Are you curious about the future of cryptography and post-quantum Security?
Meet Karolin Varner, who is passionate about making cryptography accessible and future-proof. As the lead of Rosenpass, she’s spearheading a revolutionary open-source project designed to enhance the Security of key exchange systems like WireGuard VPN against potential quantum computer attacks.
By focusing on quality and design, Karolin and her team ensure that secure, post-quantum connections are within everyone’s reach.
Keen on learning more?
✨Welcome to the world of Rosenpass✨
Can you introduce yourself and your project?
I am Karolin Varner, and I lead the open-source project Rosenpass. Rosenpass is a future-focused cryptography project designed to work with key exchange systems like WireGuard VPN to secure against attacks with quantum computers. Cryptography is complex, and our goal is to make cryptography easy and accessible to everyone while guarding against a future where quantum computing is the norm.
If you have a WireGuard VPN and you want post-quantum Security, Rosenpass is *the* project to use. If you need a post-quantum secure internet connection for something other than WireGuard, Rosenpass is probably also a good choice, but there is more integration effort.
What are the key issues you see with the state of the Internet today?
Security is a critical issue in computing, particularly on the Internet today. Movements to ban cryptography are a huge threat to safety online, as are more visible issues like censorship, misinformation, and surveillance capitalism through online tracking.
How does your project contribute to correcting some of those issues?
Rosenpass, at its heart, is a future-proofing infrastructure project. We are working to ensure that existing security technology will keep working as computers get faster. Cryptography is a critical infrastructure as it helps us communicate safely from prying eyes, verify information that allows for safe interactions, and enable the flow of information on the internet.
Cryptography will become even more important with the rapid adoption of things like generative AI. It is often said that the most basic security guarantees cryptography can help us provide are privacy, secrecy, confidentiality, and authenticity. Authenticity may become increasingly important as AI creates a need to validate that information is coming from a specific source.
Rosenpass is not targeted at protecting against AI spam, but we specifically target authenticity even against quantum computers.
What do you like most about (working on) your project?
It’s as exciting as it is boring!
I like to polish a piece of software until it shines. You don’t get to do that in most software engineering areas. You need to deliver a feature quickly and then move on to the next. It is never about approaching the technical debt that was amassed.
Since we’re focused on providing the highest level of Security and on becoming an internet infrastructure project, we get to really focus on quality and design. Also, cryptography cuts across every layer of abstraction in technology and all functions of computing.
💫I also love leading the team!💫
I get to advise and connect with many people and backgrounds, from highly technical folks to researchers to non-coders interested in the project. I pride myself on being a very community-oriented person, and as the project lead, I get to help people when they come into the project, guiding them to contribute in ways that align with our overall priorities and connect with their background and other work.
Where will you take your project next?
We have lots of exciting things we’re working on!🚀
From core security-focused projects like supporting more ways of establishing a secure connection with different trade-offs to supporting more ciphers to usability-focused projects and many exciting collaborations, we want to be sure we’re providing the most secure tool and improving usability so that secure computing is accessible to everyone.
We’re also always working on improving how the project is managed and continuing to fund the work so that we can achieve our goals and scale and onboard contributors to the project.
How did NGI Assure help you reach your goals for your project?
NGI Assure was the first grant I ever applied for! I had never thought the work I was doing would qualify for a grant, but someone at Real World Crypto approached me and suggested that I apply for an NLNet grant. I spent a day or two writing the proposal, and suddenly, I had funding to turn this into a proper project. It was a bit of a shock but also really awesome.
Do you have advice for people who are considering applying for NGI funding?
Start on something small with people you want to work with and make sure you prioritize collaboration and management. The admin and bureaucracy are essential! When you start working with funding, remember the details, like getting a tax advisor! As you operationalize the work, establishing transparent processes and staying organized will be crucial to scaling your efforts effectively.
Do you have any recommendations to improve future NGI programs or the wider NGI initiative?
Stability for the long term is really critical. It’s hard to run and manage a project, so it is vital to think about longer-term funding and support for developing the skills and infrastructure to manage a project. Some people have enough Security in their lives to just pursue something like an NLNet project for half a year, but only very privileged people can do that. For open-source sponsoring to be viable for marginalized people, there must be a social net and longer-term support.
