Communications in Cryptology IACR CiC

A Comprehensive Survey on Post-Quantum TLS

Authors

Nouri Alnahawi, Johannes Müller, Jan Oupický, Alexander Wiesmaier
Nouri Alnahawi ORCID
Darmstadt University of Applied Sciences, Darmstadt, Germany
nouri dot alnahawi at h-da dot de
Johannes Müller ORCID
University of Luxembourg, Esch-sur-Alzette, Luxembourg
LORIA, Nancy, France
CNRS, Paris, France
johannes dot mueller at loria dot fr
Jan Oupický ORCID
University of Luxembourg, Esch-sur-Alzette, Luxembourg
jan dot oupicky at uni dot lu
Alexander Wiesmaier ORCID
Darmstadt University of Applied Sciences, Darmstadt, Germany
alexander dot wiesmaier at h-da dot de

Abstract

Transport Layer Security (TLS) is the backbone security protocol of the Internet. As this fundamental protocol is at risk from future quantum attackers, many proposals have been made to protect TLS against this threat by implementing post-quantum cryptography (PQC). The widespread interest in post-quantum TLS has given rise to a large number of solutions over the last decade. These proposals differ in many aspects, including the security properties they seek to protect, the efficiency and trustworthiness of their post-quantum building blocks, and the application scenarios they consider, to name a few.

Based on an extensive literature review, we classify existing solutions according to their general approaches, analyze their individual contributions, and present the results of our extensive performance experiments. Based on these insights, we identify the most reasonable candidates for post-quantum TLS, which research problems in this area have already been solved, and which are still open. Overall, our work provides a well-founded reference point for researching post-quantum TLS and preparing TLS in practice for the quantum age.

References

[AAB+22]
Carlos Aguilar-Melchor, Nicolas Aragon, Slim Bettaieb, Loïc Bidoux, Olivier Blazy, Jean-Christophe Deneuville, Philippe Gaborit, Edoardo Persichetti, Gilles Zémor, Jurjen Bos, Arnaud Dion, Jerome Lacan, Jean-Marc Robert, and Pascal Veron. HQC. Technical report, National Institute of Standards and Technology. available at https://csrc.nist.gov/Projects/post-quantum-cryptography/round-4-submissions. 2022.
[AAC+22]
Gorjan Alagic, Daniel Apon, David Cooper, Quynh Dang, Thinh Dang, John Kelsey, Jacob Lichtinger, Carl Miller, Dustin Moody, Rene Peralta, Ray Perlner, Angela Robinson, Daniel Smith-Tone, and Yi-Kai Liu. Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process. Technical report number NISTIR 8413, National Institute of Standards and Technology. September 2022.
[ABB+22]
Nicolas Aragon, Paulo Barreto, Slim Bettaieb, Loic Bidoux, Olivier Blazy, Jean-Christophe Deneuville, Phillipe Gaborit, Shay Gueron, Tim Guneysu, Carlos Aguilar-Melchor, Rafael Misoczki, Edoardo Persichetti, Nicolas Sendrier, Jean-Pierre Tillich, Gilles Zémor, Valentin Vasseur, Santosh Ghosh, and Jan Richter-Brokmann. BIKE. Technical report, National Institute of Standards and Technology. available at https://csrc.nist.gov/Projects/post-quantum-cryptography/round-4-submissions. 2022.
[ABC+22]
Martin R. Albrecht, Daniel J. Bernstein, Tung Chou, Carlos Cid, Jan Gilcher, Tanja Lange, Varun Maram, Ingo von Maurich, Rafael Misoczki, Ruben Niederhagen, Kenneth G. Paterson, Edoardo Persichetti, Christiane Peters, Peter Schwabe, Nicolas Sendrier, Jakub Szefer, Cen Jung Tjhai, Martin Tomlinson, and Wen Wang. Classic McEliece. Technical report, National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum-cryptography/round-4-submissions. 2022.
[ABG+23]
Carlos Aguilar-Melchor, Thomas Bailleux, Jason Goertzen, David Joseph, and Douglas Stebila. TurboTLS: TLS Connection Establishment with 1 Less Round Trip. 2023.
[ADPS16]
Erdem Alkim, Léo Ducas, Thomas Pöppelmann, and Peter Schwabe. Post-quantum Key Exchange - A New Hope. In Thorsten Holz and Stefan Savage, editors, USENIX Security 2016: 25th USENIX Security Symposium, pages 327–343. August 2016. USENIX Association.
