At Rambus, we create cutting-edge semiconductor and IP products, spanning memory and interfaces to security, smart sensors and lighting.

Products
- - - Explore our full catalog of products so you can find the right solution to fit your needs.
    - Product Selector
Solutions
- - By Market
  - AI & Machine Learning
  - Automotive
  - Data Center
  - Edge
  - Government
  - IoT
- - - Explore our full catalog of products so you can find the right solution to fit your needs.
    - Product Selector
Resources
- - Resource Library
  - Our library of informational videos, papers, presentations, and more
  - Webinars
  - Check out our library of upcoming and on-demand webinars
- - Inventions
  - Explore innovations that enable the superior performance of Rambus solutions
  - Certifications
  - Certified silicon IP solutions tailored to the specific needs of some of the world’s most demanding applications
- - - Explore our full catalog of products so you can find the right solution to fit your needs.
    - Product Selector
Company
- - About
  - Corporate Overview
  - Leadership
  - Inventors
  - Careers
  - Locations
  - Investor Relations
- - News & Media
  - Newsroom
  - Blog
  - Events
- - - Explore our full catalog of products so you can find the right solution to fit your needs.
    - Product Selector
- English

Quantum Safe IPsec Toolkit

Home > Security IP > Software Protocols > Quantum Safe IPsec Toolkit

Quantum Safe IPsec Toolkit (QuickSec Quantum) is first to market, complete IPsec software implementation with Quantum Safe cryptography support. Quantum Safe cryptography is designed to be resistant to quantum computer attacks and is required by any up-to-date security product.

Quantum Safe IPsec Toolkit builds on the legacy, experience and performance of the Rambus Classic IPsec Toolkit and brings IPsec into the quantum safe era. A complete, highly scalable IPsec implementation that supports all relevant (100+) RFCs and standards required for servers and clients that need to communicate with any type of client/server device and interoperate with existing networks. The Linux data plane (supported without any kernel dependency) is ideal for high traffic deployments in physical or virtual environments.

Quantum Safe IPsec Toolkit is optionally integrated with FIPS 140-2 or FIPS 140-3 validated crypto modules and suited for vendors of physical and virtual cloud/networking products, SASE, SD-WAN, printers and embedded devices.

Our IPsec implementation provides lowest development costs and fastest time to market. It takes care of all the complexities of IPsec, it is up to date and enables our customers to focus on their end products.

Contact

Product Brief

How the Quantum Safe IPsec Toolkit works

QuickSec Quantum is designed to be modular but also works seamlessly as a whole. It provides two run-time configuration options: C API and XML configuration file. And has multiple integration points e.g. IKE library, data plane API or policy manager API.

As our customers develop products that must work seamlessly with various other IPsec implementations, Quantum Safe IPsec Toolkit is extensively tested for interoperability and compatibility as part of the QA process.

It offer the following advanced features:

High session set-up rate. Able to reach 3500 IPsec tunnels established per-second with two key exchange rounds (ML-KEM-768 and ECDH) on an 8-core CPU; scales well on multicore architectures.
Tunnel number only limited by available computing resources.
High availability (HA). HA can be achieved with the native clustering implementation based on RFC 6311 or the APIs for import and export of IKE and IPsec SAs.
Easy debugging. Enables requesting detailed logs for specific tunnels for problem resolution in large deployments without impacting performance.
Multi-tenancy: supports independent and overlapping virtual routing and forwarding (VRF) instances for multiple networks or eNodeB support of multiple operators
Generic data plane API. QuickSec Quantum integrates with Linux kernel IPsec data plane or any other data plane supporting the same API. Additionally, a higher-level generic data plane API allows integration with any IPsec data plane.
External cryptography API. This API enables the use of 3^rd party hardware (HSM) or software cryptographic module.
IPsec boundary. Defining an IPsec boundary ensures that no packets are violating the security policy by enforcing it in the kernel.

Leading companies are using QuickSec for implementations in Cloud, SASE, SD-WAN, enterprise security gateways, high-security government appliances, high-capacity carrier gateways, eNodeB, embedded devices and printers.

Solution Offerings

Features

Complete IPsec and IKE Client/Server Toolkit
Quantum Safe cryptography and RFCs
Highly interoperable and standards compliant
High availability with active/standby clustering
Fastest IKE implementation available on the market with unbeaten tunnel setup rate. 15% faster than QuickSec 10.
Scalability: Deployments with 1M+ IPsec tunnels
Available with FIPS 140-2 or FIPS 140-3 validated crypto module
Written in clear, highly-portable C-source code free of GPL constraints
Routing instances isolate traffic for multi-tenancy
Broad hardware and software platform support
A better commercial replacement for GPL licensed open source software
Engineer-level support and regular updates provided under maintenance
Delivered as source code with change rights

IKE (Internet Key Exchange) Support

IKEv2 (RFC 7296), IKEv2 fragmentation (RFC 7383), IKEv2 redirect (RFC 5685)
Multiple Key Exchanges (RFC 9370) and Intermediate Exchange in IKEv2 (RFC 9242)
ML-KEM (FIPS 203)
ML-DSA for certificates (planned)
High Availability (RFC 6311)
Tunnel and transport modes
Site-to-site VPN
Multitenancy (VRF) – multiple Virtual Routing and Forwarding instances
Signature authentication (RFC 7427)
MOBIKE (RFC 4555, RFC 4621)
IKEv1 main mode and aggressive mode
Perfect forward secrecy (PFS) option
Dead peer detection (DPD), NAT-Traversal (NAT-T)
Authentication: pre-shared keys (PSK), XAUTH, certificates (full PKI support), extensible authentication protocol (EAP-SIM, EAP-AKA, EAPMD5), RADIUS, multiple authentication (RFC 4739)
IPv4 and IPv6 support: IPv4 over IPv6, IPv6 over IPv4, IPv6 over IPv6, DHCPv4 and DHCPv6
RSA, DSA and ECDSA public key algorithms (IKE signature modes only)
RSA signature support for SHA2 in IKE per NIST Special Pub. 800-131A
RSASSA-PSS signature scheme
Diffie-Hellman key exchange algorithm
FIPS 140-2 or FIPS 140-3 certified cryptography as an optional commercial option
Remote access support: virtual adapter configured by the server
Built-in IP address allocation
Generic Raw Public Key (RFC 7670) – RSA, DSA, ECDSA
RFC 8784 – Mixing Pre-shared Keys in IKEv2 for Post-quantum Security

Certificates and PKI Functionality

X.509v3 (PKIX) certificate profile support
X.509v3 (PKIX) certificate revocation list (CRL) support
Certificate distribution point support, with LDAP and HTTP
On-line certificate status checking, using OCSP
RSA signature support for SHA2 in certificates per NIST Special Pub. 800-131A

Complete IPsec Cryptography

Cipher algorithms: AES, AES-CTR, AES-CCM, AES-GCM, AES-GCM-64, GMAC-AES, 3DES
MAC algorithms: SHA-1, SHA-2, GMAC-AES, AES-XCBC
Asymmetric crypto algorithms: ML-KEM, RSA, Diffie-Hellman, ECC DH, ECC DSA, PKCS#1, PKCS#5, PKCS#7, PKCS#8, PKCS#10, PKCS#12
Elliptic curve crypto: Brainpool elliptic curves (RFC 5639, RFC 6932), ECDSA (RFC 4754) ECP groups (RFC 5903)