Skip to main content
SpringerLink
Log in

KEMTLS vs. Post-quantum TLS: Performance on Embedded Systems

  • Conference paper
  • First Online:
Security, Privacy, and Applied Cryptography Engineering (SPACE 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13783))

Abstract

TLS is ubiquitous in modern computer networks. It secures transport for high-end desktops and low-end embedded devices alike. However, the public key cryptosystems currently used within TLS may soon be obsolete as large-scale quantum computers, once realized, would be able to break them. This threat has led to the development of post-quantum cryptography (PQC). The U.S. standardization body NIST is currently in the process of concluding a multi-year search for promising post-quantum signature schemes and key encapsulation mechanisms (KEMs). With the first PQC standards around the corner, TLS will have to be updated soon. However, especially for small microcontrollers, it appears the current NIST post-quantum signature finalists pose a challenge. Dilithium suffers from very large public keys and signatures; while Falcon has significant hardware requirements for efficient implementations.

KEMTLS is a proposal for an alternative TLS handshake protocol that avoids authentication through signatures in the TLS handshake. Instead, it authenticates the peers through long-term KEM keys held in the certificates. The KEMs considered for standardization are more efficient in terms of computation and/or bandwidth than the post-quantum signature schemes.

In this work, we compare KEMTLS to TLS 1.3 in an embedded setting. To gain meaningful results, we present implementations of KEMTLS and TLS 1.3 on a Cortex-M4-based platform. These implementations are based on the popular WolfSSL embedded TLS library and hence share a majority of their code. In our experiments, we consider both protocols with the remaining NIST finalist signature schemes and KEMs, except for Classic McEliece which has too large public keys. Both protocols are benchmarked and compared in terms of run-time, memory usage, traffic volume and code size. The benchmarks are performed in network settings relevant to the Internet of Things, namely low-latency broadband, LTE-M and Narrowband IoT. Our results show that KEMTLS can reduce handshake time by up to 38%, can lower peak memory consumption and can save traffic volume compared to TLS 1.3.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Source code is available at https://github.com/rugo/wolfssl-kemtls-experiments/tree/paperv1.

References

  1. 3rd Generation Partnership Project (3GPP): The mobile broadband standard specification release 13. Tech. rep., 3GPP Sep 2015 https://www.gpp.org/ftp/Information/WORK_PLAN/Description_Releases/Rel-13_description_20150917.zip

  2. Alagic, G., et al.: Status report on the third round of the NIST post-quantum cryptography standardization process. Tech. Rep. NISTIR 8413, National Institute of Standards and Technology (2022). https://doi.org/10.6028/NIST.IR.8413

  3. Albrecht, M.R., et al.: Classic McEliece. Tech. rep., National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions

  4. Ding, J., Schmidt, D.: Rainbow, a new multivariable polynomial signature scheme. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164–175. Springer, Heidelberg (2005). https://doi.org/10.1007/11496137_12

    Chapter  Google Scholar 

  5. Bos, J.W., Costello, C., Naehrig, M., Stebila, D.: Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In: 2015 IEEE Symposium on Security and Privacy, pp. 553–570. IEEE Computer Society Press (2015). https://doi.org/10.1109/SP.2015.40

  6. Bürstinghaus-Steinbach, K., Krauß, C., Niederhagen, R., Schneider, M.: Post-quantum TLS on embedded systems: integrating and evaluating KYBER and SPHINCS+ with mbed TLS. In: Sun, H.M., Shieh, S.P., Gu, G., Ateniese, G. (eds.) ASIACCS 20, pp. 841–852. ACM Press (2020). https://doi.org/10.1145/3320269.3384725

  7. Celi, S., et al.: Implementing and measuring KEMTLS. In: Longa, P., Ràfols, C. (eds.) LATINCRYPT 2021. LNCS, vol. 12912, pp. 88–107. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-88238-9_5

