Paper 2021/826

OpenSSLNTRU: Faster post-quantum TLS key exchange

Daniel J. Bernstein, Billy Bob Brumley, Ming-Shing Chen, and Nicola Tuveri

Abstract

Google's CECPQ1 experiment in 2016 integrated a post-quantum key-exchange algorithm, newhope1024, into TLS 1.2. The Google-Cloudflare CECPQ2 experiment in 2019 integrated a more efficient key-exchange algorithm, ntruhrss701, into TLS 1.3. This paper revisits the choices made in CECPQ2, and shows how to achieve higher performance for post-quantum key exchange in TLS 1.3 using a higher-security algorithm, sntrup761. Previous work had indicated that ntruhrss701 key generation was much faster than sntrup761 key generation, but this paper makes sntrup761 key generation much faster by generating a batch of keys at once. Batch key generation is invisible at the TLS protocol layer, but raises software-engineering questions regarding the difficulty of integrating batch key exchange into existing TLS libraries and applications. This paper shows that careful choices of software layers make it easy to integrate fast post-quantum software, including batch key exchange, into TLS with minor changes to TLS libraries and no changes to applications. As a demonstration of feasibility, this paper reports successful integration of its fast sntrup761 library, via a lightly patched OpenSSL, into an unmodified web browser and an unmodified TLS terminator. This paper also reports TLS 1.3 handshake benchmarks, achieving more TLS 1.3 handshakes per second than any software included in OpenSSL.

Note: 20 pages, 5 figures; accepted at USENIX Security 2022; added Artifact Evaluation badges and final Artifact Appendix

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. USENIX Security 2022
Keywords
applied cryptographypublic-key cryptographyNTRU Primepost-quantum cryptographyTLSKEMbatch operationsOpenSSL
Contact author(s)
authorcontact-opensslntru @ box cr yp to
History
2021-12-14: last of 2 revisions
2021-06-16: received
See all versions
Short URL
https://ia.cr/2021/826
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/826,
      author = {Daniel J.  Bernstein and Billy Bob Brumley and Ming-Shing Chen and Nicola Tuveri},
      title = {{OpenSSLNTRU}: Faster post-quantum {TLS} key exchange},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/826},
      year = {2021},
      url = {https://eprint.iacr.org/2021/826}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.