Paper 2023/1873

SoK: Post-Quantum TLS Handshake

Nouri Alnahawi, Darmstadt University of Applied Sciences
Johannes Müller, University of Luxembourg
Jan Oupický, University of Luxembourg
Alexander Wiesmaier, Darmstadt University of Applied Sciences

Transport Layer Security (TLS) is the backbone security protocol of the Internet. As this fundamental protocol is at risk from future quantum attackers, many proposals have been made to protect TLS against this threat by implementing post-quantum cryptography (PQC). The widespread interest in post-quantum TLS has given rise to a large number of solutions over the last decade. These proposals differ in many aspects, including the security properties they seek to protect, the efficiency and trustworthiness of their post-quantum building blocks, and the application scenarios they consider, to name a few. Based on an extensive literature review, we classify existing solutions according to their general approaches, analyze their individual contributions, and present the results of our extensive performance experiments. Based on these insights, we identify the most reasonable candidates for post-quantum TLS, which research problems in this area have already been solved, and which are still open. Overall, our work provides a well-founded reference point for researching post-quantum TLS and preparing TLS in practice for the quantum age.

Available format(s)
Cryptographic protocols
Publication info
TLSpost-quantumkey exchange
Contact author(s)
nouri alnahawi @ h-da de
johannes mueller @ uni lu
jan oupicky @ uni lu
alexander wiesmaier @ h-da de
2023-12-06: approved
2023-12-06: received
See all versions
Short URL
Creative Commons Attribution


      author = {Nouri Alnahawi and Johannes Müller and Jan Oupický and Alexander Wiesmaier},
      title = {SoK: Post-Quantum TLS Handshake},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1873},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.