The performance of post-quantum TLS1.3
283 views
Skip to first unread message
Dimitrios Schoinianakis
Sep 4, 2024, 9:15:46 AM9/4/24
to pqc-forum
Dear community,
we would like to share with you a recent work on benchmarking PQC algorithms in the context of TLS1.3 [1]. The supported framework is based on OpenQuantumSafe. We have considered legacy, PQC, and hybrid setups, as well as the HQC and BIKE algorithms from round 4. We designed an "isolated" testing environment, so that we could exclude the impact of external factors in the measurements.
We see that the PQ algorithms challenge our state of the art and some DSAs are even faster. Moreover, the hybrid algorithms provided no performance downside on NIST level 1. On higher levels, the PQ algorithms become faster than the hybrids (which have the pre-quantum algorithms as bottleneck).
Note that latency should not always be the main criterion, especially on constrained environments. For example, in case of low-bandwidth or high-delay environments, the data volume can be more important, and our tests showed that in such cases Kyber and Falcon surpassed other PQ algorithms because of their smaller keys.
Overall, we observed no performance drawback from using hybrid algorithms, while on higher NIST security levels, PQC outperformed any algorithm in use today. We hope that you find this work useful, and we look forward to your comments.
Best,
the team
[1] https://dl.acm.org/doi/10.1145/3624354.3630585
we would like to share with you a recent work on benchmarking PQC algorithms in the context of TLS1.3 [1]. The supported framework is based on OpenQuantumSafe. We have considered legacy, PQC, and hybrid setups, as well as the HQC and BIKE algorithms from round 4. We designed an "isolated" testing environment, so that we could exclude the impact of external factors in the measurements.
We see that the PQ algorithms challenge our state of the art and some DSAs are even faster. Moreover, the hybrid algorithms provided no performance downside on NIST level 1. On higher levels, the PQ algorithms become faster than the hybrids (which have the pre-quantum algorithms as bottleneck).
Note that latency should not always be the main criterion, especially on constrained environments. For example, in case of low-bandwidth or high-delay environments, the data volume can be more important, and our tests showed that in such cases Kyber and Falcon surpassed other PQ algorithms because of their smaller keys.
Overall, we observed no performance drawback from using hybrid algorithms, while on higher NIST security levels, PQC outperformed any algorithm in use today. We hope that you find this work useful, and we look forward to your comments.
Best,
the team
[1] https://dl.acm.org/doi/10.1145/3624354.3630585
Reply all
Reply to author
Forward
0 new messages