Paper 2020/071

Post-Quantum Authentication in TLS 1.3: A Performance Study

Dimitrios Sikeridis, Panos Kampanakis, and Michael Devetsikiotis


The potential development of large-scale quantum computers is raising concerns among IT and security research professionals due to their ability to solve (elliptic curve) discrete logarithm and integer factorization problems in polynomial time. All currently used public key algorithms would be deemed insecure in a post-quantum (PQ) setting. In response, the National Institute of Standards and Technology (NIST) has initiated a process to standardize quantum-resistant crypto algorithms, focusing primarily on their security guarantees. Since PQ algorithms present significant differences over classical ones, their overall evaluation should not be performed out-of-context. This work presents a detailed performance evaluation of the NIST signature algorithm candidates and investigates the imposed latency on TLS 1.3 connection establishment under realistic network conditions. In addition, we investigate their impact on TLS session throughput and analyze the trade-off between lengthy PQ signatures and computationally heavy PQ cryptographic operations. Our results demonstrate that the adoption of at least two PQ signature algorithms would be viable with little additional overhead over current signature algorithms. Also, we argue that many NIST PQ candidates can effectively be used for less time-sensitive applications, and provide an in-depth discussion on the integration of PQ authentication in encrypted tunneling protocols, along with the related challenges, improvements, and alternatives. Finally, we propose and evaluate the combination of different PQ signature algorithms across the same certificate chain in TLS. Results show a reduction of the TLS handshake time and a significant increase of a server's TLS tunnel connection rate over using a single PQ signature scheme.

Note: Initially uploaded to Cryptology ePrint Archive on Jan 23, 2020. Revised to the submitted NDSS 2020 camera-ready manuscript on Jan 27, 2020. Revised to include clarification in Section VII-C on optimizing the TCP initcwnd on Feb 26, 2020.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. MINOR revision.NDSS 2020
post-quantum signaturespost-quantum TLS authenticationPQ certificatesPQ certificates in TLS
Contact author(s)
pkampana @ cisco com
dsike @ unm edu
2020-02-26: last of 4 revisions
2020-01-23: received
See all versions
Short URL
Creative Commons Attribution


      author = {Dimitrios Sikeridis and Panos Kampanakis and Michael Devetsikiotis},
      title = {Post-Quantum Authentication in TLS 1.3: A Performance Study},
      howpublished = {Cryptology ePrint Archive, Paper 2020/071},
      year = {2020},
      doi = {10.14722/ndss.2020.24203},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.