Skip to main content
SpringerLink
Log in

Performance Impact of PQC KEMs on TLS 1.3 Under Varying Network Characteristics

  • Conference paper
  • First Online:
Information Security (ISC 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14411))

Included in the following conference series:

Abstract

Widely used asymmetric primitives such as RSA or Elliptic Curve Diffie Hellman (ECDH), which enable authentication and key exchange, could be broken by Quantum Computers (QCs) in the coming years. Quantum-safe alternatives are urgently needed. However, a thorough investigation of these schemes is crucial to achieve sufficient levels of security, performance, and integrability in different application contexts. The integration into Transport Layer Security (TLS) plays an important role, as this security protocol is used in about 90% of today’s Internet connections and relies heavily on asymmetric cryptography. In this work, we evaluate different Post Quantum Cryptography (PQC) key establishment schemes in TLS 1.3 by extending the framework of Paquin et al.. We analyze the TLS handshake performance under variation of network parameters such as packet loss. This allows us to investigate the suitability of PQC KEMs in specific application contexts. We observe that Kyber and other structured lattice-based algorithms achieve very good overall performance and partially beat classical schemes. Other approaches such as FrodoKEM, HQC and BIKE show individual disadvantages. For these algorithms, there is a clear performance decrease when increasing the security level or using a hybrid implementation, e.g., a combination with ECDH. This is especially true for FrodoKEM, which, however, meets high security requirements in general. It becomes clear that performance is strongly influenced by the underlying network processes, which must be taken into account when selecting PQC algorithms.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://code.fbi.h-da.de/pqc-benchmarking/benchmarking-pqc-in-tls.

References

  1. Agence nationale de la sécurité des systèmes d’information (ANSSI): ANSSI views on the Post-Quantum Cryptography transition. Technical report (2022). Accessed 09 July 2023

    Google Scholar 

  2. Alagic, G., et al.: Status report on the second round of the nist post-quantum cryptography standardization process. Technical report, National Institute of Standards and Technology, Gaithersburg, Maryland, United States of America (2020)

    Google Scholar 

  3. Aragon, N.: Bike - bit flipping key encapsulation (2021). https://bikesuite.org

  4. Ashraf, S.A., et al.: Ultra-reliable and low-latency communication for wireless factory automation: from LTE to 5G. In: 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA)

    Google Scholar 

  5. Auten, D., et al.: Impact of resource-constrained networks on the performance of NIST round-3 PQC candidates. In: 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC)

    Google Scholar 

  6. Balasubramanian, A., et al.: Augmenting mobile 3G using WiFi. In: 8th International Conference on Mobile Systems, Applications, and Services. MobiSys ’10, ACM (2010)

    Google Scholar 

  7. Barton, J., Buchanan, W.J., Abramson, W., Pitropakis, N.: Performance analysis of TLS for quantum robust cryptography on a constrained device (2019). https://doi.org/10.48550/arXiv.1912.12257. Accessed 01 Oct 2023

  8. Bellare, M., et al.: A modular approach to the design and analysis of authentication and key exchange protocols. In: ACM Symposium on Theory of Computing (1998)

    Google Scholar 

  9. Bernstein, D.J., et al.: NTRU Prime (2020). https://ntruprime.cr.yp.to. Accessed 25 July 2022

  10. Biederman, E.W., Nicolas, D.: ip-netns(8). Linux manual page (2021). https://man7.org/linux/man-pages/man8/ip-netns.8.html. Accessed 25 July 2022

  11. Bindel, N., Brendel, J., Fischlin, M., Goncalves, B., Stebila, D.: Hybrid key encapsulation mechanisms and authenticated key exchange. In: Ding, J., Steinwandt, R. (eds.) PQCrypto 2019. LNCS, vol. 11505, pp. 206–226. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25510-7_12

    Chapter  Google Scholar 

  12. Biswal, P., Gnawali, O.: Does QUIC make the web faster? In: 2016 IEEE Global Communications Conference (GLOBECOM), pp. 1–6. IEEE Press, Washington, DC, USA (2016). https://doi.org/10.1109/GLOCOM.2016.7841749

