Abstract
TLS is ubiquitous in modern computer networks. It secures transport for high-end desktops and low-end embedded devices alike. However, the public key cryptosystems currently used within TLS may soon be obsolete as large-scale quantum computers, once realized, would be able to break them. This threat has led to the development of post-quantum cryptography (PQC). The U.S. standardization body NIST is currently in the process of concluding a multi-year search for promising post-quantum signature schemes and key encapsulation mechanisms (KEMs). With the first PQC standards around the corner, TLS will have to be updated soon. However, especially for small microcontrollers, it appears the current NIST post-quantum signature finalists pose a challenge. Dilithium suffers from very large public keys and signatures; while Falcon has significant hardware requirements for efficient implementations.
KEMTLS is a proposal for an alternative TLS handshake protocol that avoids authentication through signatures in the TLS handshake. Instead, it authenticates the peers through long-term KEM keys held in the certificates. The KEMs considered for standardization are more efficient in terms of computation and/or bandwidth than the post-quantum signature schemes.
In this work, we compare KEMTLS to TLS 1.3 in an embedded setting. To gain meaningful results, we present implementations of KEMTLS and TLS 1.3 on a Cortex-M4-based platform. These implementations are based on the popular WolfSSL embedded TLS library and hence share a majority of their code. In our experiments, we consider both protocols with the remaining NIST finalist signature schemes and KEMs, except for Classic McEliece which has too large public keys. Both protocols are benchmarked and compared in terms of run-time, memory usage, traffic volume and code size. The benchmarks are performed in network settings relevant to the Internet of Things, namely low-latency broadband, LTE-M and Narrowband IoT. Our results show that KEMTLS can reduce handshake time by up to 38%, can lower peak memory consumption and can save traffic volume compared to TLS 1.3.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Source code is available at https://github.com/rugo/wolfssl-kemtls-experiments/tree/paperv1.
References
3rd Generation Partnership Project (3GPP): The mobile broadband standard specification release 13. Tech. rep., 3GPP Sep 2015 https://www.gpp.org/ftp/Information/WORK_PLAN/Description_Releases/Rel-13_description_20150917.zip
Alagic, G., et al.: Status report on the third round of the NIST post-quantum cryptography standardization process. Tech. Rep. NISTIR 8413, National Institute of Standards and Technology (2022). https://doi.org/10.6028/NIST.IR.8413
Albrecht, M.R., et al.: Classic McEliece. Tech. rep., National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions
Ding, J., Schmidt, D.: Rainbow, a new multivariable polynomial signature scheme. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164–175. Springer, Heidelberg (2005). https://doi.org/10.1007/11496137_12
Bos, J.W., Costello, C., Naehrig, M., Stebila, D.: Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In: 2015 IEEE Symposium on Security and Privacy, pp. 553–570. IEEE Computer Society Press (2015). https://doi.org/10.1109/SP.2015.40
Bürstinghaus-Steinbach, K., Krauß, C., Niederhagen, R., Schneider, M.: Post-quantum TLS on embedded systems: integrating and evaluating KYBER and SPHINCS+ with mbed TLS. In: Sun, H.M., Shieh, S.P., Gu, G., Ateniese, G. (eds.) ASIACCS 20, pp. 841–852. ACM Press (2020). https://doi.org/10.1145/3320269.3384725
Celi, S., et al.: Implementing and measuring KEMTLS. In: Longa, P., Ràfols, C. (eds.) LATINCRYPT 2021. LNCS, vol. 12912, pp. 88–107. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-88238-9_5
Chen, C., et al.: NTRU. Tech. rep., National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions
Chou, T., Kannwischer, M.J., Yang, B.Y.: Rainbow on cortex-M4. IACR TCHES 2021(4), 650–675 (2021). https://doi.org/10.46586/tches.v2021.i4.650-675. https://tches.iacr.org/index.php/TCHES/article/view/9078
Connectivity Standards Alliance: Build with Matter (2022). https://buildwithmatter.com. Accessed 16 May 2022
D’Anvers, J.P., et al.: SABER. Tech. rep., National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions
Ding, J., et al.: Rainbow. Tech. rep., National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions
George, T., Li, J., Fournaris, A.P., Zhao, R.K., Sakzad, A., Steinfeld, R.: Performance evaluation of post-quantum TLS 1.3 on embedded systems. Cryptology ePrint Archive, Report 2021/1553 (2021). https://eprint.iacr.org/2021/1553
Gonzalez, R., et al.: Verifying post-quantum signatures in 8 kB of RAM. In: Cheon, J.H., Tillich, J.-P. (eds.) PQCrypto 2021 2021. LNCS, vol. 12841, pp. 215–233. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81293-5_12
