Quantum-safe IPsec in the banking industry

Rafael J. Vicente, Jaime Gómez García, Juan P. Brito, Yorlandy Lobaina, Jaime S. Buruaga, Daniel Gómez Aguado, Miguel Ángel Sánchez Serrano, Simón Ovsyannikov

Apr 14, 2026
arXiv:2604.12985v1PDF
quant-ph(primary)
#1596 of 2593 · Quantum Physics
Share
Tournament Score
1376±28
10501750
44%
Win Rate
19
Wins
24
Losses
43
Matches
Rating
5/ 10
Significance
Rigor
Novelty
Clarity

Abstract

The emergence of Cryptographically Relevant Quantum Computers (CRQCs) presents a critical threat to classical cryptographic systems, particularly widely adopted protocols such as RSA, Diffie-Hellman (DH), and Elliptic Curve Cryptography (ECC). Given their extensive use in the financial sector, the advent of quantum adversaries compels banking institutions to proactively develop and adopt quantum-safe communication mechanisms. This paper introduces a hybrid quantum-safe architecture, orchestrated via Software-Defined Networking (SDN) key distribution. The proposed framework enables the early integration of Classical Cryptography (CC), Quantum Key Distribution (QKD), and Post-Quantum Cryptography (PQC) within a Dynamic Multipoint Virtual Private Network (DMVPN) environment, providing highly scalable, full-mesh, site-to-site encrypted communications for enterprise networks. This is particularly relevant at a time when PQC algorithms have not yet been incorporated into finalized IPsec standards. The architecture has been validated across a five-node testbed comprising three physical nodes within a campus network in Madrid and two private-cloud nodes located in the north of Spain and Mexico. The deployment leverages a heterogeneous mix of physical and virtual devices, diverse technology providers, Discrete Variable QKD (DV-QKD) and Continuous Variable QKD (CV-QKD) implementations, and mutually incompatible key-delivery interfaces (ETSI004, ETSI014 and Cisco SKIP), demonstrating flexibility, scalability, and interoperability across environments. Through this framework, we demonstrate that quantum-safe communication in financial networks is not only technically feasible but also scalable, interoperable, and resilient. The proposed architecture establishes a robust, flexible, and future-proof foundation for secure financial communications in the era of quantum computing.

AI Impact Assessments

(3 models)

Scientific Impact Assessment: Quantum-safe IPsec in the Banking Industry

1. Core Contribution

This paper presents a hybrid quantum-safe IPsec architecture that combines Classical Cryptography (CC), Quantum Key Distribution (QKD), and Post-Quantum Cryptography (PQC) within Cisco's Dynamic Multipoint VPN (DMVPN) framework, orchestrated by Software-Defined Networking (SDN). The key novelty is the integration of these three cryptographic paradigms into a scalable, full-mesh enterprise VPN topology, validated on a five-node testbed spanning Madrid, northern Spain, and Mexico—deployed over a real Santander Bank production network.

The architecture addresses a genuine gap: PQC algorithms have not yet been incorporated into finalized IPsec standards, yet financial institutions face immediate "harvest now, decrypt later" threats. The system uses RFC 8784 PPK injection via Cisco's SKIP protocol to introduce quantum-safe key material into IKEv2 sessions without modifying existing router firmware or application stacks. This is a pragmatic engineering contribution rather than a fundamental cryptographic advance.

2. Methodological Rigor

The experimental deployment is commendable in its realism—using production fibers, real Cisco Catalyst 8300 routers, heterogeneous QKD vendors (ID Quantique DV-QKD and LuxQuanta CV-QKD), and multiple key-delivery interfaces (ETSI004, ETSI014, Cisco SKIP). The five-node testbed with both physical and cloud-based nodes provides reasonable diversity.

