QORE: Quantum Secure 5G/B5G Core A Strategic Initiative to Quantumize the Global 5G Ecosystem

QORE (QORE) is a comprehensive research and development initiative by coRAN Labs to systematically integrate Post-Quantum Cryptography (PQC) and Quantum Random Number Generation (QRNG) across the entire open source 5G/6G ecosystem. As quantum computing capabilities advance, traditional cryptographic methods face obsolescence. QORE addresses this existential threat by creating quantum-resistant implementations of all major open source cellular core networks.

To ensure the long-term security and viability of open source telecommunications infrastructure by providing production-ready, quantum-resistant implementations of every major 5G Core platform, enabling researchers, operators, and enterprises worldwide to deploy future-proof mobile networks.

Note: While QORE provides open source quantum-resistant implementations, coRAN Labs also offers consulting services to help enterprises assess, plan, and execute Post-Quantum Cryptography migration strategies for any 5G/6G Core platform. Contact: [email protected]

1. Background and Motivation
2. Project Scope
3. Quantumization Status
4. Technical Architecture
5. Post-Quantum Technologies
6. Migration Path
7. Security Features
8. Getting Started
9. Roadmap
10. Contributing
11. Publications and Media
12. License
13. Contact

Modern telecommunications infrastructure relies on cryptographic algorithms (RSA, ECDH, ECDSA) that will become vulnerable to quantum computers implementing Shor's algorithm. The timeline for cryptographically-relevant quantum computers (CRQCs) is uncertain, with estimates ranging from 5-15 years. However, several factors demand immediate action:

• Harvest Now, Decrypt Later (HNDL): Adversaries are already capturing encrypted traffic for future decryption
• Long Infrastructure Lifecycles: 5G equipment deployed today will operate for 10-20 years
• Regulatory Requirements: Governments are beginning to mandate quantum-resistant cryptography
• 3GPP Evolution: Standards bodies are actively developing PQC integration specifications

The global telecommunications ecosystem includes multiple open source 5G Core implementations, each serving distinct use cases:

QORE ensures quantum security across this entire ecosystem, not just a single platform.

QORE aims to quantumize every significant open source mobile core network implementation, creating a comprehensive suite of quantum-resistant alternatives. This includes:

QORE systematically integrates Post-Quantum Cryptography across all layers of the 5G/6G ecosystem:

• Core Network Functions: Service-Based Architecture security, Network Function authentication, subscriber identity protection, certificate infrastructure
• Control and User Planes: Secure interfaces (N2, N3, N4) with quantum-resistant protocols
• Edge and Cloud Infrastructure: Multi-access Edge Computing security, network slicing isolation, cloud-native security
• Standards Integration: Collaboration with 3GPP, IETF, and industry partners for quantum-safe specifications

Note: RAN-level quantum security (gNodeB, O-RAN, RIC) is covered separately under the Q-RAN initiative.

Free5GC and Aether SD-Core have been successfully quantumized with comprehensive Post-Quantum Cryptography integration:

• All Network Functions secured with PQ-mTLS 1.3
• ML-KEM-based SUPI encryption with hybrid mode support
• ML-DSA certificate infrastructure
• PQ-DTLS 1.3 for control plane (N2)
• PQ-IPSec for user plane (N3/N4)
• QRNG integration and AES-256 encryption
• Docker/Kubernetes deployment support

Enterprise-Ready Features:

1. PQ-PKI Dashboard (Management Console)

• Web-based certificate lifecycle management interface
• Real-time monitoring, audit logging, and compliance reporting
• Role-based access control (RBAC) integration
• Automated certificate renewal and revocation workflows

2. Charmed Aether SD-Core (Production Deployment)

• Canonical Juju charm-based orchestration with PQ-mTLS
• PQ-OAuth 2.0 for secure API authentication and authorization
• Multi-cloud deployment (AWS, Azure, GCP, OpenStack, bare metal)
• High availability, auto-scaling, and automated lifecycle management

3. Q-RAN Integration (End-to-End Quantum Security)

• Validated with Q-RAN (Quantumized RAN) implementations
• O-RAN compliant quantum-safe fronthaul/midhaul/backhaul interfaces
• Support for commercial O-RAN radios and software-defined radios (SDRs)
• Complete quantum-resistant network stack from Core to RAN to UE

