By QSense
Hybrid Post-Quantum Cryptography (PQC) + Quantum Key Distribution (QKD)

Hybrid PQC + QKD Appliance
Quantum can't decrypt it

IronPath is a security appliance with a built-in PQC Secure Capsule Link that mitigates HNDL (Harvest Now, Decrypt Later) by rotating keys every two minutes via rosenpass, and includes a secure browsing environment in a single package.

IronPath PQC Secure Appliance
524,160
bytes · Classic McEliece public key
~2 min
PSK Rotation Interval
2-Layer
X25519 + ML-KEM Hybrid
1-Click
Secure Link Connect
Why IronPath

HNDL · The threat that waits

Attackers store your ciphertext today and later rely on a quantum computer to decrypt it retroactively. Ordinary VPNs cannot prevent this.

⚠️
Timeline of an HNDL attack
Today
Attackers capture and store X25519/ECDH-encrypted traffic, with no need to decrypt it at this stage.
2027+
As quantum computers mature, Shor's algorithm can break X25519 within a short time.
Result
All stored data is decrypted retroactively: sessions, credentials, confidential documents.
⚠ Data transmitted today may be decrypted in the future, even if it appears secure at present.
PSK from ML-KEM + Classic McEliece
rosenpass derives the PresharedKey from NIST-standardized algorithms and mixes it into the WireGuard handshake.
Forward secrecy, rotates every ~2 min
Ephemeral PSKs change continuously, so compromising a single round never exposes the entire session.
Hybrid · break both layers
X25519 and ML-KEM operate together; even if a quantum computer breaks X25519, the PQC PSK still holds.
Product Editions

IronPath Architecture

Select the form that best suits your deployment. Both are PQC-enabled and protect against HNDL in the same manner.

EDITION 1
Hardware Appliance
Site A IronPath QKD + PQC Hybrid Tunnel IronPath Site B

A hardware box placed end-to-end between two sites. It wraps all traffic passing through it in a PQC tunnel automatically, with nothing to install on the endpoints.

End-to-End Site-to-Site Drop-in
EDITION 2
Secure Capsule Browser
Secure Capsule QKD + PQC HNDL blocked Internet

A secure browser capsule on Windows/WSL that connects over PQC and protects your browsing session against HNDL, without separate hardware. Simply install and begin.

PQC-enabled Anti-HNDL Software-only
Key Features

Fully integrated

No separate VPN configuration and no terminal required — a single click establishes a PQC tunnel.

IronPath — all-in-one PQC appliance
Secure Capsule Link · built-in PQC tunnel
Select the Secure Capsule Link button in the top-right corner, and the application automatically launches rosenpass in WSL, waits for the handshake, and establishes the WireGuard tunnel with an ML-KEM PSK — all in a single click.
ML-KEM + McEliece
QSense · TLS Inspector
Inspects the TLS handshake of every site you open and classifies it as Classical, Hybrid, or PQC, allowing you to identify at a glance which sites have upgraded.
TLS Classification
Secure Browsing Environment
A built-in secure webview for activities that need PQC protection, an all-in-one appliance with no app switching or separate VPN setup.
All-in-One Appliance
Automatic Key Rotation
The PSK rotates automatically every ~2 minutes via the PSK watcher; compromising a single round never exposes the entire session, and forward secrecy is maintained at all times.
Ephemeral PSK
Split Tunnel by Design
Only traffic into the VPN subnet (10.8.0.0/24) goes through the PQC tunnel. Full tunnel is disabled on purpose because a kill-switch could block all networking if the handshake fails.
10.8.0.0/24 split
Easy Enroll
Request a client bundle from the server administrator via arnika-vpn-api and place the files in the configured path. No key generation is required; the server handles all provisioning.
Server Provisioned
Technical Deep Dive

rosenpass · the core PQC engine

IronPath uses rosenpass as a PQC key-exchange daemon that continuously produces the PresharedKey for WireGuard. This is what sets it meaningfully apart from an ordinary VPN.

FIPS 203
ML-KEM (CRYSTALS-Kyber)

A Key Encapsulation Mechanism standardized by NIST as FIPS 203 in 2024. Its security rests on Module Learning With Errors (MLWE), a lattice-based problem believed to be hard even for quantum computers.

Hard Problem MLWE (Lattice)
NIST Standard FIPS 203 (2024)
Public key size ~1,184 bytes (Kyber-768)
Quantum resistance Category 3 (AES-192 equiv)
Conservative
Classic McEliece

The oldest scheme in the PQC field (proposed in 1978 by Robert McEliece). Its security rests on the Syndrome Decoding Problem, with over 45 years of cryptanalysis behind it.