However, several methodological concerns arise:

  • Security analysis is qualitative only. The paper defines an adversarial model but provides no formal security proofs or reduction arguments for the hybrid construction. The trusted-node assumption is acknowledged but not rigorously bounded—insider threats and physical compromise are simply declared out of scope.
  • Performance evaluation is limited. IPerf3 throughput tests demonstrate that the key-agreement method does not significantly impact bulk encryption throughput (expected, since AES-256 handles data encryption regardless). The more interesting metric—IKEv2 SA setup latency—shows 3–15× increases with PPK injection, analyzed over 12,439 sessions, but statistical treatment is minimal (no confidence intervals, distribution analysis, or tail-latency characterization).
  • QKD key rates are shown over ~1.5 months (Figures 10-11), demonstrating sustained operation, but there is no analysis of key exhaustion scenarios, buffer management under high tunnel-creation loads, or graceful degradation behavior.
  • Scalability claims are not fully substantiated. Five nodes is a modest testbed. While DMVPN architecturally supports larger deployments, the SDN orchestration overhead for hundreds or thousands of nodes remains uncharacterized.

    • 3. Potential Impact

    The primary impact is as a systems integration demonstration for the financial sector. The paper shows that quantum-safe IPsec can be deployed without disrupting existing banking infrastructure—a significant practical concern. The multivendor, multi-technology (DV-QKD + CV-QKD), multi-interface approach is valuable for avoiding vendor lock-in.

    For the broader research community, the contributions are incremental. The individual components (QKD, PQC, SDN-based key management, RFC 8784 PPK injection) are all previously established. The novelty lies in their combination and deployment context. The paper extends prior work (notably JPMorgan's single-link QKD-IPsec demonstrations) to a multi-node, full-mesh topology with heterogeneous cryptographic sources.

    Industry impact could be meaningful: providing a deployable blueprint for banks and critical infrastructure operators. The alignment with ETSI, ITU-T, and IETF standards enhances practical adoption potential.

    4. Timeliness & Relevance

    The paper is highly timely. With NIST PQC standards recently finalized (FIPS 203, 204, 205) and IETF still working on ML-KEM integration into IKEv2, there is a genuine window where organizations need interim solutions. The European Commission's PQC migration roadmap (planning by end of 2026) and NCSC timelines (transition by 2035) create real urgency. The paper directly addresses this transitional period.

    The "harvest now, decrypt later" threat is particularly acute for financial data with long confidentiality requirements, making the banking focus well-motivated.

    5. Strengths & Limitations

    Strengths:

  • Real-world deployment on production banking infrastructure (Santander) with actual production traffic sharing resources
  • Multivendor QKD integration (ID Quantique + LuxQuanta) with both DV-QKD and CV-QKD
  • Practical interoperability across three different key-delivery interfaces
  • Non-intrusive integration preserving existing network workflows
  • Sustained operation over ~2 months demonstrating operational reliability
  • Clear articulation of trust assumptions and adversarial model
  • Cisco's out-of-standard PPK rekeying behavior providing quantum-safe forward secrecy

    • Limitations:

  • No formal security analysis of the hybrid construction
  • Limited scalability evidence (5 nodes)
  • Shallow statistical treatment of performance metrics
  • Heavy reliance on Cisco-proprietary technologies (DMVPN, SKIP) somewhat contradicts vendor-agnosticism claims
  • No comparison with alternative approaches (e.g., direct PQC KEM in IKEv2, MACsec-based solutions)
  • The SKIP interface itself uses TLS 1.2 with PSK, which is not quantum-safe—acknowledged but handwaved as "local"
  • Paper is overly long with extensive background sections that could be condensed
  • Some claims (e.g., "scalable," "resilient") are aspirational rather than empirically demonstrated at scale

    • Additional Observations

    The paper reads more as an industry deployment report than a research contribution. The writing is thorough but verbose, with significant portions devoted to Cisco product descriptions and standard DMVPN documentation. The seven claimed contributions in the Discussion section are reasonable but somewhat inflated—several are properties of DMVPN rather than novel contributions.

    The collaboration between academia (UPM), banking (Santander), and industry (Cisco, ID Quantique, LuxQuanta) lends credibility to the deployment realism but also raises questions about independent evaluation.