[{AWS}23]
AWS. Github S2n-TLS/PQ-Crypto. https://github.com/aws/s2n-tls/tree/v1.3.56/pq-crypto. July 2023.
[BAA+19]
Nina Bindel, Sedat Akleylek, Erdem Alkim, Paulo S. L. M. Barreto, Johannes Buchmann, Edward Eaton, Gus Gutoski, Juliane Kramer, Patrick Longa, Harun Polat, Jefferson E. Ricardini, and Gustavo Zanon. qTESLA. Technical report, National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-2-submissions. 2019.
[Bar20]
Elaine Barker. Recommendation for Key Management Part 1: General. Technical report number NIST SP 800-57pt1r5, National Institute of Standards and Technology. May 2020.
[BBC+20]
Daniel J. Bernstein, Billy Bob Brumley, Ming-Shing Chen, Chitchanok Chuengsatiansup, Tanja Lange, Adrian Marotzke, Bo-Yuan Peng, Nicola Tuveri, Christine van Vredendaal, and Bo-Yin Yang. NTRU Prime. Technical report, National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions. 2020.
[BBCT22]
Daniel J. Bernstein, Billy Bob Brumley, Ming-Shing Chen, and Nicola Tuveri. OpenSSLNTRU: Faster post-quantum TLS key exchange. In Kevin R. B. Butler and Kurt Thomas, editors, USENIX Security 2022: 31st USENIX Security Symposium, pages 845–862. August 2022. USENIX Association.
[BBF+19]
Nina Bindel, Jacqueline Brendel, Marc Fischlin, Brian Goncalves, and Douglas Stebila. Hybrid Key Encapsulation Mechanisms and Authenticated Key Exchange. In Jintai Ding and Rainer Steinwandt, editors, Post-Quantum Cryptography - 10th International Conference, PQCrypto 2019, pages 206–226. 2019. Springer, Heidelberg. DOI: 10.1007/978-3-030-25510-7_12
[BC20]
Utsav Banerjee and Anantha P. Chandrakasan. Efficient Post-Quantum TLS Handshakes Using Identity-Based Key Exchange from Lattices. In ICC 2020 - 2020 IEEE International Conference on Communications (ICC), pages 1–6. June 2020. DOI: 10.1109/ICC40277.2020.9148829
[BCD+16]
Joppe W. Bos, Craig Costello, Léo Ducas, Ilya Mironov, Michael Naehrig, Valeria Nikolaenko, Ananth Raghunathan, and Douglas Stebila. Frodo: Take off the Ring! Practical, Quantum-Secure Key Exchange from LWE. In Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi, editors, ACM CCS 2016: 23rd Conference on Computer and Communications Security, pages 1006–1018. October 2016. ACM Press. DOI: 10.1145/2976749.2978425
[BCD+24]
Manuel Barbosa, Deirdre Connolly, João Diogo Duarte, Aaron Kaiser, Peter Schwabe, Karolin Varner, and Bas Westerbaan. X-Wing. IACR Communications in Cryptology, 1(1), 2024. DOI: 10.62056/a3qj89n4e
[BCNS15]
Joppe W. Bos, Craig Costello, Michael Naehrig, and Douglas Stebila. Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem. In 2015 IEEE Symposium on Security and Privacy, pages 553–570. May 2015. IEEE Computer Society Press. DOI: 10.1109/SP.2015.40
[Ber09]
Daniel J. Bernstein. Cost Analysis of Hash Collisions: Will Quantum Computers Make SHARCS Obsolete?. https://cr.yp.to/hash/collisioncost-20090823.pdf. 2009.
