Skip to main content
NetBird implements quantum-resistant encryption through Rosenpass, providing protection against future quantum computer attacks. This feature adds post-quantum key exchange on top of WireGuard’s existing encryption.

What is Rosenpass?

Rosenpass is a formally verified, post-quantum secure key exchange protocol designed to complement WireGuard. It provides additional key material that is resistant to attacks from quantum computers, even hypothetical future ones.
Rosenpass uses the Classic McEliece cryptosystem, a code-based post-quantum algorithm that’s a finalist in NIST’s post-quantum cryptography standardization project.

Why Quantum Resistance Matters

Harvest Now, Decrypt Later Attacks

Adversaries can capture encrypted traffic today and store it, waiting for quantum computers powerful enough to decrypt it in the future. This is particularly concerning for:
  • Long-lived sensitive data
  • Regulatory compliance requirements (GDPR, HIPAA)
  • National security information
  • Intellectual property
  • Financial records

Post-Quantum Cryptography

Quantum computers threaten current public-key cryptography:
  • Traditional RSA/ECC: Vulnerable to quantum attacks (Shor’s algorithm)
  • WireGuard alone: Uses Curve25519, susceptible to quantum cryptanalysis
  • Rosenpass + WireGuard: Adds quantum-resistant key exchange layer

How Rosenpass Works with NetBird

Rosenpass integrates with WireGuard to provide defense-in-depth:
1

Initial Key Exchange

Rosenpass performs a post-quantum key exchange between peers using Classic McEliece.
2

Key Material Mixing

The quantum-resistant key material is mixed with WireGuard’s traditional keys.
3

Periodic Key Rotation

Rosenpass continuously exchanges new key material every 2 minutes, providing forward secrecy.
4

Encryption

WireGuard encrypts traffic using the combined key material, protecting against both classical and quantum attacks.
Even if WireGuard’s Curve25519 is broken by quantum computers, the Rosenpass-derived keys keep the connection secure.

Enabling Rosenpass

NetBird Client Configuration

Enable Rosenpass when starting the NetBird client: 
# Enable Rosenpass for quantum resistance
netbird up --enable-rosenpass
This flag activates Rosenpass for all peer connections where both sides support it.

Permissive Mode

Rosenpass permissive mode allows your peer to accept connections from peers that don’t have Rosenpass enabled: 
netbird up --enable-rosenpass --rosenpass-permissive
Permissive mode behavior:
  • Enables Rosenpass for peers that support it
  • Allows fallback to WireGuard-only for peers without Rosenpass
  • Useful during migration periods
  • Less secure than requiring Rosenpass on all connections

Checking Rosenpass Status

Verify Rosenpass is active: 
# Check peer connections
netbird status

# Look for Rosenpass indicators in peer status
netbird status --detail

Deployment Strategies

Phased Rollout

Roll out Rosenpass gradually to minimize disruption:
1

Test Environment

Enable Rosenpass in a test environment with a few peers.
netbird up --enable-rosenpass --rosenpass-permissive
2

Pilot Group

Deploy to a pilot group using permissive mode.Monitor for compatibility issues and performance impact.
3

Organization-Wide

Roll out to all peers once pilot is successful.Keep permissive mode enabled during transition.
4

Enforce Rosenpass

After all peers are upgraded, disable permissive mode.
netbird up --enable-rosenpass

Network-Wide Configuration

For managed deployments, distribute configuration via:

Configuration Management

Use Ansible, Puppet, or Chef to deploy Rosenpass-enabled configurations.

Group Policy

Deploy Windows configurations via Group Policy Objects (GPO).

Mobile Device Management

Push configurations to mobile devices via MDM solutions.

Container Orchestration

Configure Rosenpass in container environment variables or config maps.

Performance Considerations

Computational Overhead

Rosenpass adds minimal overhead:
  • Key exchange: Initial handshake takes slightly longer
  • Ongoing overhead: Negligible impact on throughput
  • CPU usage: Minimal increase for key rotation every 2 minutes
  • Memory: Small additional memory footprint for Rosenpass daemon

Network Impact

Rosenpass protocol characteristics:
MetricImpact
Handshake sizeLarger than WireGuard-only (~1.3MB initial exchange)
Key rotationEvery 2 minutes (small periodic packets)
BandwidthLess than 1% increase for typical workloads
LatencyNo measurable impact on established connections
The larger initial handshake is due to Classic McEliece’s post-quantum security properties. After the initial exchange, performance is nearly identical to WireGuard-only.