For production deployments, PQ-PKI Dashboard access, Charmed Aether SD-Core, and commercial support:
Contact: [email protected] | Website: coranlabs.com

Repository locations: qore_free5gc/ and qore_aether_sdcore/

OpenAirInterface (OAI)

Open5GS and Magma Core

QORE integrates NIST-standardized Post-Quantum Cryptographic algorithms:

ML-KEM (Module-Lattice-Based Key Encapsulation Mechanism)

• Standard: FIPS 203
• Security Levels: ML-KEM-512, ML-KEM-768, ML-KEM-1024
• Use Cases: TLS/DTLS key exchange, SUPI encryption, IPsec IKEv2
• Implementation: Cloudflare Circl library, liboqs

ML-DSA (Module-Lattice-Based Digital Signature Algorithm)

• Standard: FIPS 204
• Security Levels: ML-DSA-44, ML-DSA-65, ML-DSA-87
• Use Cases: Certificate signatures, NF authentication, message signing
• Implementation: Circl, liboqs

SLH-DSA (Stateless Hash-Based Digital Signature Algorithm)

• Standard: FIPS 205
• Planned Integration: Q3 2025 for certificate authority root keys

Quantum-resistant adaptation of TLS 1.3 for Service-Based Interface (SBI) protection:

• Replaces ECDHE with ML-KEM for key exchange
• Uses ML-DSA for certificate signatures
• Maintains TLS 1.3 handshake efficiency
• Backward compatibility with hybrid mode (classical + PQ)

Secures connection-oriented protocols over unreliable transports:

• Used for N2 interface (NGAP over SCTP between gNB and AMF)
• Protects control plane signaling
• Low latency suitable for radio interface timing requirements

Quantum-safe user plane encryption:

• IKEv2 with ML-KEM for key establishment
• Protects N3 (gNB-UPF), N4 (SMF-UPF), N9 (UPF-UPF) interfaces
• ESP encryption with AES-256-GCM
• Hardware acceleration support for line-rate performance

QRNG Integration:

• True random number generation using quantum entropy sources
• Eliminates pseudo-random number generator (PRNG) vulnerabilities
• Used for cryptographic key generation, nonces, IVs
• API integration with multiple QRNG providers (ID Quantique, Quintessence Labs)

The Service-Based Architecture in 5G Core relies on HTTP/2 with TLS for inter-NF communication. QORE enhances this with PQ-mTLS:

Key Features:

• Mutual authentication using ML-DSA certificates
• Perfect Forward Secrecy (PFS) with ML-KEM key exchange
• Session resumption with post-quantum session tickets
• HTTP/2 multiplexing preserved

SUPI (Subscription Permanent Identifier) encryption prevents IMSI catching attacks. QORE implements quantum-resistant SUPI encryption:

Implementation Details:

• Profile A: ML-KEM-768 key encapsulation
• Profile B: ML-KEM-1024 for high-security deployments
• Hybrid Mode: Combined classical ECIES + ML-KEM
• Home Network decryption with QRNG-derived keys

Post-Quantum Public Key Infrastructure (PQ-PKI) with ML-DSA signatures:

Components:

• Root CA with ML-DSA-87 signatures

• Intermediate CAs for organizational hierarchy

• End-entity certificates for each NF

• Certificate Revocation Lists (CRL) with quantum-safe signatures

• OCSP responder with PQ authentication

• Web-based PQ-PKI Dashboard for enterprise deployments

• Certificate lifecycle management (issuance, renewal, revocation)

• Real-time monitoring and audit logging

• Role-based access control (RBAC)

• Integration with existing enterprise identity systems

The N2 interface carries NGAP signaling between gNodeB and AMF. QORE secures this with PQ-DTLS 1.3:

True randomness is critical for cryptographic security. QORE integrates QRNG for unpredictable key material:

While symmetric cryptography has higher quantum resistance, QORE upgrades to AES-256 for defense-in-depth:

