Assessing the overhead of post-quantum cryptography in TLS 1.3 and SSH

Sikeridis, Dimitrios; Kampanakis, Panos; Devetsikiotis, Michael

doi:10.1145/3386367.3431305

Cited by 34 publications

(12 citation statements)

References 33 publications

(36 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another important characteristic of candidates is their potential performance impact in existing widely used protocols (e.g., TLS, IPSec, and SSH) and certificates. The 3rd Round saw some real-world experiments to see if there would be any performance problems arising from any of the algorithms (see, for example, [101][102][103][104][105][106][107][108]). NIST observed that the structured lattice finalists for both KEMs and signatures could be substituted into these protocols for existing public-key algorithms with relatively small (or no) performance loss.…”

Section: Algorithm and Implementation Characteristicsmentioning

confidence: 99%

Status report on the third round of the NIST Post-Quantum Cryptography Standardization process

Moody¹

2022

123

View full text Add to dashboard Cite

The National Institute of Standards and Technology is in the process of selecting public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify additional digital signature, public-key encryption, and key-establishment algorithms to augment Federal Information Processing Standard (FIPS) 186-4, Digital Signature Standard (DSS), as well as NIST Special Publication (SP) 800-56A Revision 3, Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography, and SP 800-56B Revision 2, Recommendation for Pair-Wise Key Establishment Using Integer Factorization Cryptography. It is intended that these algorithms will be capable of protecting sensitive information well into the foreseeable future, including after the advent of quantum computers. The first round of the NIST Post-Quantum Cryptography Standardization Process began in December 2017 with 69 candidate algorithms that met both the minimum acceptance criteria and submission requirements. The first round lasted until January 2019, during which candidate algorithms were evaluated based on their security, performance, and other characteristics. NIST selected 26 algorithms to advance to the second round for more analysis. The second round continued until July 2020, after which seven 'finalist' and eight 'alternate' candidate algorithms were selected to move into the third round. This report describes the evaluation and selection process, based on public feedback and internal review, of the third-round candidates. The report summarizes each of the 15 third-round candidate algorithms and identifies those selected for standardization, as well as those that will continue to be evaluated in a fourth round of analysis. The public-key encryption and key-establishment algorithm that will be standardized is CRYSTALS-Kyber. The digital signatures that will be standardized are CRYSTALS-Dilithium, Falcon, and SPHINCS+. While there are multiple signature algorithms selected, NIST recommends CRYSTALS-Dilithium as the primary algorithm to be implemented. In addition, four of the alternate key-establishment candidate algorithms will advance to a fourth round of evaluation: BIKE, Classic McEliece, HQC, and SIKE. These candidates are still being considered for future standardization. NIST will also issue a new Call for Proposals for public-key digital signature algorithms to augment and diversify its signature portfolio.

show abstract

Section: Algorithm and Implementation Characteristicsmentioning

confidence: 99%

Status report on the third round of the NIST Post-Quantum Cryptography Standardization process

Moody¹

2022

123

View full text Add to dashboard Cite

show abstract

“…However, the cryptographic algorithms that will be included in the protocol will change. In this case, it should be assessed how existing methods will evolve and what impact postquantum technology will have on existing protocols [6]. These assessments have been made, for example, for the Transport Layer Security (TLS) protocol, which is used in many places, especially in web applications [7].…”

Section: -) Communicationmentioning

confidence: 99%

Recent Advances in Post-Quantum Cryptography for Networks: A Survey

Zeydan

Türk

Aksoy

et al. 2022

2022 Seventh International Conference on Mobile and Secure Services (MobiSecServ)

View full text Add to dashboard Cite

The development of quantum computers poses a new security threat to network infrastructures and services, as they will be powerful enough to break the most common forms of digital encryption. Existing encryption services based on Rivest-Shamir-Adleman (RSA), Diffie-Hellman (DH), Elliptic Curve Cryptography (ECC) and so on are vulnerable to attacks by quantum computers. Although the gap between today's quantum computers and the threats they pose to current public-key cryptography is large, the telecommunications landscape should begin planning for the transition to the post-quantum era as early as possible. In this paper, we examine recent advances in Post Quantum Cryptography (PQC) algorithms from the perspective of the networking and telecommunications industries. The efforts are categorized at three levels, namely communication, computation (consisting of design, implementation and Public Key System (PKS)), and network. Some of the existing challenges and future recommendations for securing communication networks in the post-quantum era are also listed at the end of the paper.

