Zobrazit v EDS

Integrating and Benchmarking KpqC in TLS/X.509

Uloženo v:
Podrobná bibliografie
Název: Integrating and Benchmarking KpqC in TLS/X.509
Autoři: Sim, Minjoo, Song, Gyeongju, Eum, Siwoo, Lee, Minwoo, Yoon, Seyoung, Baksi, Anubhab, Seo, Hwajeong
Přispěvatelé: Lund University, Faculty of Engineering, LTH, Departments at LTH, Department of Electrical and Information Technology, Secure and Networked Systems, Lunds universitet, Lunds Tekniska Högskola, Institutioner vid LTH, Institutionen för elektro- och informationsteknik, Säkerhets- och nätverkssystem, Originator
Zdroj: Electronics (Switzerland). 14(18)
Témata: Engineering and Technology, Electrical Engineering, Electronic Engineering, Information Engineering, Telecommunications, Teknik, Elektroteknik och elektronik, Telekommunikation
Popis: Advances in quantum computing pose a fundamental threat to classical public-key cryptosystems, including RSA and elliptic-curve cryptography (ECC), which form the foundation for authentication and key exchange in the Transport Layer Security (TLS) protocol. In response to these emerging threats, Korea launched the KpqC (Korea Post-Quantum Cryptography) project in 2021 to design, evaluate, and standardize domestic PQC algorithms. To the best of our knowledge, this is the first systematic evaluation of the finalized Korean PQC algorithms (HAETAE, AIMer, SMAUG-T, NTRU+) within a production-grade TLS/X.509 stack, enabling direct comparison against NIST PQC and ECC baselines. To contextualize KpqC performance, we further compare against NIST-standardized PQC algorithms and classical ECC baselines. Our evaluation examines both static overhead (certificate size) and dynamic overhead (TLS 1.3 handshake latency) across computation-bound (localhost) and network-bound (LAN) scenarios, including embedded device and hybrid TLS configurations. Our results show that KpqC certificates are approximately 4.6–48.8× larger than ECC counterparts and generally exceed NIST PQC sizes. In computation-bound tests, both NIST PQC (ML-KEM) and KpqC hybrids exhibited similar handshake latency increases of approximately 8–9× relative to ECC. In network-bound tests, the difference between the two families was negligible, with relative overhead typically around 30–41%. These findings offer practical guidance for balancing security level, key size, packet size, and latency and support phased PQC migration strategies in real-world TLS deployments.
Přístupová URL adresa: https://doi.org/10.3390/electronics14183717
Databáze: SwePub
Popis
Abstrakt:Advances in quantum computing pose a fundamental threat to classical public-key cryptosystems, including RSA and elliptic-curve cryptography (ECC), which form the foundation for authentication and key exchange in the Transport Layer Security (TLS) protocol. In response to these emerging threats, Korea launched the KpqC (Korea Post-Quantum Cryptography) project in 2021 to design, evaluate, and standardize domestic PQC algorithms. To the best of our knowledge, this is the first systematic evaluation of the finalized Korean PQC algorithms (HAETAE, AIMer, SMAUG-T, NTRU+) within a production-grade TLS/X.509 stack, enabling direct comparison against NIST PQC and ECC baselines. To contextualize KpqC performance, we further compare against NIST-standardized PQC algorithms and classical ECC baselines. Our evaluation examines both static overhead (certificate size) and dynamic overhead (TLS 1.3 handshake latency) across computation-bound (localhost) and network-bound (LAN) scenarios, including embedded device and hybrid TLS configurations. Our results show that KpqC certificates are approximately 4.6–48.8× larger than ECC counterparts and generally exceed NIST PQC sizes. In computation-bound tests, both NIST PQC (ML-KEM) and KpqC hybrids exhibited similar handshake latency increases of approximately 8–9× relative to ECC. In network-bound tests, the difference between the two families was negligible, with relative overhead typically around 30–41%. These findings offer practical guidance for balancing security level, key size, packet size, and latency and support phased PQC migration strategies in real-world TLS deployments.
ISSN:20799292
DOI:10.3390/electronics14183717