    Rating:5/ 10
    Significance 5.5Rigor 4.5Novelty 4Clarity 5.5

    Generated Apr 15, 2026

    Comparison History (43)

    vs. Efficient ultrafast homodyne detection of quantum light
    claude-opus-4.65/15/2026

    Paper 2 addresses a timely, high-stakes problem (quantum-safe banking communications) with a practical, validated multi-node testbed spanning multiple countries and heterogeneous technologies. Its breadth of impact spans cybersecurity, finance, networking, and quantum communications, with immediate real-world applicability. While Paper 1 presents a solid methodological contribution to ultrafast homodyne detection with improved signal processing, it serves a narrower community in quantum optics. Paper 2's demonstration of interoperability across QKD implementations and its relevance to critical infrastructure security give it broader potential impact.

    vs. Classic and Quantum Task-Based Intelligent Runtime for QIRs Running on Multiple QPUs
    gpt-5.25/13/2026

    Paper 2 has higher likely scientific impact due to broader applicability and timeliness: a unified task-based runtime for hybrid classical–quantum execution targets a core bottleneck in near-term QPU integration and can generalize across many domains (HPC, compilers, scheduling, distributed systems, quantum software). Its approach (IRIS + QIR-EE, concurrent multi-backend dispatch, circuit cutting with task granularity) is more broadly reusable than Paper 1’s sector-specific IPsec/DMVPN banking deployment. Paper 1 is strong and practical, but is primarily an engineering integration study with narrower cross-field reach.

    vs. Dynamical Criticality Behind Energy-Storage Singularities in Quantum Batteries
    gpt-5.25/13/2026

    Paper 1 offers higher likely scientific impact due to clearer conceptual novelty: it links quantum-battery charging singularities to dynamical criticality/DQPT with a momentum-resolved mechanism and predictive signatures (energy, power turning points, SNR), potentially generalizable across free-fermion two-band systems. This advances fundamental nonequilibrium many-body physics and could influence multiple subfields (quantum thermodynamics, DQPT, quantum control). Paper 2 is timely and application-driven, but appears more systems-integration/engineering of existing QKD/PQC/SDN components with limited methodological or theoretical novelty, so its impact is likely narrower.

    vs. Quantifying Uhlmann curvature from Yang-Mills action and its implications in quantum multiparameter estimation
    gpt-5.24/20/2026

    Paper 1 has higher likely impact due to strong timeliness (quantum-safe migration), clear real-world applicability in critical banking infrastructure, and a validated, interoperable deployment spanning heterogeneous QKD/PQC/CC components and multiple standards/interfaces. Its SDN-orchestrated hybrid IPsec/DMVPN architecture could influence industry practice and standardization efforts across cybersecurity, networking, and finance. Paper 2 is more theoretical and potentially significant within quantum information geometry and metrology, but its immediate applications and breadth of uptake are narrower and depend on subsequent adoption in estimation protocols.

    vs. Opportunistic QKD: Exploiting Idle Capacity of Classical WDM Systems
    claude-opus-4.64/15/2026

    Paper 1 demonstrates a complete, validated hybrid quantum-safe architecture deployed across a real multi-node, multi-country testbed in a critical industry (banking), integrating multiple QKD technologies, cryptographic approaches, and incompatible interfaces. Its practical demonstration of interoperability and scalability in financial networks addresses an urgent, high-stakes problem with immediate real-world applicability. Paper 2, while presenting a useful theoretical framework for opportunistic QKD over existing WDM infrastructure, relies primarily on simulations and Monte Carlo modeling without experimental validation. Paper 1's breadth of impact across cybersecurity, finance, and quantum networking is broader.

    vs. Interferometrically Enhanced Asymmetry in Strong-field Ionization with Bright Squeezed Vacuum
    gemini-34/15/2026

    Paper 1 introduces a fundamentally novel mechanism to control strong-field ionization using quantum light statistics, providing new pathways to understand sub-cycle electron dynamics. While Paper 2 offers a timely, practical engineering demonstration of quantum-safe networking, Paper 1 represents a foundational scientific breakthrough in quantum optics and attosecond physics, which typically yields a deeper and more lasting scientific impact.

    vs. Testing the 3D QRNG by Undoing
    gpt-5.24/15/2026

    Paper 1 has higher likely impact due to its timely, application-driven integration of QKD+PQC into a widely deployed enterprise/IPsec/DMVPN setting, validated on a heterogeneous multi-site testbed with interoperability across interfaces and vendors—directly relevant to imminent “harvest-now-decrypt-later” banking risks and standards transition. Its approach can influence operational security architectures beyond finance (critical infrastructure, government, telecom). Paper 2 is conceptually novel for QRNG certification via undoing dynamics, but its impact is narrower and depends on adoption by a specific QRNG platform and experimental feasibility at scale.

