Abstract
Widely used asymmetric primitives such as RSA or Elliptic Curve Diffie Hellman (ECDH), which enable authentication and key exchange, could be broken by Quantum Computers (QCs) in the coming years. Quantum-safe alternatives are urgently needed. However, a thorough investigation of these schemes is crucial to achieve sufficient levels of security, performance, and integrability in different application contexts. The integration into Transport Layer Security (TLS) plays an important role, as this security protocol is used in about 90% of today’s Internet connections and relies heavily on asymmetric cryptography. In this work, we evaluate different Post Quantum Cryptography (PQC) key establishment schemes in TLS 1.3 by extending the framework of Paquin et al.. We analyze the TLS handshake performance under variation of network parameters such as packet loss. This allows us to investigate the suitability of PQC KEMs in specific application contexts. We observe that Kyber and other structured lattice-based algorithms achieve very good overall performance and partially beat classical schemes. Other approaches such as FrodoKEM, HQC and BIKE show individual disadvantages. For these algorithms, there is a clear performance decrease when increasing the security level or using a hybrid implementation, e.g., a combination with ECDH. This is especially true for FrodoKEM, which, however, meets high security requirements in general. It becomes clear that performance is strongly influenced by the underlying network processes, which must be taken into account when selecting PQC algorithms.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Agence nationale de la sécurité des systèmes d’information (ANSSI): ANSSI views on the Post-Quantum Cryptography transition. Technical report (2022). Accessed 09 July 2023
Alagic, G., et al.: Status report on the second round of the nist post-quantum cryptography standardization process. Technical report, National Institute of Standards and Technology, Gaithersburg, Maryland, United States of America (2020)
Aragon, N.: Bike - bit flipping key encapsulation (2021). https://bikesuite.org
Ashraf, S.A., et al.: Ultra-reliable and low-latency communication for wireless factory automation: from LTE to 5G. In: 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA)
Auten, D., et al.: Impact of resource-constrained networks on the performance of NIST round-3 PQC candidates. In: 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC)
Balasubramanian, A., et al.: Augmenting mobile 3G using WiFi. In: 8th International Conference on Mobile Systems, Applications, and Services. MobiSys ’10, ACM (2010)
Barton, J., Buchanan, W.J., Abramson, W., Pitropakis, N.: Performance analysis of TLS for quantum robust cryptography on a constrained device (2019). https://doi.org/10.48550/arXiv.1912.12257. Accessed 01 Oct 2023
Bellare, M., et al.: A modular approach to the design and analysis of authentication and key exchange protocols. In: ACM Symposium on Theory of Computing (1998)
Bernstein, D.J., et al.: NTRU Prime (2020). https://ntruprime.cr.yp.to. Accessed 25 July 2022
Biederman, E.W., Nicolas, D.: ip-netns(8). Linux manual page (2021). https://man7.org/linux/man-pages/man8/ip-netns.8.html. Accessed 25 July 2022
Bindel, N., Brendel, J., Fischlin, M., Goncalves, B., Stebila, D.: Hybrid key encapsulation mechanisms and authenticated key exchange. In: Ding, J., Steinwandt, R. (eds.) PQCrypto 2019. LNCS, vol. 11505, pp. 206–226. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25510-7_12
Biswal, P., Gnawali, O.: Does QUIC make the web faster? In: 2016 IEEE Global Communications Conference (GLOBECOM), pp. 1–6. IEEE Press, Washington, DC, USA (2016). https://doi.org/10.1109/GLOCOM.2016.7841749
Blanton, E., Paxson, D.V., Allman, M.: TCP Congestion Control. RFC 5681, September 2009. https://doi.org/10.17487/RFC5681
Borman, D.: RFC 6691: TCP Options and Maximum Segment Size (MSS). Informational RFC6691, Internet Engineering Task Force (IETF), July 2012. https://doi.org/10.17487/rfc6691
Bos, J., et al.: CRYSTALS-Kyber: a CCA-secure module-lattice-based KEM. In: 2018 IEEE European Symposium on Security and Privacy (EuroS &P) (2018)
Campagna, M., Petcher, A.: Security of hybrid key encapsulation. IACR Cryptol. ePrint Arch. 2020, 1364 (2020)
Castryck, W., Decru, T.: An efficient key recovery attack on SIDH. Cryptology ePrint Archive, August 2022. https://ia.cr/2022/975. Accessed 19 Jan 2023