[Beu22]
Ward Beullens. Breaking Rainbow Takes a Weekend on a Laptop. In Yevgeniy Dodis and Thomas Shrimpton, editors, Advances in Cryptology – CRYPTO 2022, Part II, volume 13508 of Lecture Notes in Computer Science, pages 464–479. August 2022. Springer, Heidelberg. DOI: 10.1007/978-3-031-15979-4_16
[BHMS17]
Nina Bindel, Udyani Herath, Matthew McKague, and Douglas Stebila. Transitioning to a Quantum-Resistant Public Key Infrastructure. In Tanja Lange and Tsuyoshi Takagi, editors, Post-Quantum Cryptography - 8th International Workshop, PQCrypto 2017, pages 384–405. 2017. Springer, Heidelberg. DOI: 10.1007/978-3-319-59879-6_22
[BHT98]
Gilles Brassard, Peter Høyer, and Alain Tapp. Quantum Cryptanalysis of Hash and Claw-Free Functions. In Claudio L. Lucchesi and Arnaldo V. Moura, editors, LATIN 1998: Theoretical Informatics, 3rd Latin American Symposium, volume 1380 of Lecture Notes in Computer Science, pages 163–169. April 1998. Springer, Heidelberg. DOI: 10.1007/bfb0054319
[{BSI}23]
BSI. Cryptographic Mechanisms: Recommendations and Key Lengths. https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf. 2023.
[BSKNS20]
Kevin Bürstinghaus-Steinbach, Christoph Krauß, Ruben Niederhagen, and Michael Schneider. Post-Quantum TLS on Embedded Systems: Integrating and Evaluating Kyber and SPHINCS+ with mbed TLS. In Hung-Min Sun, Shiuh-Pyng Shieh, Guofei Gu, and Giuseppe Ateniese, editors, ASIACCS 20: 15th ACM Symposium on Information, Computer and Communications Security, pages 841–852. October 2020. ACM Press. DOI: 10.1145/3320269.3384725
[CAD+20]
David A. Cooper, Daniel C. Apon, Quynh H. Dang, Michael S. Davidson, Morris J. Dworkin, and Carl A. Miller. Recommendation for Stateful Hash-Based Signature Schemes. Technical report number NIST SP 800-208, National Institute of Standards and Technology. October 2020.
[CC21]
Matt Campagna and Eric Crockett. Hybrid Post-Quantum Key Encapsulation Methods (PQ KEM) for Transport Layer Security 1.2 (TLS). Technical report number draft-campagna-tls-bike-sike-hybrid-07, Internet Engineering Task Force. Work in Progress. September 2021.
[CCSCD+23]
Fabio Campos, Jorge Chavez-Saab, Jesús-Javier Chi-Domínguez, Michael Meyer, Krijn Reijnders, Francisco Rodríguez-Henríquez, Peter Schwabe, and Thom Wiggers. Optimizations and Practicality of High-Security CSIDH. https://eprint.iacr.org/2023/793. Cryptology ePrint Archive, Paper 2023/793. 2023.
[CD23]
Wouter Castryck and Thomas Decru. An Efficient Key Recovery Attack on SIDH. In Carmit Hazay and Martijn Stam, editors, Advances in Cryptology – EUROCRYPT 2023, Part V, volume 14008 of Lecture Notes in Computer Science, pages 423–447. April 2023. Springer, Heidelberg. DOI: 10.1007/978-3-031-30589-4_15
[CDH+20]
Cong Chen, Oussama Danba, Jeffrey Hoffstein, Andreas Hulsing, Joost Rijneveld, John M. Schanck, Peter Schwabe, William Whyte, Zhenfei Zhang, Tsunekazu Saito, Takashi Yamakawa, and Keita Xagawa. NTRU. Technical report, National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions. 2020.
[CFM+20]
Antoine Casanova, Jean-Charles Faugère, Gilles Macario-Rat, Jacques Patarin, Ludovic Perret, and Jocelyn Ryckeghem. GeMSS. Technical report, National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions. 2020.
[CFS+21]
Sofía Celi, Armando Faz-Hernández, Nick Sullivan, Goutam Tamvada, Luke Valenta, Thom Wiggers, Bas Westerbaan, and Christopher A. Wood. Implementing and Measuring KEMTLS. In Patrick Longa and Carla Ràfols, editors, Progress in Cryptology - LATINCRYPT 2021: 7th International Conference on Cryptology and Information Security in Latin America, volume 12912 of Lecture Notes in Computer Science, pages 88–107, Bogotá, Colombia. October 2021. Springer, Heidelberg. DOI: 10.1007/978-3-030-88238-9_5
[CHSv16]
Cas Cremers, Marko Horvat, Sam Scott, and Thyla van der Merwe. Automated Analysis and Verification of TLS 1.3: 0-RTT, Resumption and Delayed Authentication. In 2016 IEEE Symposium on Security and Privacy, pages 470–485. May 2016. IEEE Computer Society Press. DOI: 10.1109/SP.2016.35
[CHSW22]
Sofía Celi, Jonathan Hoyland, Douglas Stebila, and Thom Wiggers. A Tale of Two Models: Formal Verification of KEMTLS via Tamarin. In Vijayalakshmi Atluri, Roberto Di Pietro, Christian Damsgaard Jensen, and Weizhi Meng, editors, ESORICS 2022: 27th European Symposium on Research in Computer Security, Part III, volume 13556 of Lecture Notes in Computer Science, pages 63–83. September 2022. Springer, Heidelberg. DOI: 10.1007/978-3-031-17143-7_4
[CJKK22]
Vincent Cheval, Charlie Jacomme, Steve Kremer, and Robert Künnemann. SAPIC+: protocol verifiers of the world, unite!. In Kevin R. B. Butler and Kurt Thomas, editors, USENIX Security 2022: 31st USENIX Security Symposium, pages 3935–3952. August 2022. USENIX Association.
