Standard Approach
To deploy MACsec (802.1AE) over MPLS L3VPN with Post-Quantum Cryptography (PQC), follow this structured approach:
1. Use PQC-Ready MACsec Key Agreement (MKA)
- Traditional MACsec uses AES-GCM-128/256 for encryption but relies on classical key exchange (e.g., ECDH).
- PQC upgrades replace classical key exchange with quantum-resistant algorithms (e.g., CRYSTALS-Kyber, NTRU).
2. Integrate a PQC Key Server
- A PQC key server (e.g., running OpenQuantumSafe’s liboqs) handles quantum-safe key exchange.
- Instead of traditional Pre-Shared Keys (PSK) or EAP-TLS, use:
- PQC-based TLS 1.3 (hybrid mode: ECDH + Kyber).
- Quantum-safe certificates (e.g., Dilithium for authentication).
3. Key Exchange Call Flow with PQC Server
Here’s how MACsec key exchange works with PQC:
- Initial Handshake (PQC Hybrid Mode)
- CE/PE Router → Initiates connection to PQC Key Server via TLS 1.3 + Kyber.
- Key Server → Responds with quantum-safe public key (e.g., Kyber-768).
- MACsec Key Agreement (MKA) with PQC
- Step 1: Router and server perform PQC key exchange (Kyber for encryption, Dilithium for signatures).
- Step 2: Derive a Connectivity Association Key (CAK) using quantum-resistant KDF (e.g., SHA-3).
- Step 3: Generate Secure Association Keys (SAK) for MACsec encryption.
- MACsec Data Encryption
- Once keys are established, AES-256-GCM (or future PQC cipher) encrypts traffic at line rate.
4. Deployment Models
| Scenario | Implementation | PQC Requirement |
|---|---|---|
| PE-CE Encryption | MACsec on customer edge links | PQC key server at provider edge |
| PE-PE Core Encryption | MACsec between MPLS routers | Distributed PQC key servers |
| Cloud DCI over MPLS | MACsec for data center links | Centralized PQC KMS (Key Management Server) |
5. Latest Real-World Deployments
- Google’s PQC Experiments (2023): Tested Kyber + MACsec in internal WANs.
- Cisco’s Quantum-Safe Networking (2024): Supports CRYSTALS-Kyber in MACsec key exchange.
- ETSI’s Quantum-Safe VPN Standards: Recommends hybrid key exchange (ECDH + PQC) for MACsec.
Why This Works for MPLS L3VPN?
✔ No MPLS Changes Needed – MACsec encrypts at Layer 2 (Ethernet), leaving MPLS labels intact.
✔ Future-Proof Security – PQC protects against quantum attacks on key exchange.
✔ Line-Rate Performance – AES-256-GCM still handles bulk encryption at 100G+.
Challenges & Considerations
⚠ Hardware Support Needed – Not all routers support PQC in MACsec yet (check vendor docs).
⚠ Key Management Complexity – PQC key servers add operational overhead.
⚠ Standards Still Evolving – NIST PQC finalization expected by 2025.
Next Steps for Deployment
- Test in Lab: Use OpenQuantumSafe or Cisco’s PQC demo kits.
- Pilot Phase: Deploy on non-critical PE-CE links.
- Monitor NIST Updates: Await final PQC standards (Kyber, Dilithium).
Need a PQC-MACsec Proof of Concept?
Contact our quantum networking team for hands-on guidance.
Further Reading: