results and validation] The experimental evaluation (abstract and results) reports 'uninterrupted operation over multi-hop paths, low resource footprint and fail-safe mechanisms' but supplies no quantitative data, error analysis, key-rate measurements, latency statistics, or failure-mode metrics from the simulated and lab testbeds. This leaves the validation of scalability and practicality without measurable support.

minor comments (2)

[Architecture description] Notation for the dual-layer composition (e.g., how Rosenpass keys interact with WireGuard PSK rotation) could be clarified with a diagram or explicit interface description to aid readers unfamiliar with the specific tools.
[Abstract and implementation section] The abstract states successful implementation and tests but the main text should cross-reference specific testbed configurations and open-source repository details for full reproducibility.

Simulated Author's Rebuttal

2 responses · 1 unresolved

We thank the referee for their constructive and detailed review. We address each major comment below, indicating the revisions we will make to strengthen the manuscript while remaining honest about its scope as an applied systems paper.

read point-by-point responses

Referee: In the section on compositional security, the central claim that 'the security of each individual component is preserved under their combination' is asserted via informal discussion and outline of practical assumptions, without a security model, game-based reduction, or proof that an adversary breaking the composite system (e.g., at PSK handoff or tunnel re-establishment) can be reduced to breaking QKD or PQC individually. This is load-bearing for the headline result of post-quantum forward secrecy and authenticity.

Authors: We agree that the compositional security argument is presented informally and lacks a formal security model or game-based reduction. This is a genuine limitation for rigorously supporting the post-quantum forward secrecy claim under composition. In the revised manuscript we will expand the relevant section to explicitly enumerate the practical assumptions, discuss boundary risks such as PSK handoff and tunnel re-establishment, and provide a high-level sketch of how an adversary advantage could be reduced to breaking one of the underlying primitives. We will also clearly state that a complete formal proof lies outside the scope of this applied work. This constitutes a partial revision that improves transparency without overclaiming. revision: partial
Referee: The experimental evaluation (abstract and results) reports 'uninterrupted operation over multi-hop paths, low resource footprint and fail-safe mechanisms' but supplies no quantitative data, error analysis, key-rate measurements, latency statistics, or failure-mode metrics from the simulated and lab testbeds. This leaves the validation of scalability and practicality without measurable support.

Authors: We acknowledge that the experimental results would be substantially stronger with quantitative metrics. While the manuscript describes the testbed setups and qualitative outcomes, specific numbers for key rates, latency, resource usage, and failure recovery are not reported. In the revision we will add tables and figures containing measured QKD key rates, end-to-end latency and throughput statistics across multi-hop paths, CPU/memory footprints of the WireGuard and Rosenpass components, and failure-mode data including recovery times. This will directly address the concern and better substantiate the practicality claims. revision: yes

standing simulated objections not resolved

A complete game-based security proof with reductions for the composite system.

Circularity Check

0 steps flagged

No circularity: claims rest on external component properties and informal discussion

full rationale

The paper presents a modular network architecture combining standard QKD and PQC components (WireGuard tunnels with ETSI QKD 014 PSKs plus Rosenpass PQC exchange) and validates it via implementation and test-bed experiments. The central claim of post-quantum forward secrecy and authenticity under compositional security is asserted via discussion and outline of preservation under practical assumptions, without any equations, fitted parameters, self-referential definitions, or load-bearing self-citations that reduce the result to its inputs by construction. Security is treated as inherited from independent external primitives rather than derived internally, making the derivation self-contained against benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The design rests on standard assumptions about the security of QKD, WireGuard, and Rosenpass when composed; no free parameters or new entities are introduced.

axioms (1)

domain assumption Security properties of QKD, WireGuard, and Rosenpass are preserved when layered together
Invoked in the discussion of compositional security and dual-layer forward secrecy.

pith-pipeline@v0.9.0 · 5478 in / 1153 out tokens · 43814 ms · 2026-05-10T19:49:35.087105+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Foundation/AbsoluteFloorClosure.lean reality_from_one_distinction unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

hop-wise tunnels between physically secured nodes are protected by WireGuard with periodically rotated pre-shared keys sourced via the ETSI GS QKD 014 interface

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

2 extracted references · 2 canonical work pages

[1]

Springer, 2006

Proceedings 9, pages 207–228. Springer, 2006. BLP08. Daniel J Bernstein, Tanja Lange, and Christiane Peters. Attacking and defending the mceliece cryptosystem. InInternational Workshop on Post- Quantum Cryptography, pages 31–46. Springer, 2008. BRS23. Sonja Bruckner, Sebastian Ramacher, and Christoph Striecks. Muckle+: End- to-end hybrid authenticated key...

work page 2006
[2]

[Accessed 26-09-2024]

work page 2024

[1] [1]

Springer, 2006

Proceedings 9, pages 207–228. Springer, 2006. BLP08. Daniel J Bernstein, Tanja Lange, and Christiane Peters. Attacking and defending the mceliece cryptosystem. InInternational Workshop on Post- Quantum Cryptography, pages 31–46. Springer, 2008. BRS23. Sonja Bruckner, Sebastian Ramacher, and Christoph Striecks. Muckle+: End- to-end hybrid authenticated key...

work page 2006

[2] [2]

[Accessed 26-09-2024]

work page 2024