Quantum-safe IPsec in the banking industry
Rafael J. Vicente, Jaime Gómez García, Juan P. Brito, Yorlandy Lobaina, Jaime S. Buruaga, Daniel Gómez Aguado, Miguel Ángel Sánchez Serrano, Simón Ovsyannikov, Salah Gherdaoui, Jean-Sébastien Pegon, Marco Cofano, Vicente Martín
The emergence of Cryptographically Relevant Quantum Computers (CRQCs) presents a critical threat to classical cryptographic systems, particularly widely adopted protocols such as RSA, Diffie-Hellman (DH), and Elliptic Curve Cryptography (ECC). Given their extensive use in the financial sector, the advent of quantum adversaries compels banking institutions to proactively develop and adopt quantum-safe communication mechanisms. This paper introduces a hybrid quantum-safe architecture, orchestrated via Software-Defined Networking (SDN) key distribution. The proposed framework enables the early integration of Classical Cryptography (CC), Quantum Key Distribution (QKD), and Post-Quantum Cryptography (PQC) within a Dynamic Multipoint Virtual Private Network (DMVPN) environment, providing highly scalable, full-mesh, site-to-site encrypted communications for enterprise networks. This is particularly relevant at a time when PQC algorithms have not yet been incorporated into finalized IPsec standards. The architecture has been validated across a five-node testbed comprising three physical nodes within a campus network in Madrid and two private-cloud nodes located in the north of Spain and Mexico. The deployment leverages a heterogeneous mix of physical and virtual devices, diverse technology providers, Discrete Variable QKD (DV-QKD) and Continuous Variable QKD (CV-QKD) implementations, and mutually incompatible key-delivery interfaces (ETSI004, ETSI014 and Cisco SKIP), demonstrating flexibility, scalability, and interoperability across environments. Through this framework, we demonstrate that quantum-safe communication in financial networks is not only technically feasible but also scalable, interoperable, and resilient. The proposed architecture establishes a robust, flexible, and future-proof foundation for secure financial communications in the era of quantum computing.
Read on ELI