    Chapter  Google Scholar 

  8. Chen, C., et al.: NTRU. Tech. rep., National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions

  9. Chou, T., Kannwischer, M.J., Yang, B.Y.: Rainbow on cortex-M4. IACR TCHES 2021(4), 650–675 (2021). https://doi.org/10.46586/tches.v2021.i4.650-675. https://tches.iacr.org/index.php/TCHES/article/view/9078

  10. Connectivity Standards Alliance: Build with Matter (2022). https://buildwithmatter.com. Accessed 16 May 2022

  11. D’Anvers, J.P., et al.: SABER. Tech. rep., National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions

  12. Ding, J., et al.: Rainbow. Tech. rep., National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions

  13. George, T., Li, J., Fournaris, A.P., Zhao, R.K., Sakzad, A., Steinfeld, R.: Performance evaluation of post-quantum TLS 1.3 on embedded systems. Cryptology ePrint Archive, Report 2021/1553 (2021). https://eprint.iacr.org/2021/1553

  14. Gonzalez, R., et al.: Verifying post-quantum signatures in 8 kB of RAM. In: Cheon, J.H., Tillich, J.-P. (eds.) PQCrypto 2021 2021. LNCS, vol. 12841, pp. 215–233. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81293-5_12

    Chapter  Google Scholar 

  15. Hemminger, S., Ludovici, F., Pfeiffer, H.P.: (Nov 2011). https://man7.org/linux/man-pages/man8/tc-netem.8.html, man ip netem

  16. Hopkins, A.: Post-quantum TLS now supported in AWS KMS. Amazon AWS Security Blog (2019). https://aws.amazon.com/blogs/security/post-quantum-tls-now-supported-in-aws-kms/. Accessed 20 May 2022

  17. Kannwischer, M.J., Rijneveld, J., Schwabe, P., Stoffelen, K.: PQM4: post-quantum crypto library for the ARM Cortex-M4. https://github.com/mupq/pqm4

  18. Nie, X., Liu, B., Xiong, H., Lu, G.: Cubic unbalance oil and vinegar signature scheme. In: Lin, D., Wang, X.F., Yung, M. (eds.) Inscrypt 2015. LNCS, vol. 9589, pp. 47–56. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-38898-4_3

    Chapter  Google Scholar 

  19. Krawczyk, H., Wee, H.: The OPTLS protocol and TLS 1.3. In: 2016 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 81–96 (2016). https://doi.org/10.1109/EuroSP.2016.18

  20. Kuhnen, W.: OPTLS revisited. Master’s thesis, Radboud University (2018). https://www.ru.nl/publish/pages/769526/thesis-final.pdf

  21. Kwiatkowski, K., Langley, A., Sullivan, N., Levin, D., Mislove, A., Valenta, L.: Measuring TLS key exchange with post-quantum KEM (2019). https://csrc.nist.gov/Presentations/2019/measuring-tls-key-exchange-with-post-quantum-kem

  22. Langley, A.: CECPQ2. ImperialViolet (2018). https://www.imperialviolet.org/2018/12/12/cecpq2.html. Accessed 16 Feb 2021

  23. Langley, A.: Real-world measurements of structured-lattices and supersingular isogenies in TLS. In: ImperialViolet (2019). https://www.imperialviolet.org/2019/10/30/pqsivssl.html. Accessed 16 Feb 2021

  24. Langley, A.: Real-world measurements of structured-lattices and supersingular isogenies in TLS. In: ImperialViolet (2019). https://www.imperialviolet.org/2019/10/30/pqsivssl.html. Accessed 16 Feb 2021

  25. mbed TLS. https://www.trustedfirmware.org/projects/mbed-tls/. Accessed 29 Apr 2022

  26. Mosca, M.: Cybersecurity in an era with quantum computers: will we be ready? Cryptology ePrint Archive, Report 2015/1075 (2015). https://eprint.iacr.org/2015/1075

