Integrating Post-Quantum Cryptography Plugins for IPsec Offloads to Data Processing Units in the Cloud-Edge Continuum

Abstract

The imminent advent of Quantum Computers poses a significant threat to the cryptographic algorithms supporting the public key infrastructure (PKI) of widely used communication protocols. High Performance Computing (HPC) data centers among other interested parties are well aware of the catastrophic consequences quantum attacks could have on their PKI and are consequently transitioning to Post-Quantum Cryptographic (PQC) methods, despite the substantial overhead this introduces for handling incoming network packets. This work addresses the transition to PQC within the context of the Cloud-Edge Continuum by integrating the Open Quantum Safe (OQS) library into the accelerated strongSwan developed by Mellanox for Data Processing Units (DPUs). This integration offloads cryptographic operations from central servers to data DPUs distributed across the cloud-edge continuum. Our solution ensures quantum security by providing PQ authentication through CRYSTALS-Dilithium or CRYSTALS-FALCON, PQ key exchanges via CRYSTALS-Kyber, and confidential data transmission using AES-256. Additionally, the deployment of this implementation on DPUs helps reduce the computational load on both HPC data centers and edge devices, promoting more efficient and secure operations across the entire cloud-edge continuum.