Hemminger, S., Ludovici, F., Pfeiffer, H.P.: (Nov 2011). https://man7.org/linux/man-pages/man8/tc-netem.8.html, man ip netem
Hopkins, A.: Post-quantum TLS now supported in AWS KMS. Amazon AWS Security Blog (2019). https://aws.amazon.com/blogs/security/post-quantum-tls-now-supported-in-aws-kms/. Accessed 20 May 2022
Kannwischer, M.J., Rijneveld, J., Schwabe, P., Stoffelen, K.: PQM4: post-quantum crypto library for the ARM Cortex-M4. https://github.com/mupq/pqm4
Nie, X., Liu, B., Xiong, H., Lu, G.: Cubic unbalance oil and vinegar signature scheme. In: Lin, D., Wang, X.F., Yung, M. (eds.) Inscrypt 2015. LNCS, vol. 9589, pp. 47–56. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-38898-4_3
Krawczyk, H., Wee, H.: The OPTLS protocol and TLS 1.3. In: 2016 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 81–96 (2016). https://doi.org/10.1109/EuroSP.2016.18
Kuhnen, W.: OPTLS revisited. Master’s thesis, Radboud University (2018). https://www.ru.nl/publish/pages/769526/thesis-final.pdf
Kwiatkowski, K., Langley, A., Sullivan, N., Levin, D., Mislove, A., Valenta, L.: Measuring TLS key exchange with post-quantum KEM (2019). https://csrc.nist.gov/Presentations/2019/measuring-tls-key-exchange-with-post-quantum-kem
Langley, A.: CECPQ2. ImperialViolet (2018). https://www.imperialviolet.org/2018/12/12/cecpq2.html. Accessed 16 Feb 2021
Langley, A.: Real-world measurements of structured-lattices and supersingular isogenies in TLS. In: ImperialViolet (2019). https://www.imperialviolet.org/2019/10/30/pqsivssl.html. Accessed 16 Feb 2021
Langley, A.: Real-world measurements of structured-lattices and supersingular isogenies in TLS. In: ImperialViolet (2019). https://www.imperialviolet.org/2019/10/30/pqsivssl.html. Accessed 16 Feb 2021
mbed TLS. https://www.trustedfirmware.org/projects/mbed-tls/. Accessed 29 Apr 2022
Mosca, M.: Cybersecurity in an era with quantum computers: will we be ready? Cryptology ePrint Archive, Report 2015/1075 (2015). https://eprint.iacr.org/2015/1075
Mosca, M., Piani, M.: Quantum threat timeline. Tech. rep., Global Risk Institute (2019). https://globalriskinstitute.org/publications/quantum-threat-timeline/
National Institute for Standards and Technology: Submission requirements and evaluation criteria for the post-quantum cryptography standardization process (2016). https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/call-for-proposals-final-dec-2016.pdf
Paul, S., Kuzovkova, Y., Lahr, N., Niederhagen, R.: Mixed certificate chains for the transition to post-quantum authentication in TLS 1.3. Cryptology ePrint Archive, Report 2021/1447 (2021). https://eprint.iacr.org/2021/1447
Prest, T., et al.: FALCON. Tech. rep., National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions
Rescorla, E.: The Transport Layer Security TLS Protocol Version 1.3. RFC 8446, RFC Editor (2018). https://doi.org/10.17487/RFC8446
Schwabe, P., et al .: CRYSTALS-KYBER. Tech. rep., National Institute of Standards and Technology (2020). https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions
Schwabe, P., Stebila, D., Wiggers, T.: Post-quantum TLS without handshake signatures. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) ACM CCS 2020, pp. 1461–1480. ACM Press (2020). https://doi.org/10.1145/3372297.3423350
Schwabe, P., Stebila, D., Wiggers, T.: More efficient post-quantum KEMTLS with pre-distributed public keys. In: Bertino, E., Shulman, H., Waidner, M. (eds.) ESORICS 2021. LNCS, vol. 12972, pp. 3–22. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-88418-5_1
Shor, P.W.: Algorithms for quantum computation: Discrete logarithms and factoring. In: 35th FOCS, pp. 124–134. IEEE Computer Society Press (1994). https://doi.org/10.1109/SFCS.1994.365700
Sikeridis, D., Kampanakis, P., Devetsikiotis, M.: Post-quantum authentication in TLS 1.3: A performance study. In: NDSS 2020. The Internet Society, Feb 2020
The Open Quantum Safe project: Open Quantum Safe. https://openquantumsafe.org/. Accessed 20 May 2022
Westerbaan, B.: Sizing up post-quantum signatures (2021). https://blog.cloudflare.com/sizing-up-post-quantum-signatures/
Zephyr Project: Zephyr project. https://www.zephyrproject.org
Acknowledgements
This work has been supported by Neodyme AG, the European Research Council through Starting Grant No. 805031 (EPOQUE) and by an NLnet Assure grant for the project “Standardizing KEMTLS”.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Gonzalez, R., Wiggers, T. (2022). KEMTLS vs. Post-quantum TLS: Performance on Embedded Systems. In: Batina, L., Picek, S., Mondal, M. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2022. Lecture Notes in Computer Science, vol 13783. Springer, Cham. https://doi.org/10.1007/978-3-031-22829-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-22829-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-22828-5
Online ISBN: 978-3-031-22829-2
eBook Packages: Computer ScienceComputer Science (R0)