    vs. High-efficiency and noise-immune quantum battery
    claude-opus-4.64/15/2026

    Paper 1 demonstrates a validated, real-world hybrid quantum-safe architecture deployed across multiple physical sites in a critical industry (banking), addressing an imminent and widely recognized security threat. It combines QKD, PQC, and classical cryptography in an interoperable framework with heterogeneous devices and providers, showing practical scalability. Its immediate applicability to financial sector security, timeliness given ongoing PQC standardization, and cross-disciplinary relevance (quantum communications, networking, cybersecurity, finance) give it broader near-term impact. Paper 2, while theoretically interesting, addresses quantum batteries—a field still far from practical realization, limiting its real-world impact.

    vs. Emission and Absorption of Microwave Photons in Orthogonal Temporal Modes across a 30-Meter Two-Node Network
    claude-opus-4.64/15/2026

    Paper 2 demonstrates a fundamentally new experimental capability in quantum networking—orthogonal temporal mode encoding/decoding of microwave photons with high selectivity across a cryogenic link. This opens a new photonic degree of freedom for quantum communication, with broad implications for waveguide QED and superconducting quantum networks. Paper 1, while practically relevant for banking cybersecurity, is primarily an engineering integration/deployment of existing technologies (QKD, PQC, SDN) rather than introducing new scientific concepts. Paper 2's novelty and potential to enable new research directions gives it higher scientific impact.

    vs. Path Integral Approach to Quantum Fisher Information
    gpt-5.24/15/2026

    Paper 2 has higher likely impact due to immediate real-world applicability and timeliness: quantum-safe networking for banking addresses an urgent, widely felt security transition. It proposes an integration architecture (SDN-orchestrated CC/QKD/PQC within DMVPN/IPsec contexts) and validates it on a heterogeneous multi-site testbed, indicating practical feasibility and interoperability—key for adoption and cross-industry influence. Paper 1 is novel and potentially valuable for quantum metrology/theory, but its impact is narrower and more long-term, with fewer direct near-term deployments.

    vs. Quantum Chaos in Phase Space
    gpt-5.24/15/2026

    Paper 1 is more likely to have higher scientific impact due to its timely relevance (quantum threat to deployed cryptography), clear real-world applicability in critical financial infrastructure, and demonstrated system-level validation on a heterogeneous multi-site testbed integrating QKD/PQC/CC with SDN orchestration and interoperability across standards/interfaces. This combination of deployable architecture, scalability claims, and experimental implementation suggests broader near-term adoption and cross-field influence (networking, security, quantum communications). Paper 2 is conceptually valuable but appears more incremental and less concretely validated from the abstract alone.

    vs. A counterexample to the strong spin alignment conjecture
    gpt-5.24/15/2026

    Paper 2 likely has higher overall scientific impact due to immediate real-world applicability and timeliness: it addresses an urgent, widely felt security transition (quantum-safe networking) and demonstrates a scalable hybrid CC/QKD/PQC architecture validated on a multi-site heterogeneous testbed with interoperability across standards/interfaces. Its potential impact spans networking, cybersecurity, and financial infrastructure. Paper 1 is novel and rigorous within quantum information theory (disproving a conjecture), but its impact is more specialized and primarily theoretical, with narrower near-term cross-field adoption.

    vs. Chiral state conversion near an exceptional point: speed-noise competition
    gemini-34/15/2026

    Paper 2 addresses a highly timely and critical global challenge: securing financial networks against emerging quantum computing threats. Its hybrid architecture combining QKD, PQC, and classical cryptography offers immense real-world applicability and broad impact across cybersecurity, networking, and finance. The multi-node, international testbed demonstrates strong practical viability. While Paper 1 provides rigorous fundamental insights into non-Hermitian quantum dynamics, Paper 2's immediate societal relevance, scalability, and proactive solution to a looming global security crisis give it a significantly higher potential for broad scientific and practical impact.

