Paper 2019/1447

Benchmarking Post-Quantum Cryptography in TLS

Christian Paquin, Douglas Stebila, and Goutam Tamvada


Post-quantum cryptographic primitives have a range of trade-offs compared to traditional public key algorithms, either having slower computation or larger public keys and ciphertexts/signatures, or both. While the performance of these algorithms in isolation is easy to measure and has been a focus of optimization techniques, performance in realistic network conditions has been less studied. Google and Cloudflare have reported results from running experiments with post-quantum key exchange algorithms in the Transport Layer Security (TLS) protocol with real users' network traffic. Such experiments are highly realistic, but cannot be replicated without access to Internet-scale infrastructure, and do not allow for isolating the effect of individual network characteristics. In this work, we develop and make use of a framework for running such experiments in TLS cheaply by emulating network conditions using networking features of the Linux kernel. Our testbed allows us to independently control variables such as link latency and packet loss rate, and then examine the impact on TLS connection establishment performance of various post-quantum primitives, specifically hybrid elliptic curve/post-quantum key exchange and post-quantum digital signatures, based on implementations from the Open Quantum Safe project. Among our key results, we observe that packet loss rates above 3-5% start to have a significant impact on post-quantum algorithms that fragment across many packets, such as those based on unstructured lattices. The results from this emulation framework are also complemented by results on the latency of loading entire web pages over TLS in real network conditions, which show that network latency hides most of impact from algorithms with slower computations (such as supersingular isogenies).

Note: Updated experimental data and additional graphs

Available format(s)
Publication info
Published elsewhere. MINOR revision.PQCrypto 2020
post-quantum key exchangepost-quantum authenticationTransport Layer Security (TLS)network performanceemulation
Contact author(s)
cpaquin @ microsoft com
dstebila @ uwaterloo ca
gtamvada @ edu uwaterloo ca
2020-02-06: last of 3 revisions
2019-12-12: received
See all versions
Short URL
Creative Commons Attribution


      author = {Christian Paquin and Douglas Stebila and Goutam Tamvada},
      title = {Benchmarking Post-Quantum Cryptography in TLS},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1447},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.