Platform Support

Rosenpass availability by platform:
PlatformSupportNotes
Linux✅ FullNative support
macOS✅ FullSupported on all versions
Windows✅ FullWindows 10/11
Android✅ FullMobile support
iOS✅ FullMobile support
OpenWRT✅ FullRouter/embedded support
Docker✅ FullContainer deployments
Serverless✅ FullFaaS environments

Security Properties

Cryptographic Guarantees

Rosenpass provides:
  • Post-quantum security: Resistant to Grover’s and Shor’s quantum algorithms
  • Forward secrecy: Periodic key rotation every 2 minutes
  • Defense in depth: Complements WireGuard’s encryption
  • Formal verification: Mathematically proven security properties

Threat Model

Rosenpass protects against:
Even if a sufficiently powerful quantum computer breaks Curve25519:
  • Rosenpass keys remain secure
  • Traffic stays encrypted
  • No retroactive decryption possible
Adversaries capturing encrypted traffic today cannot:
  • Decrypt it when quantum computers arrive
  • Recover historical key material
  • Break forward secrecy guarantees
Rosenpass doesn’t weaken existing security:
  • WireGuard’s classical security remains intact
  • No reduction in current threat protection
  • Additional layer, not a replacement

What Rosenpass Doesn’t Protect

Rosenpass does not protect against:
  • Compromised endpoints (malware, keyloggers)
  • Social engineering attacks
  • Weak passwords or authentication
  • Physical access to devices
  • Zero-day vulnerabilities in the OS or NetBird client
Use in combination with other security measures (MFA, posture checks, access policies).

Compliance and Standards

Regulatory Considerations

Post-quantum cryptography is becoming a compliance requirement:
  • NIST: Standardizing post-quantum algorithms
  • NSA: Recommends planning for quantum-resistant cryptography
  • EU: Quantum-safe cryptography in digital security strategies
  • Financial sector: Moving towards quantum-resistant solutions

Algorithm Selection

Why Classic McEliece:
1

NIST Finalist

Classic McEliece is a finalist in NIST’s PQC standardization.
2

Proven Security

Code-based cryptography has decades of cryptanalysis without breaks.
3

Conservative Choice

Relies on well-understood mathematical problems.
4

Long-term Confidence

Likely to remain secure even as quantum computing advances.

Troubleshooting

Symptoms:
  • Peers fail to establish quantum-resistant connection
  • Falling back to WireGuard-only in permissive mode
Solutions:
  1. Verify both peers have Rosenpass enabled
  2. Check firewall rules allow Rosenpass packets
  3. Ensure peers are running compatible NetBird versions
  4. Review logs for specific error messages
# Check logs for Rosenpass errors
netbird debug log
If experiencing slowdowns:
  1. Measure baseline performance without Rosenpass
  2. Check CPU usage during key rotation
  3. Verify network bandwidth isn’t saturated
  4. Rule out other factors (firewall, NAT, routing)
Rosenpass should not cause noticeable performance degradation. If you see significant impact, investigate other potential causes.
Mixed version environments:
  • Older NetBird versions may not support Rosenpass
  • Use permissive mode during upgrade period
  • Plan coordinated upgrades for best results
Platform-specific:
  • Ensure all platforms in your deployment support Rosenpass
  • Test in staging environment first

Best Practices

1

Enable by Default

Make Rosenpass the default for all new deployments.
2

Document Rollout

Keep records of which peers have Rosenpass enabled.
3

Monitor Adoption

Track Rosenpass adoption rate across your network.
4

Plan for Post-Quantum Future

Stay informed about NIST PQC standardization progress.
5

Test Regularly

Verify Rosenpass continues working after client updates.
6

Combine with Other Security

Use alongside MFA, posture checks, and access policies.

Learn More

Rosenpass Project

Official Rosenpass documentation and research papers

NetBird Blog

NetBird’s quantum resistance announcement

NIST PQC

NIST Post-Quantum Cryptography project

Classic McEliece

Classic McEliece algorithm details

Next Steps

SSO Setup

Configure identity provider integration

Network Access

Set up access control policies

Build docs developers (and LLMs) love

Get started for freeTalk to us