Paper 2020/308

Post-Quantum TLS on Embedded Systems

Kevin Bürstinghaus-Steinbach, Christoph Krauß, Ruben Niederhagen, and Michael Schneider


We present our integration of post-quantum cryptography (PQC), more specifically of the post-quantum KEM scheme Kyber for key establishment and the post-quantum signature scheme SPHINCS$^+$, into the embedded TLS library mbed TLS. We measure the performance of these post-quantum primitives on four different embedded platforms with three different ARM processors and an Xtensa LX6 processor. Furthermore, we compare the performance of our experimental PQC cipher suite to a classical TLS variant using elliptic curve cryptography (ECC). Post-quantum key establishment and signature schemes have been either integrated into TLS or ported to embedded devices before. However, to the best of our knowledge, we are the first to combine TLS, post-quantum schemes, and embedded systems and to measure and evaluate the performance of post-quantum TLS on embedded platforms. Our results show that post-quantum key establishment with Kyber performs well in TLS on embedded devices compared to ECC variants. The use of SPHINCS$^+$ signatures comes with certain challenges in terms of signature size and signing time, which mainly affects the use of embedded systems as PQC-TLS server but does not necessarily prevent embedded systems to act as PQC-TLS clients.

Note: Conference date of AsiaCCS 2020 has been postponed to October.

Available format(s)
Publication info
Published elsewhere. AsiaCCS 2020
PQCKyberSPHINCS+TLSembedded systemsmbed TLS
Contact author(s)
ruben @ polycephaly org
2020-03-23: revised
2020-03-12: received
See all versions
Short URL
Creative Commons Attribution


      author = {Kevin Bürstinghaus-Steinbach and Christoph Krauß and Ruben Niederhagen and Michael Schneider},
      title = {Post-Quantum TLS on Embedded Systems},
      howpublished = {Cryptology ePrint Archive, Paper 2020/308},
      year = {2020},
      doi = {10.1145/3320269.3384725},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.