Chen, L., et al.: Report on post-quantum cryptography, vol. 12. US Department of Commerce, National Institute of Standards and Technology, USA (2016)
Cook, S., Mathieu, B., Truong, P., Hamchaoui, I.: QUIC: better for what and for whom? In: 2017 IEEE International Conference on Communications (ICC) (2017)
Crockett, E., et al.: Prototyping post-quantum and hybrid key exchange and authentication in TLS and SSH. IACR Cryptol. ePrint Arch. 2019, 858 (2019)
D’Anvers, J.P., et al.: Saber: MLWR-based KEM (2022). www.esat.kuleuven.be/cosic/pqcrypto/saber/. Accessed 25 July 2022
Easttom, W.: Modern Cryptography: Applied Mathematics for Encryption and Information Security. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-63115-4
Easttom, W.: Quantum Computing and Cryptography, pp. 385–390. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-63115-4_19
Easttom, W.: SSL/TLS. In: Modern Cryptography, pp. 277–298. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-63115-4_13
Eddy, W.: Transmission Control Protocol (TCP). Internet Standard RFC9293, (IETF), USA, August 2022. https://doi.org/10.17487/RFC9293
Ehlen, S., et al.: Kryptografie quantensicher gestalten. Grundlagen, Entwicklungen, Empfehlungen. Technical report. BSI-Bro21/01, Bundesamt für Sicherheit in der Informationstechnik (BSI), October 2021. www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Broschueren/Kryptografie-quantensicher-gestalten.pdf
Goel, U., et al.: HTTP/2 performance in cellular networks: poster. In: 22nd Annual International Conference on Mobile Computing and Networking. ACM (2016)
Hall, T.A., Keller, S.S.: The fips 186–4 elliptic curve digital signature algorithm validation system (ecdsa2vs). Technical report, National Institute of Standards and Technology. Information Technology Laboratory, May 2010
Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054868
Ihm, S., Pai, V.S.: Towards understanding modern web traffic. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference (2011). https://doi.org/10.1145/2068816.2068845
Jao, D., et al.: SIKE - Supersingular Isogeny Key Encapsulation (2022). https://sike.org. Accessed 25 July 2022
John, W., Tafvelin, S.: Analysis of internet backbone traffic and header anomalies observed. In: Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement, October 2007. https://doi.org/10.1145/1298306.1298321
Kerrisk, M., et al.: tc(8). Linux manual page (2001). https://man7.org/linux/man-pages/man8/tc.8.html. Accessed 25 July 2022
Kerrisk, M., et al.: tc-netem(8). Linux manual page (2011). https://man7.org/linux/man-pages/man8/tc-netem.8.html. Accessed 25 July 2022
Kerrisk, M., et al.: veth(4). Linux manual page (2021). https://man7.org/linux/man-pages/man4/veth.4.html. Accessed 25 July 2022
Kwiatkowski, K., et al.: Measuring TLS key exchange with post-quantum KEM. record of second PQC standardization conference (2019). https://csrc.nist.gov/CSRC/media/Events/Second-PQC-Standardization-Conference/documents/accepted-papers/kwiatkowski-measuring-tls.pdf. Accessed 01 Dec 2021
Lee, H., Kim, D., Kwon, Y.: TLS 1.3 in practice: how TLS 1.3 contributes to the internet. In: Web Conference 2021, pp. 70–79. ACM (2021)
Maino, L., et al.: An attack on sidh with arbitrary starting curve. Cryptology ePrint Archive (2022). https://eprint.iacr.org/2022/1026.pdf. Accessed 19 Jan 2023
McEliece, R.J.: A public-key cryptosystem based on algebraic. Coding Thv 4244, 114–116 (1978)
Megyesi, P., et al.: How quick is QUIC? In: IEEE International Conference on Communications. Springer (2016). https://doi.org/10.1109/ICC.2016.7510788
Melchor, C.A., et al.: HQC (2021). https://pqc-hqc.org. Accessed 25 July 2022
O. Saarinen, M.J.: Mobile energy requirements of the upcoming NIST post-quantum cryptography standards. In: 2020 8th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud) (2020)
Ott, D., Peikert, C., et al.: Identifying research challenges in post quantum cryptography migration and cryptographic agility. arXiv preprint arXiv:1909.07353 (2019)
Paquin, C., Stebila, D., Tamvada, G.: Benchmarking post-quantum cryptography in TLS. In: Ding, J., Tillich, J.-P. (eds.) PQCrypto 2020. LNCS, vol. 12100, pp. 72–91. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-44223-1_5
Paul, S., et al.: Mixed certificate chains for the transition to post-quantum authentication in TLS 1.3. In: ASIA CCS ’22: ACM Asia Conference on Computer and Communications Security