  13. Blanton, E., Paxson, D.V., Allman, M.: TCP Congestion Control. RFC 5681, September 2009. https://doi.org/10.17487/RFC5681

  14. Borman, D.: RFC 6691: TCP Options and Maximum Segment Size (MSS). Informational RFC6691, Internet Engineering Task Force (IETF), July 2012. https://doi.org/10.17487/rfc6691

  15. Bos, J., et al.: CRYSTALS-Kyber: a CCA-secure module-lattice-based KEM. In: 2018 IEEE European Symposium on Security and Privacy (EuroS &P) (2018)

    Google Scholar 

  16. Campagna, M., Petcher, A.: Security of hybrid key encapsulation. IACR Cryptol. ePrint Arch. 2020, 1364 (2020)

    Google Scholar 

  17. Castryck, W., Decru, T.: An efficient key recovery attack on SIDH. Cryptology ePrint Archive, August 2022. https://ia.cr/2022/975. Accessed 19 Jan 2023

  18. Chen, L., et al.: Report on post-quantum cryptography, vol. 12. US Department of Commerce, National Institute of Standards and Technology, USA (2016)

    Google Scholar 

  19. Cook, S., Mathieu, B., Truong, P., Hamchaoui, I.: QUIC: better for what and for whom? In: 2017 IEEE International Conference on Communications (ICC) (2017)

    Google Scholar 

  20. Crockett, E., et al.: Prototyping post-quantum and hybrid key exchange and authentication in TLS and SSH. IACR Cryptol. ePrint Arch. 2019, 858 (2019)

    Google Scholar 

  21. D’Anvers, J.P., et al.: Saber: MLWR-based KEM (2022). www.esat.kuleuven.be/cosic/pqcrypto/saber/. Accessed 25 July 2022

  22. Easttom, W.: Modern Cryptography: Applied Mathematics for Encryption and Information Security. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-63115-4

  23. Easttom, W.: Quantum Computing and Cryptography, pp. 385–390. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-63115-4_19

  24. Easttom, W.: SSL/TLS. In: Modern Cryptography, pp. 277–298. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-63115-4_13

  25. Eddy, W.: Transmission Control Protocol (TCP). Internet Standard RFC9293, (IETF), USA, August 2022. https://doi.org/10.17487/RFC9293

  26. Ehlen, S., et al.: Kryptografie quantensicher gestalten. Grundlagen, Entwicklungen, Empfehlungen. Technical report. BSI-Bro21/01, Bundesamt für Sicherheit in der Informationstechnik (BSI), October 2021. www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Broschueren/Kryptografie-quantensicher-gestalten.pdf

  27. Goel, U., et al.: HTTP/2 performance in cellular networks: poster. In: 22nd Annual International Conference on Mobile Computing and Networking. ACM (2016)

    Google Scholar 

  28. Hall, T.A., Keller, S.S.: The fips 186–4 elliptic curve digital signature algorithm validation system (ecdsa2vs). Technical report, National Institute of Standards and Technology. Information Technology Laboratory, May 2010

    Google Scholar 

  29. Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054868

    Chapter  Google Scholar 

  30. Ihm, S., Pai, V.S.: Towards understanding modern web traffic. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference (2011). https://doi.org/10.1145/2068816.2068845

  31. Jao, D., et al.: SIKE - Supersingular Isogeny Key Encapsulation (2022). https://sike.org. Accessed 25 July 2022

  32. John, W., Tafvelin, S.: Analysis of internet backbone traffic and header anomalies observed. In: Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement, October 2007. https://doi.org/10.1145/1298306.1298321

  33. Kerrisk, M., et al.: tc(8). Linux manual page (2001). https://man7.org/linux/man-pages/man8/tc.8.html. Accessed 25 July 2022

  34. Kerrisk, M., et al.: tc-netem(8). Linux manual page (2011). https://man7.org/linux/man-pages/man8/tc-netem.8.html. Accessed 25 July 2022

