Cryptology ePrint Archive: Report 2019/1447

Benchmarking Post-Quantum Cryptography in TLS

Christian Paquin and Douglas Stebila and Goutam Tamvada

Abstract: Post-quantum cryptographic primitives have a range of trade-offs compared to traditional public key algorithms, either having slower computation or larger public keys and ciphertexts/signatures, or both. While the performance of these algorithms in isolation is easy to measure and has been a focus of optimization techniques, performance in realistic network conditions has been less studied. Google and Cloudflare have reported results from running experiments with post-quantum key exchange algorithms in the Transport Layer Security (TLS) protocol with real users' network traffic. Such experiments are highly realistic, but cannot be replicated without access to Internet-scale infrastructure, and do not allow for isolating the effect of individual network characteristics.

In this work, we develop and make use of a framework for running such experiments in TLS cheaply by emulating network conditions using networking features of the Linux kernel. Our testbed allows us to independently control variables such as link latency and packet loss rate, and then examine the impact on TLS connection establishment performance of various post-quantum primitives, specifically hybrid elliptic curve/post-quantum key exchange and post-quantum digital signatures, based on implementations from the Open Quantum Safe project. Among our key results, we observe that packet loss rates above 3-5% start to have a significant impact on post-quantum algorithms that fragment across many packets, such as those based on unstructured lattices. The results from this emulation framework are also complemented by results on the latency of loading entire web pages over TLS in real network conditions, which show that network latency hides most of impact from algorithms with slower computations (such as supersingular isogenies).

Category / Keywords: implementation / post-quantum key exchange, post-quantum authentication, Transport Layer Security (TLS), network performance, emulation

Date: received 12 Dec 2019, last revised 12 Dec 2019

Contact author: cpaquin at microsoft com,dstebila@uwaterloo ca,gtamvada@edu uwaterloo ca

Available format(s): PDF | BibTeX Citation

Note: Some text was edited for clarity, and experiment details were updated.

Version: 20191212:202959 (All versions of this report)

Short URL: ia.cr/2019/1447


[ Cryptology ePrint archive ]