show abstract

“…In [12] , an assessment, through relative experiments, of the concurrent use of quantum-resistant key exchange and authentication in TLS 1.3, as well as SSH protocols, under realistic network conditions, is carried out. It is shown that there exist combinations of algorithms that offer handshake performance close to the current standards (a minimum slowdown of about 1% has been monitored).…”

Section: Relevant Previous Workmentioning

confidence: 99%

“…Moreover, with respect to the time 𝑧, Mosca estimated since 2015 [8] that there is a 1/7 chance of breaking RSA-2048 by 2026 and a 1/2 chance by 2031. Therefore, incorporating post-quantum ciphers in the TLS protocol is currently a significant research field (see, e.g., [9][10][11][12][13][14] ).…”

Section: Introductionmentioning

confidence: 99%

Evaluating the performance of post-quantum secure algorithms in the TLS protocol

Tzinos¹,

Limniotis²,

Kolokotronis³

2022

J Surveill Secur Saf

View full text Add to dashboard Cite

Aim: The imminent advent of large-scale quantum computers within the next years is expected to highly affect the security of several cryptosystems that are now considered secure; this mainly holds for classical, long-established, public key cryptographic algorithms such as RSA and elliptic curve cryptography. Apparently, any security protocol that relies on such ciphers, including the transport layer security (TLS) protocol which constitutes a somewhat de facto standard for the security on the web, will not be considered secure in the post-quantum era. To alleviate the security risks stemming from quantum computing, several proposals have been submitted to the relevant procedure initiated by NIST towards evaluating and standardizing one or more quantum-resistant public-key cryptographic algorithms. This paper focuses on embedding post-quantum secure cryptographic algorithms into the TLS protocol to analyze its performance. More precisely, the paper aims to analyze whether this transition to post-quantum secure algorithms will have a significant impact on the user experience due to the possible increase of client--server communication times. Methods: Having as the starting point several important works in the field, several experiments were carried out, using combinations of cloud and local virtual machines per case and considering all the post-quantum cryptographic algorithm finalists for key exchange from the third round of the ongoing NIST process, for various cryptographic as well as network parameters. Results: Our results exhibit that, for key exchange in TLS, the best performance among the post-quantum secure ciphers is achieved by the Saber and CRYSTAL-Kyber variants for all security levels, regardless of the underlying computing power. The performance is comparable to that of the corresponding one achieved by a classical elliptic curve algorithm for key exchange for both RTT and packet loss ratio — i.e., the network parameters seem to have the same effect on post-quantum secure algorithms as in the case of a conventional elliptic curve algorithm. However, the effect of the network parameters on the performance is more crucial than the effect of the underlying chosen ciphers. Conclusion: According to the experiments, we conclude that there exist very promising algorithms that could be utilized in TLS in the near future, which may behave even better than the conventional elliptic curve algorithms for key exchange. It should also be pointed out that NIST announced on 5 July 2022 (i.e., after the completion of our research experiments) that, for general encryption used when we access secure websites, the CRYSTALS-Kyber algorithm has been selected, having as one of its advantages the speed of operation. Hence, the results of our paper are fully in line with the progress of the NIST process. Taking into account that the NIST process is still ongoing (now in its fourth round) with the aim to select more algorithms, as well as that some algorithms may be standardized outside NIST, it becomes evident that our results provide very useful insights on performance aspects of the post-quantum secure algorithms.

show abstract

Assessing the overhead of post-quantum cryptography in TLS 1.3 and SSH

Cited by 34 publications

References 33 publications

Status report on the third round of the NIST Post-Quantum Cryptography Standardization process

Status report on the third round of the NIST Post-Quantum Cryptography Standardization process

Recent Advances in Post-Quantum Cryptography for Networks: A Survey

Evaluating the performance of post-quantum secure algorithms in the TLS protocol

Contact Info

Product

Resources

About