Post-Quantum Authentication in TLS 1.3: A Performance Study

Sikeridis, Dimitrios; Kampanakis, Panos; Devetsikiotis, Michael

doi:10.14722/ndss.2020.24203

Cited by 80 publications

(46 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The work of [29] emulates real network conditions and evaluates the impact of various post-quantum primitives (including key exchange and signatures) on TLS connection establishment performance. In [35] the authors integrate and test the impact of PQ signature algorithms on TLS 1.3 under realistic network conditions.…”

Section: Pq-tlsmentioning

confidence: 99%

Post-Quantum TLS on Embedded Systems: Integrating and Evaluating Kyber and SPHINCS+ with mbed TLS

Bürstinghaus-Steinbach

Krauß

Niederhagen

et al. 2020

Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

View full text Add to dashboard Cite

We present our integration of post-quantum cryptography (PQC), more specifically of the post-quantum KEM scheme Kyber for key establishment and the post-quantum signature scheme SPHINCS + , into the embedded TLS library mbed TLS. We measure the performance of these post-quantum primitives on four different embedded platforms with three different ARM processors and an Xtensa LX6 processor. Furthermore, we compare the performance of our experimental PQC cipher suite to a classical TLS variant using elliptic curve cryptography (ECC). Post-quantum key establishment and signature schemes have been either integrated into TLS or ported to embedded devices before. However, to the best of our knowledge, we are the first to combine TLS, post-quantum schemes, and embedded systems and to measure and evaluate the performance of post-quantum TLS on embedded platforms. Our results show that post-quantum key establishment with Kyber performs well in TLS on embedded devices compared to ECC variants. The use of SPHINCS + signatures comes with certain challenges in terms of signature size and signing time, which mainly affects the use of embedded systems as PQC-TLS server but does not necessarily prevent embedded systems to act as PQC-TLS clients. CCS CONCEPTS • Security and privacy → Digital signatures; • Networks → Transport protocols; Security protocols; • Theory of computation → Cryptographic primitives; Cryptographic protocols.

show abstract

Section: Pq-tlsmentioning

confidence: 99%

Post-Quantum TLS on Embedded Systems: Integrating and Evaluating Kyber and SPHINCS+ with mbed TLS

Bürstinghaus-Steinbach

Krauß

Niederhagen

et al. 2020

Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…Both experiments used standard non-PQ certificates and ECDSA (X25519 curve) for authentication. In the opposite scenario, a team from Cisco tested the impact of PQ signature schemes on the TLS 1.3 handshake while using conventional ECDH (secp384r1 curve) key exchange [28,57]. Their experiments examined the impact of six PQ signature schemes on the TLS handshake and server performance.…”

Section: Related Workmentioning

confidence: 99%

“…Many research teams from Google, Cloudflare, Cisco, Microsoft, and Amazon have been experimenting on PQ algorithm integration exclusively in TLS. They are primarily concerned with PQ key exchange [8,11,31,32,34], and secondarily with the PQ signature algorithm integration [44,57]. Apart from the basic prototyping, the focus has been on investigating backwards compatibility with the existing infrastructure (e.g., current middleboxes) and more importantly studying tunnel establishment speeds since the new PQ schemes come with significant overhead due to key/ciphertext/signature sizes and crypto operation speeds.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Assessing the overhead of post-quantum cryptography in TLS 1.3 and SSH

Sikeridis

Kampanakis

Devetsikiotis

2020

Proceedings of the 16th International Conference on Emerging Networking EXperiments and Technologies

Self Cite

View full text Add to dashboard Cite

The advances in quantum computing present a threat to public key primitives due to their ability to solve hard cryptographic problems in polynomial time. To address this threat to critical Internet security protocols like the Transfer Layer Security (TLS), and Secure Shell (SSH), the National Institute of Standards and Technology (NIST) is currently working on the new generation of quantumresistant key encapsulation and authentication schemes. In this paper, we evaluate protocol handshake performance when both post-quantum key exchange and authentication are integrated into TLS and SSH. Our experiments consider realistic network conditions and reveal that the introduced handshake latency ranges between 1-300% for TLS and 0.5-50% for SSH depending on the post-quantum algorithms used. In addition, we examine how the initial TCP window size affects post-quantum TLS and SSH performance, and show that even a small size increase can reduce the observed post-quantum slowdown by 50%. Finally, we discuss alternatives that can encourage the early adoption of post-quantum cryptography with minimum protocol performance degradation.

show abstract

“…All of them were tested in the BoringSSL library [22] on an Intel Skylake CPU. In [23], some digital signature schemes in the NIST's postquantum cryptography standardization process [1] were implemented in X.509 certificates, which are used in authentication for the TLS protocol. Tests were carried out on a machine with an Intel i5-8350U processor and 16 GB of RAM as a local host.…”

Section: Introductionmentioning

confidence: 99%

Performance of New Hope and CRYSTALS-Dilithium Postquantum Schemes in the Transport Layer Security Protocol

et al. 2020

View full text Add to dashboard Cite

In recent years, there has been a notable amount of research on developing cryptographic schemes that are secure against both quantum and classical computers. In 2016, the National Institute of Standards and Technology (NIST) initiated a process to solicit, evaluate, and standardize one or more quantum-resistant public key cryptographic schemes. This process originated because quantum computers can exploit quantum mechanical phenomena and solve mathematical problems that are difficult or intractable for classical computers. This kind of mathematical problem is the basis of secure public key cryptography. As a consequence, in a near future quantum computers will be able to break many of the public key schemes currently in use. However, the challenge is especially acute for devices with different architectures. They might not be well equipped to run the new standards and interoperate with existing communication protocols and networks. In this work, we analyze the performance of postquantum schemes in the transport layer security (TLS) protocol considering x86 as the server architecture and x86/ARM architectures as clients. All of them lack cloud computing or virtualized environments. Our analysis considers integrating the implementation of two cryptographic schemes that were successful in the second round of the postquantum standardization process, namely, Dilithium and New Hope. The performance of postquantum schemes in the TLS protocol is statistically analyzed in x86 and ARM architectures, giving the relationships, the effects and the survival of the analysis.

show abstract

Post-Quantum Authentication in TLS 1.3: A Performance Study

Cited by 80 publications

References 34 publications

Post-Quantum TLS on Embedded Systems: Integrating and Evaluating Kyber and SPHINCS+ with mbed TLS

Post-Quantum TLS on Embedded Systems: Integrating and Evaluating Kyber and SPHINCS+ with mbed TLS

Assessing the overhead of post-quantum cryptography in TLS 1.3 and SSH

Performance of New Hope and CRYSTALS-Dilithium Postquantum Schemes in the Transport Layer Security Protocol

Contact Info

Product

Resources

About