Send in your ideas. Deadline February 1, 2025
Grant
Theme fund: NGI0 Entrust
Start: 2024-02

Enhancing vula with IPv6 and REUNION rendezvous

IPv6, hybrid post-quantum improvements & REUNION support for Vula

With zero configuration, Vula automatically encrypts IP (v4) communication between hosts on a local area network (LAN) in a forward-secret and transitionally post-quantum manner to protect against passive eavesdropping. When the local gateway to the internet is a Vula peer, internet-destined traffic will also be encrypted on the LAN. With simple verification using QR codes or other peer verification methods, Vula is also able to disrupt active surveillance adversaries. Vula combines WireGuard for forward-secret point-to-point tunnels with cryptographically enhanced mDNS and DNS-SD for local peer discovery. Vula enhances the confidentiality of WireGuard tunnels by using CSIDH as provided by highctidh, a post-quantum non-interactive key exchange primitive, to generate a peer-wise pre-shared key for each tunnel configuration. Vula avoids the need for any Single Point of Failure (SPOF) such as a trusted third party. Vula is equally functional on otherwise air-gapped networks.

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.