  35. Kerrisk, M., et al.: veth(4). Linux manual page (2021). https://man7.org/linux/man-pages/man4/veth.4.html. Accessed 25 July 2022

  36. Kwiatkowski, K., et al.: Measuring TLS key exchange with post-quantum KEM. record of second PQC standardization conference (2019). https://csrc.nist.gov/CSRC/media/Events/Second-PQC-Standardization-Conference/documents/accepted-papers/kwiatkowski-measuring-tls.pdf. Accessed 01 Dec 2021

  37. Lee, H., Kim, D., Kwon, Y.: TLS 1.3 in practice: how TLS 1.3 contributes to the internet. In: Web Conference 2021, pp. 70–79. ACM (2021)

    Google Scholar 

  38. Maino, L., et al.: An attack on sidh with arbitrary starting curve. Cryptology ePrint Archive (2022). https://eprint.iacr.org/2022/1026.pdf. Accessed 19 Jan 2023

  39. McEliece, R.J.: A public-key cryptosystem based on algebraic. Coding Thv 4244, 114–116 (1978)

    Google Scholar 

  40. Megyesi, P., et al.: How quick is QUIC? In: IEEE International Conference on Communications. Springer (2016). https://doi.org/10.1109/ICC.2016.7510788

  41. Melchor, C.A., et al.: HQC (2021). https://pqc-hqc.org. Accessed 25 July 2022

  42. O. Saarinen, M.J.: Mobile energy requirements of the upcoming NIST post-quantum cryptography standards. In: 2020 8th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud) (2020)

    Google Scholar 

  43. Ott, D., Peikert, C., et al.: Identifying research challenges in post quantum cryptography migration and cryptographic agility. arXiv preprint arXiv:1909.07353 (2019)

  44. Paquin, C., Stebila, D., Tamvada, G.: Benchmarking post-quantum cryptography in TLS. In: Ding, J., Tillich, J.-P. (eds.) PQCrypto 2020. LNCS, vol. 12100, pp. 72–91. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-44223-1_5

    Chapter  MATH  Google Scholar 

  45. Paul, S., et al.: Mixed certificate chains for the transition to post-quantum authentication in TLS 1.3. In: ASIA CCS ’22: ACM Asia Conference on Computer and Communications Security

    Google Scholar 

  46. Postel, J.: RFC 791: Internet Protocol. Internet Standard RFC0791, University of Southern California, USA, September 1981. https://doi.org/10.17487/rfc0791

  47. Prantl, T., Iffländer, L., Herrnleben, S., Engel, S., Kounev, S., Krupitzer, C.: Performance impact analysis of securing MQTT using TLS. In: ACM/SPEC International Conference on Performance Engineering. ACM (2021)

    Google Scholar 

  48. Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446, August 2018. https://doi.org/10.17487/RFC8446

  49. Romine, C.E.A.: Security requirements for cryptographic modules. Technical report. FIPS PUB 140–3, National Institute of Standards and Technology (2019). https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf

  50. Schanck, J.M., et al.: Criteria for selection of public-key cryptographic algorithms for quantum-safe hybrid cryptography. Internet-draft, IETF (2016). https://datatracker.ietf.org/doc/html/draft-whyte-select-pkc-qsh-02

  51. Schanck, J.M., et al.: A Transport Layer Security (TLS) Extension For Establishing An Additional Shared Secret. Internet-Draft draft-schanck-tls-additional-keyshare-00, Internet Engineering Task Force (2017). https://datatracker.ietf.org/doc/html/draft-schanck-tls-additional-keyshare-00, work in Progress

  52. Schwabe, P., Stebila, D., Wiggers, T.: Post-quantum TLS without handshake signatures. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (2020). https://doi.org/10.1145/3372297.3423350

  53. Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: Proceedings 35th Annual Symposium on Foundations of Computer Science. IEEE, Santa Fe, NM, USA (1994). https://doi.org/10.1109/SFCS.1994.365700