[CJL+16]
Lily Chen, Stephen Jordan, Yi-Kai Liu, Dustin Moody, Rene Peralta, Ray Perlner, and Daniel Smith-Tone. Report on Post-Quantum Cryptography. Technical report number NIST IR 8105, National Institute of Standards and Technology. April 2016.
[CLM+18]
Wouter Castryck, Tanja Lange, Chloe Martindale, Lorenz Panny, and Joost Renes. CSIDH: An Efficient Post-Quantum Commutative Group Action. In Thomas Peyrin and Steven Galbraith, editors, Advances in Cryptology – ASIACRYPT 2018, Part III, volume 11274 of Lecture Notes in Computer Science, pages 395–427. December 2018. Springer, Heidelberg. DOI: 10.1007/978-3-030-03332-3_15
[CPS19]
Eric Crockett, Christian Paquin, and Douglas Stebila. Prototyping post-quantum and hybrid key exchange and authentication in TLS and SSH. https://eprint.iacr.org/2019/858. Cryptology ePrint Archive, Report 2019/858. 2019.
[DAL+17]
Jintai Ding, Saed Alsayigh, Jean Lancrenon, Saraswathy RV, and Michael Snook. Provably Secure Password Authenticated Key Exchange Based on RLWE for the Post-Quantum World. In Helena Handschuh, editor, Topics in Cryptology – CT-RSA 2017, volume 10159 of Lecture Notes in Computer Science, pages 183–204. February 2017. Springer, Heidelberg. DOI: 10.1007/978-3-319-52153-4_11
[DCP+20]
Jintai Ding, Ming-Shing Chen, Albrecht Petzoldt, Dieter Schmidt, Bo-Yin Yang, Matthias J. Kannwischer, and Jacques Patarin. Rainbow. Technical report, National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions. 2020.
[DDV+20]
Alfonso Francisco De Abiega-L'Eglisse, Kevin Andrae Delgado-Vargas, Fernando Quetzalcoatl Valencia-Rodriguez, Victor Gerardo Gonzalez-Quiroga, Gina Gallegos-Garcia, and Mariko Nakano-Miyatake. Performance of New Hope and CRYSTALS-Dilithium Postquantum Schemes in the Transport Layer Security Protocol. IEEE Access, 8:213968–213980, 2020. DOI: 10.1109/ACCESS.2020.3040324
[DFGS15]
Benjamin Dowling, Marc Fischlin, Felix Günther, and Douglas Stebila. A Cryptographic Analysis of the TLS 1.3 Handshake Protocol Candidates. In Indrajit Ray, Ninghui Li, and Christopher Kruegel, editors, ACM CCS 2015: 22nd Conference on Computer and Communications Security, pages 1197–1210. October 2015. ACM Press. DOI: 10.1145/2810103.2813653
[DG22]
Ronny Döring and Marc Geitz. Post-Quantum Cryptography in Use: Empirical Analysis of the TLS Handshake Performance. In NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, pages 1–5. April 2022. DOI: 10.1109/NOMS54207.2022.9789913
[DKR+20]
Jan-Pieter D'Anvers, Angshuman Karmakar, Sujoy Sinha Roy, Frederik Vercauteren, Jose Maria Bermudo Mera, Michiel Van Beirendonck, and Andrea Basso. SABER. Technical report, National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions. 2020.
[DM23a]
Douglas Stebila and Michele Mosca. Open Quantum Safe Benchmarking, KEM Performance. https://web.archive.org/web/20230630133536/https://openquantumsafe.org/benchmarking/visualization/speed_kem.html. June 2023.