• Operating System: Ubuntu 20.04/22.04 LTS or RHEL 8/9
• Container Runtime: Docker 20.10+ and Docker Compose, or Podman 4.0+
• Orchestration (for Aether): Kubernetes 1.24+ with Helm 3.8+
• Hardware: x86_64 architecture, 8+ CPU cores, 16GB+ RAM
• Networking: Multiple network interfaces or VLAN support for user/control plane separation

# Clone the repository
git clone https://github.com/coranlabs/QORE.git
cd QORE/qore_free5gc

# Build containers with PQ support
docker-compose build

# Deploy the core network
docker-compose up -d

# Verify NF status
docker-compose ps

# View logs
docker-compose logs -f amf

Note: For production deployments with Charmed Aether SD-Core, PQ-PKI Dashboard, and commercial support, see our enterprise offerings.

cd QORE/qore_aether_sdcore

# Install via Helm
helm install sd-core-pq ./helm-charts/sd-core-pq

# Verify deployment
kubectl get pods -n aether

Detailed Documentation: See individual project directories for deployment guides.

• Successfully quantumized Free5GC and Aether SD-Core platforms
• Integrated ML-KEM, ML-DSA, and QRNG across all network functions
• Established coRAN LABS Public License framework
• Launched community engagement with LFN, Anuket, and ONAP

• Complete quantumization of additional open source 5G Core platforms (OAI, Open5GS, Magma)
• 3GPP Release 17+ compliance and standards alignment
• Performance optimization and production deployment support
• Multi-vendor interoperability testing and certification
• Enhanced QRNG integration and edge deployment optimization

• Advanced quantum-safe features (network slicing, MEC security)
• Hardware acceleration partnerships for production-scale deployments
• Expanded ecosystem support and operator production pilots
• AI/ML integration for quantum threat detection and response
• Contribution to 3GPP Release 18+ quantum security specifications

QORE is an open research initiative. We welcome contributions from academia, industry, and the open source community.

1. Code Contributions: Implement PQC for additional NFs or platforms
2. Testing: Interoperability testing, performance benchmarking, security audits
3. Documentation: Deployment guides, API documentation, tutorials
4. Research: Algorithm optimization, protocol design, threat modeling

# Fork the repository
git clone https://github.com/coranlabs/QORE.git

# Create a feature branch
git checkout -b feature/pqc-implementation

# Make your changes and commit
git commit -m "Add ML-KEM support to component"

# Push and create a Pull Request
git push origin feature/pqc-implementation

Contributor License Agreement: By submitting a contribution, you agree to license your work under the coRAN LABS Public License v1.0.

• coRAN Labs Whitepapers Repository - Comprehensive technical documentation, architecture guides, and research papers

1. QORE: Implementing PQ-mTLS 1.3 in 5G Core
2. 5G QORE: Post-Quantum Cryptography in Action
3. QORE: Quantumized 5G Core Deployment
4. QORE: Post-Quantum Security for 5G Networks

1. Anuket TSC Discussion: Post-Quantum Cryptography in Cloud Native Telecom
2. ONAP TSC: Quantum Security Integration Proposal
3. LFN CNTI: Input from ETSI on Quantum Security & Encryption - PoC Slides
4. QORE Project Presentation: Slides and Technical Overview

QORE is licensed under the coRAN LABS Public License Version 1.0.

• Research and Academic Use: Free, no restrictions
• Commercial Use: Requires FRAND (Fair, Reasonable, Non-Discriminatory) licensing
• Patent Grant: Royalty-free for research, negotiable for commercial deployment
• Third-Party Components: Original licenses apply (see NOTICE file)

Full License: LICENSE
Third-Party Notices: NOTICE

For commercial deployment, product integration, or custom development:

• Email: [email protected]
• Partnership Inquiries: [email protected]

• Website: www.coranlabs.com
• Email: [email protected]
• GitHub: github.com/coranlabs

• Issue Tracker: GitHub Issues
• Discussion Forum: GitHub Discussions

Securing the Future of Telecommunications
QORE: Making Every 5G Core Quantum-Resistant

Copyright © 2024 coRAN Labs and Contributors
Licensed under coRAN LABS Public License v1.0