    vs. $\mathbb{Z}_{2}$ Skin Channels and Scale-Dependent Dynamical Quantum Phase Transitions
    gpt-5.24/15/2026

    Paper 2 likely has higher scientific impact due to greater conceptual novelty and broader relevance: it develops an analytic framework for Z2 skin channels and scale-dependent dynamical quantum phase transitions in non-Hermitian systems, connecting semiclassical worldlines, symmetries, and skin effects—topics active across condensed matter, AMO, and photonics. The work appears theory-driven and generalizable beyond a single application domain. Paper 1 is timely and practically valuable but is primarily a systems-integration/testbed demonstration constrained to banking/IPsec deployment details, with less fundamental novelty and narrower cross-field reach.

    vs. Benchmarking Encoding Families in Quantum Neural Networks Under Fixed Circuit Area for Frequency Spectrum and Trainability
    gemini-34/15/2026

    Paper 2 offers fundamental insights into the trainability and expressivity of Quantum Neural Networks, providing guidelines that will broadly impact the rapidly growing field of Quantum Machine Learning. While Paper 1 presents a highly practical and timely real-world deployment for financial cybersecurity, Paper 2's foundational benchmarking of QNN architectures has a wider breadth of scientific applicability, likely resulting in higher citation rates and broader influence across various quantum computing and machine learning domains.

    vs. Entanglement concentration via measurement:- role of imaginarity
    gemini-34/15/2026

    Paper 2 offers fundamental theoretical advancements in quantum mechanics by demonstrating the operational advantage of imaginarity in entanglement concentration. It solves existing open problems and provides quantitative improvements for quantum networking. While Paper 1 is highly valuable for immediate industry application and engineering integration, Paper 2 is likely to have a deeper, more enduring scientific impact by advancing foundational quantum information theory.

    vs. Distinguishability of locally diagonal orthogonally invariant quantum states
    gemini-34/15/2026

    Paper 2 addresses an urgent, highly timely problem (quantum threats to financial cryptography) with a concrete, real-world deployment across international testbeds. Its integration of QKD, PQC, and classical cryptography demonstrates high practical applicability, broad impact across cybersecurity and finance, and significant systems innovation, outpacing the narrower theoretical focus of Paper 1.

    vs. Quantifying magic via quantum $(α,β)$ Jensen-Shannon divergence
    claude-opus-4.64/15/2026

    Paper 1 demonstrates a validated, real-world hybrid quantum-safe architecture for banking communications, addressing an urgent and timely problem with immediate practical applications across the entire financial sector. It integrates multiple quantum-safe technologies (QKD, PQC) in a heterogeneous, multi-node testbed spanning countries, showing scalability and interoperability. Paper 2, while theoretically sound, proposes incremental magic state quantifiers with relatively narrow applicability within quantum resource theory. Paper 1's broader real-world impact, industry relevance, and timeliness give it higher potential scientific impact.

    vs. The quantum mechanics of experiments
    gpt-5.24/15/2026

    Paper 2 has higher estimated scientific impact due to strong timeliness (quantum-safe transition), clear real-world applicability in critical banking infrastructure, and demonstrated implementation/validation on a heterogeneous multi-site testbed showing interoperability (QKD+PQC+CC with SDN orchestration). Its contributions can influence networking, security engineering, standards, and deployment practice. Paper 1 addresses a foundational QM topic, but based on the abstract it appears more conceptual with an idealized model and less evident methodological validation or broad cross-field uptake, making its near- to mid-term impact less certain.

    vs. Detecting entanglement from few partial transpose moments and their decay via weight enumerators
    claude-opus-4.64/15/2026

    Paper 2 makes fundamental theoretical contributions to quantum entanglement detection, introducing novel mathematical criteria (three-moment entanglement tests, quantum weight enumerators) with broad applicability across quantum information theory, error correction, and experimental quantum physics. Its results are general, rigorous, and connect to multiple active research areas. Paper 1, while practically relevant for banking security, is primarily an engineering demonstration of integrating existing technologies (QKD, PQC, SDN) in a specific industry context, with more limited scientific novelty and narrower impact beyond applied cryptography.