  27. Mosca, M., Piani, M.: Quantum threat timeline. Tech. rep., Global Risk Institute (2019). https://globalriskinstitute.org/publications/quantum-threat-timeline/

  28. National Institute for Standards and Technology: Submission requirements and evaluation criteria for the post-quantum cryptography standardization process (2016). https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/call-for-proposals-final-dec-2016.pdf

  29. Paul, S., Kuzovkova, Y., Lahr, N., Niederhagen, R.: Mixed certificate chains for the transition to post-quantum authentication in TLS 1.3. Cryptology ePrint Archive, Report 2021/1447 (2021). https://eprint.iacr.org/2021/1447

  30. Prest, T., et al.: FALCON. Tech. rep., National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions

  31. Rescorla, E.: The Transport Layer Security TLS Protocol Version 1.3. RFC 8446, RFC Editor (2018). https://doi.org/10.17487/RFC8446

  32. Schwabe, P., et al .: CRYSTALS-KYBER. Tech. rep., National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions

  33. Schwabe, P., Stebila, D., Wiggers, T.: Post-quantum TLS without handshake signatures. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) ACM CCS 2020, pp. 1461–1480. ACM Press (2020). https://doi.org/10.1145/3372297.3423350

  34. Schwabe, P., Stebila, D., Wiggers, T.: More efficient post-quantum KEMTLS with pre-distributed public keys. In: Bertino, E., Shulman, H., Waidner, M. (eds.) ESORICS 2021. LNCS, vol. 12972, pp. 3–22. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-88418-5_1

    Chapter  Google Scholar 

  35. Shor, P.W.: Algorithms for quantum computation: Discrete logarithms and factoring. In: 35th FOCS, pp. 124–134. IEEE Computer Society Press (1994). https://doi.org/10.1109/SFCS.1994.365700

  36. Sikeridis, D., Kampanakis, P., Devetsikiotis, M.: Post-quantum authentication in TLS 1.3: A performance study. In: NDSS 2020. The Internet Society, Feb 2020

    Google Scholar 

  37. The Open Quantum Safe project: Open Quantum Safe. https://openquantumsafe.org/. Accessed 20 May 2022

  38. Westerbaan, B.: Sizing up post-quantum signatures (2021). https://blog.cloudflare.com/sizing-up-post-quantum-signatures/

  39. Zephyr Project: Zephyr project. https://www.zephyrproject.org

Download references

Acknowledgements

This work has been supported by Neodyme AG, the European Research Council through Starting Grant No. 805031 (EPOQUE) and by an NLnet Assure grant for the project “Standardizing KEMTLS”.

Author information

Authors and Affiliations

  1. Neodyme AG, Garching, Germany

    Ruben Gonzalez

  2. Radboud University, Nijmegen, The Netherlands

    Thom Wiggers

Authors
  1. Ruben Gonzalez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thom Wiggers
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ruben Gonzalez .

Editor information

Editors and Affiliations

  1. Radboud University, Nijmegen, The Netherlands

    Lejla Batina

  2. Radboud University, Nijmegen, The Netherlands

    Stjepan Picek

  3. Indian Institute of Technology Kharagpur, Kharagpur, India

    Mainack Mondal

A Extended Benchmark Tables

A Extended Benchmark Tables

In Table 5 we report code sizes, CA certificate sizes and memory usage for all experiments we ran. Table 6 provides all results for the handshake traffic and handshake timing metrics.

Table 5. Code and CA certificate sizes (and as percentage of total ROM size), and peak memory usage in the experiments.
Full size table
Table 6. TLS handshake traffic and runtime for various scenarios
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gonzalez, R., Wiggers, T. (2022). KEMTLS vs. Post-quantum TLS: Performance on Embedded Systems. In: Batina, L., Picek, S., Mondal, M. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2022. Lecture Notes in Computer Science, vol 13783. Springer, Cham. https://doi.org/10.1007/978-3-031-22829-2_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-22829-2_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-22828-5

  • Online ISBN: 978-3-031-22829-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation