My group recently released Rosenpass – a post-quantum-secure add-on for WireGuard.
The implementation is written in Rust; it performs a key exchange and hands the resulting key to WireGuard using the PSK feature every two minutes, so there is no need to patch the kernel. We use primitives from libsodium and liboqs.
The protocol is based on the 2020 paper on Post-Quantum WireGuard[^0]; we continue to use Classic McEliece for authenticity and confidentiality, and all our packages sent as part of the handshake fit into an IPv6 UDP frame.
We use Kyber 512 for forward secrecy and confidentiality. This means security against “store now, decrypt later”-style attacks is guaranteed by a NIST-approved primitive.
We have a symbolic verification in ProVerif[^3]; a scientific paper as well as a cryptographic proof using CryptoVerif are work in progress.