  54. Sikeridis, D., Kampanakis, P., Devetsikiotis, M.: Assessing the Overhead of Post-Quantum Cryptography in TLS 1.3 and SSH. Association for Computing Machinery, New York, NY, USA (2020). https://doi.org/10.1145/3386367.3431305

  55. Stebila, D., Fluhrer, S., Gueron, S.: Hybrid key exchange in TLS 1.3. Internet-Draft draft-ietf-tls-hybrid-design-04, Internet Engineering Task Force, January 2022. https://datatracker.ietf.org/doc/html/draft-ietf-tls-hybrid-design-04

  56. Stebila, D., Mosca, M.: Post-quantum key exchange for the internet and the open quantum safe project. In: Avanzi, R., Heys, H. (eds.) SAC 2016. LNCS, vol. 10532, pp. 14–37. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69453-5_2

    Chapter  Google Scholar 

  57. US Department of Commerce, National Institute of Standards and Technology: Submission Requirements and Evaluation Criteria for the Post-Quantum Cryptography Standardization Process (2016)

    Google Scholar 

  58. Wang, P., Bianco, C., Riihijärvi, J., Petrova, M.: Implementation and performance evaluation of the QUIC protocol in Linux kernel. In: 21st ACM International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems. ACM (2018)

    Google Scholar 

  59. Whyte, W., et al.: Quantum-Safe Hybrid (QSH) Key Exchange for Transport Layer Security (TLS) version 1.3. Internet-Draft draft-whyte-qsh-tls13-06, Internet Engineering Task Force, October 2017. https://datatracker.ietf.org/doc/html/draft-whyte-qsh-tls13-06, work in Progress

  60. Yu, Y., et al.: When QUIC meets TCP: an experimental study. In: IEEE 36th International Performance Computing and Communications Conference (IPCCC) (2017). https://doi.org/10.1109/PCCC.2017.8280429

  61. Zhang, L., Miranskyy, A.V., Rjaibi, W., Stager, G., Gray, M., Peck, J.: Making existing software quantum safe: lessons learned. preprint arXiv:2110.08661 (2021)

  62. Zhu, Q., et al.: Applications of distributed ledger technologies to the internet of things: a survey. ACM Comput. Surv. (2019). https://doi.org/10.1145/3359982

Download references

Acknowledgment

Funded by the German Federal Ministry of Education and Research and the Hessian Ministry of Higher Education, Research, Science and the Arts as part of the National Research Center for Applied Cybersecurity ATHENE and the Project DemoQuanDT (Reference 16KISQ072).

Author information

Authors and Affiliations

  1. Darmstadt University of Applied Sciences, Darmstadt, Germany

    Johanna Henrich, Andreas Heinemann, Alex Wiesmaier & Nicolai Schmitt

  2. National Research Center for Applied Cybersecurity ATHENE, Darmstadt, Germany

    Johanna Henrich, Andreas Heinemann, Alex Wiesmaier & Nicolai Schmitt

Authors
  1. Johanna Henrich
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andreas Heinemann
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alex Wiesmaier
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nicolai Schmitt
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Johanna Henrich .

Editor information

Editors and Affiliations

  1. University of Cyprus, Nicosia, Cyprus

    Elias Athanasopoulos

  2. Radboud University, Nijmegen, The Netherlands

    Bart Mennink

A Appendix

A Appendix

Table 2. KEM candidates and alternatives of NIST PQC standardization process as specified by Open Quantum Safe liboqs [56]. pk is public key, sk is secret key and c is ciphertext as described in Fig. 1. Sizes in bytes.
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Henrich, J., Heinemann, A., Wiesmaier, A., Schmitt, N. (2023). Performance Impact of PQC KEMs on TLS 1.3 Under Varying Network Characteristics. In: Athanasopoulos, E., Mennink, B. (eds) Information Security. ISC 2023. Lecture Notes in Computer Science, vol 14411. Springer, Cham. https://doi.org/10.1007/978-3-031-49187-0_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-49187-0_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-49186-3

  • Online ISBN: 978-3-031-49187-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation