Paper 2021/1019

Implementing and Measuring KEMTLS

Sofía Celi, Armando Faz-Hernández, Nick Sullivan, Goutam Tamvada, Luke Valenta, Thom Wiggers, Bas Westerbaan, and Christopher A. Wood

Abstract

KEMTLS is a novel alternative to the Transport Layer Security (TLS) handshake that integrates post-quantum algorithms. It uses key encapsulation mechanisms (KEMs) for both confidentiality and authentication, achieving post-quantum security while obviating the need for expensive post-quantum signatures. The original KEMTLS paper presents a security analysis, Rust implementation, and benchmarks over emulated networks. In this work, we provide full Go implementations of KEMTLS and other post-quantum handshake alternatives, describe their integration into a distributed system, and provide performance evaluations over real network conditions. We compare the standard (nonquantum-resistant) TLS 1.3 handshake with three alternatives: one that uses post-quantum signatures in combination with post-quantum KEMs (PQTLS), one that uses KEMTLS, and one that is a reduced round trip version of KEMTLS (KEMTLS-PDK). In addition to the performance evaluations, we discuss how the design of these protocols impacts TLS from an implementation and configuration perspective.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Minor revision.Latincrypt2021
Keywords
Post-Quantum CryptographyKEMTLSTransport Layer SecurityCryptographic Engineering
Contact author(s)
sceli @ cloudflare com
cherenkov @ riseup net
History
2021-08-06: received
Short URL
https://ia.cr/2021/1019
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/1019,
      author = {Sofía Celi and Armando Faz-Hernández and Nick Sullivan and Goutam Tamvada and Luke Valenta and Thom Wiggers and Bas Westerbaan and Christopher A.  Wood},
      title = {Implementing and Measuring KEMTLS},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1019},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/1019}},
      url = {https://eprint.iacr.org/2021/1019}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.