Postel, J.: RFC 791: Internet Protocol. Internet Standard RFC0791, University of Southern California, USA, September 1981. https://doi.org/10.17487/rfc0791
Prantl, T., Iffländer, L., Herrnleben, S., Engel, S., Kounev, S., Krupitzer, C.: Performance impact analysis of securing MQTT using TLS. In: ACM/SPEC International Conference on Performance Engineering. ACM (2021)
Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446, August 2018. https://doi.org/10.17487/RFC8446
Romine, C.E.A.: Security requirements for cryptographic modules. Technical report. FIPS PUB 140–3, National Institute of Standards and Technology (2019). https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf
Schanck, J.M., et al.: Criteria for selection of public-key cryptographic algorithms for quantum-safe hybrid cryptography. Internet-draft, IETF (2016). https://datatracker.ietf.org/doc/html/draft-whyte-select-pkc-qsh-02
Schanck, J.M., et al.: A Transport Layer Security (TLS) Extension For Establishing An Additional Shared Secret. Internet-Draft draft-schanck-tls-additional-keyshare-00, Internet Engineering Task Force (2017). https://datatracker.ietf.org/doc/html/draft-schanck-tls-additional-keyshare-00, work in Progress
Schwabe, P., Stebila, D., Wiggers, T.: Post-quantum TLS without handshake signatures. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (2020). https://doi.org/10.1145/3372297.3423350
Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: Proceedings 35th Annual Symposium on Foundations of Computer Science. IEEE, Santa Fe, NM, USA (1994). https://doi.org/10.1109/SFCS.1994.365700
Sikeridis, D., Kampanakis, P., Devetsikiotis, M.: Assessing the Overhead of Post-Quantum Cryptography in TLS 1.3 and SSH. Association for Computing Machinery, New York, NY, USA (2020). https://doi.org/10.1145/3386367.3431305
Stebila, D., Fluhrer, S., Gueron, S.: Hybrid key exchange in TLS 1.3. Internet-Draft draft-ietf-tls-hybrid-design-04, Internet Engineering Task Force, January 2022. https://datatracker.ietf.org/doc/html/draft-ietf-tls-hybrid-design-04
Stebila, D., Mosca, M.: Post-quantum key exchange for the internet and the open quantum safe project. In: Avanzi, R., Heys, H. (eds.) SAC 2016. LNCS, vol. 10532, pp. 14–37. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69453-5_2
US Department of Commerce, National Institute of Standards and Technology: Submission Requirements and Evaluation Criteria for the Post-Quantum Cryptography Standardization Process (2016)
Wang, P., Bianco, C., Riihijärvi, J., Petrova, M.: Implementation and performance evaluation of the QUIC protocol in Linux kernel. In: 21st ACM International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems. ACM (2018)
Whyte, W., et al.: Quantum-Safe Hybrid (QSH) Key Exchange for Transport Layer Security (TLS) version 1.3. Internet-Draft draft-whyte-qsh-tls13-06, Internet Engineering Task Force, October 2017. https://datatracker.ietf.org/doc/html/draft-whyte-qsh-tls13-06, work in Progress
Yu, Y., et al.: When QUIC meets TCP: an experimental study. In: IEEE 36th International Performance Computing and Communications Conference (IPCCC) (2017). https://doi.org/10.1109/PCCC.2017.8280429
Zhang, L., Miranskyy, A.V., Rjaibi, W., Stager, G., Gray, M., Peck, J.: Making existing software quantum safe: lessons learned. preprint arXiv:2110.08661 (2021)
Zhu, Q., et al.: Applications of distributed ledger technologies to the internet of things: a survey. ACM Comput. Surv. (2019). https://doi.org/10.1145/3359982
Acknowledgment
Funded by the German Federal Ministry of Education and Research and the Hessian Ministry of Higher Education, Research, Science and the Arts as part of the National Research Center for Applied Cybersecurity ATHENE and the Project DemoQuanDT (Reference 16KISQ072).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Appendix
A Appendix
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Henrich, J., Heinemann, A., Wiesmaier, A., Schmitt, N. (2023). Performance Impact of PQC KEMs on TLS 1.3 Under Varying Network Characteristics. In: Athanasopoulos, E., Mennink, B. (eds) Information Security. ISC 2023. Lecture Notes in Computer Science, vol 14411. Springer, Cham. https://doi.org/10.1007/978-3-031-49187-0_14
Download citation
DOI: https://doi.org/10.1007/978-3-031-49187-0_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-49186-3
Online ISBN: 978-3-031-49187-0
eBook Packages: Computer ScienceComputer Science (R0)