Paper 2020/534
Post-quantum TLS without handshake signatures
Peter Schwabe, Douglas Stebila, and Thom Wiggers
Abstract
We present KEMTLS, an alternative to the TLS 1.3 handshake that uses key-encapsulation mechanisms (KEMs) instead of signatures for server authentication. Among existing post-quantum candidates, signature schemes generally have larger public key/signature sizes compared to the public key/ciphertext sizes of KEMs: by using an IND-CCA-secure KEM for server authentication in post-quantum TLS, we obtain multiple benefits. A size-optimized post-quantum instantiation of KEMTLS requires less than half the bandwidth of a size-optimized post-quantum instantiation of TLS 1.3. In a speed-optimized instantiation, KEMTLS reduces the amount of server CPU cycles by almost 90% compared to TLS 1.3, while at the same time reducing communication size, reducing the time until the client can start sending encrypted application data, and eliminating code for signatures from the server's trusted code base.
Note: Updated measurements with NIST Round-3 schemes as well as small fixes to the security sketch for mutual auth. Corrected version with correct ephemeral key exchange metrics.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Major revision. ACM CCS 2020
- DOI
- 10.1145/3372297.3423350
- Keywords
- TLSTransport Layer Securityauthentication protocolspublic-key cryptographykey-encapsulation mechanismspost-quantumNIST PQC
- Contact author(s)
-
peter @ cryptojedi org
dstebila @ uwaterloo ca
thom @ thomwiggers nl - History
- 2022-03-15: last of 7 revisions
- 2020-05-07: received
- See all versions
- Short URL
- https://ia.cr/2020/534
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/534,
author = {Peter Schwabe and Douglas Stebila and Thom Wiggers},
title = {Post-quantum {TLS} without handshake signatures},
howpublished = {Cryptology {ePrint} Archive, Paper 2020/534},
year = {2020},
doi = {10.1145/3372297.3423350},
url = {https://eprint.iacr.org/2020/534}
}