Hard Problem Syndrome Decoding (Code-based)
Proposed 1978 · 45+ years proven
Public key size 524,160 bytes (McEliece-8192128)
Quantum resistance Category 5 (AES-256 equiv)
Why use both algorithms at once?
Defense in Depth
ML-KEM and McEliece rest on completely different hard problems (lattice vs code-based), so an attacker must break both at once.
Hedge Against Unknown
If one algorithm is found weak in the future, the other still protects you, the principle of cryptographic agility.
Triple Layer Total
WireGuard X25519 + ML-KEM + McEliece equals three layers: one classical, one PQC lattice, one PQC code-based.
How rosenpass produces the PSK and hands it to WireGuard
① PQC Handshake
rosenpass client (WSL2) sends
ML-KEM ciphertext
+ McEliece ciphertext
to rp-server over UDP port 9998

UDP 9998
② Derive Shared PSK
Both sides (client + server) compute
shared_secret = KDF(ML-KEM_ss || McEliece_ss)
yielding the same 32-byte PSK without ever sending the key directly.

pqc.psk
③ Inject into WireGuard
PqcVpnManager reads pqc.psk
then runs
wg set wgvpn0 peer <srv> preshared-key pqc.psk
WireGuard mixes the PSK into key derivation.
This repeats automatically every ~2 minutes; both sides derive a fresh PSK together and the Windows watcher re-applies it immediately.
Public key size comparison · a PQC tell
X25519 (WireGuard classical) 32 bytes
ML-KEM / Kyber-768 (Lattice PQC) 1,184 bytes
Classic McEliece-8192128 (Code-based PQC) 524,160 bytes
McEliece's large public key is a result of its high security parameter, a trade-off between key size and Category 5 quantum resistance.
Verifiable Evidence

Verify that it is genuinely PQC

Verify everything with these commands after connecting; there is no need to rely on marketing claims alone.

Test Command Expected result
Public key size ls -l ~/qcapsule-pqc/server.pqpk 524,160 bytes = Classic McEliece (classical X25519 = 32 bytes) ✓ Verifiable
PQC Handshake tail ~/qcapsule-pqc/rosenpass.log An exchanged line = PQC handshake succeeded ✓ Verifiable
Key Rotation Watch the mtime of pqc.psk Changes every ~2 min = ephemeral key working ✓ Verifiable
Dependency Test Stop rosenpass, then wait for server rotation Tunnel drops = security genuinely depends on the PQC PSK ✓ Verifiable
Tunnel Reachable Test-Connection 10.8.0.1 -Count 3 A reply = connected through the PQC tunnel ✓ Verifiable
Installation

Deployment in five steps

From a clean Windows machine to a working PQC tunnel.

1
Install WireGuard for Windows
Needs Administrator rights; it manages a kernel-level network interface.
2
Set up WSL2 + Ubuntu
The kernel requires the WireGuard module, which Ubuntu 24.04/26.04 includes by default.
3
Clone & npm install
Pull IronPath from git and run npm install; Electron is bundled.
4
Add the client bundle from the administrator
The bundle contains client keys + server.pqpk + wg conf; place it in qcapsule-pqc/.
5
Run launch.ps1 (Admin) → Connect
Accept the UAC prompt, then click Connect within the IronPath application.
PowerShell · Administrator 
# 1. WireGuard
winget install --id WireGuard.WireGuard -e --source winget

# 2. Verify
Test-Path 'C:\Program Files\WireGuard\wg.exe'

# 3. Clone IronPath
git clone ssh://root@git.tunable.co/srv/git/ironpath-pqc C:\lab\ironpath
cd C:\lab\ironpath
npm install

# 4. Setup PQC (WSL)
wsl -e bash -lc "bash ~/qcapsule-pqc/m1-pqc.sh"

# 5. Run IronPath
powershell -ExecutionPolicy Bypass -File .\launch.ps1
Verify PQC after connecting 
# key size should be 524160 bytes
wsl -e bash -lc "ls -l ~/qcapsule-pqc/server.pqpk"

# check the handshake log
wsl -e bash -lc "tail -3 ~/qcapsule-pqc/rosenpass.log"

# ping through the PQC tunnel
Test-Connection 10.8.0.1 -Count 3
Security Model

What it protects, and what the limits are

Good security is transparent about its scope. IronPath does not overclaim.

What IronPath protects
  • Tunnel key exchange is hybrid: X25519 + a PSK from ML-KEM/McEliece — an attacker must break both layers.
  • Forward secrecy via an ephemeral PSK rotating every ~2 min; compromising a single round never exposes the entire session.
  • Traffic into the VPN subnet (10.8.0.0/24) is wrapped in the PQC tunnel.
  • Client keys are never committed to git; *.pqsk and the wg PrivateKey remain on the machine only.
·
Scope to be aware of
  • Split tunnel only; traffic outside the VPN subnet does not go through the PQC tunnel.
  • Full tunnel is intentionally disabled to prevent a kill-switch from blocking all networking.
  • PQC operates on port 9998 together with the PSK layer; port 51821 appears as ordinary WireGuard.
  • The rosenpass process does not survive a reboot; reconnect after a restart.
Ready to protect your traffic
from quantum computers?

Request a client bundle from your administrator and begin using IronPath immediately.

Windows 10/11 + Administrator
WireGuard for Windows
WSL2 + Ubuntu
Client Bundle from administrator
Install Guide → Verify PQC