[DM23b]
Douglas Stebila and Michele Mosca. Open Quantum Safe Benchmarking, TLS Handshake Performance. https://web.archive.org/web/20230630104243/https://openquantumsafe.org/benchmarking/visualization/handshakes.html. June 2023.
[{ETS}17]
ETSI. Limits to Quantum Computing Applied to Symmetric Key Sizes. Technical report number ETSI GR QSC 006, ETSI. February 2017.
[ETS21]
ETSI. Electronic Signatures and Infrastructures (ESI); General Policy Requirements for Trust Service Providers. Technical report number EN 319 401 V2.3.1, ETSI. May 2021.
[{Fro}23]
FrodoKEM submitters. FrodoKEM website. https://frodokem.org/. 2023.
[GDL+18]
Xinwei Gao, Jintai Ding, Lin Li, Saraswathy RV, and Jiqiang Liu. Efficient Implementation of Password-based Authenticated Key Exchange from RLWE and Post-Quantum TLS. International Journal of Network Security, 20(5):923–930, September 2018. DOI: 10.6633/IJNS.201809_20(5).14
[GdNC+23]
Alexandre Augusto Giron, João Pedro Adami do Nascimento, Ricardo Custódio, Lucas Pandolfo Perin, and Víctor Mateu. Post-quantum Hybrid KEMTLS Performance in Simulated and Real Network Environments. In Abdelrahaman Aly and Mehdi Tibouchi, editors, Progress in Cryptology - LATINCRYPT 2023: 8th International Conference on Cryptology and Information Security in Latin America, volume 14168 of Lecture Notes in Computer Science, pages 293–312, Quito, Ecuador. October 2023. Springer, Heidelberg. DOI: 10.1007/978-3-031-44469-2_15
[GHP18]
Federico Giacon, Felix Heuer, and Bertram Poettering. KEM Combiners. In Michel Abdalla and Ricardo Dahab, editors, PKC 2018: 21st International Conference on Theory and Practice of Public Key Cryptography, Part I, volume 10769 of Lecture Notes in Computer Science, pages 190–218. March 2018. Springer, Heidelberg. DOI: 10.1007/978-3-319-76578-5_7
[GLD+17]
Xinwei Gao, Lin Li, Jintai Ding, Jiqiang Liu, R. V. Saraswathy, and Zhe Liu. Fast Discretized Gaussian Sampling and Post-quantum TLS Ciphersuite. In Information Security Practice and Experience, volume 10701, pages 551–565. Springer International Publishing, Cham 2017. DOI: 10.1007/978-3-319-72359-4_33
[Goo22]
Google. Why Google Now Uses Post-Quantum Cryptography for Internal Comms. https://cloud.google.com/blog/products/identity-security/why-google-now-uses-post-quantum-cryptography-for-internal-comms. 2022.
[Goo23a]
Google. General-purpose machine family for Compute Engine. https://cloud.google.com/compute/docs/general-purpose-machines. 2023.
[Goo23b]
Google. Protecting Chrome Traffic with Hybrid Kyber KEM. https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html. August 2023.
[Gro96]
Lov K. Grover. A Fast Quantum Mechanical Algorithm for Database Search. In 28th Annual ACM Symposium on Theory of Computing, pages 212–219. May 1996. ACM Press. DOI: 10.1145/237814.237866
[GW22]
Ruben Gonzalez and Thom Wiggers. KEMTLS vs. Post-quantum TLS: Performance on Embedded Systems. In Lejla Batina, Stjepan Picek, and Mainack Mondal, editors, Security, Privacy, and Applied Cryptography Engineering, pages 99–117, Cham. 2022. Springer Nature Switzerland. DOI: 10.1007/978-3-031-22829-2_6
[HBD+22]
Andreas Hülsing, Daniel J. Bernstein, Christoph Dobraunig, Maria Eichlseder, Scott Fluhrer, Stefan-Lukas Gazdag, Panos Kampanakis, Stefan Kölbl, Tanja Lange, Martin M. Lauridsen, Florian Mendel, Ruben Niederhagen, Christian Rechberger, Joost Rijneveld, Peter Schwabe, Jean-Philippe Aumasson, Bas Westerbaan, and Ward Beullens. SPHINCS+. Technical report, National Institute of Standards and Technology. available at https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022. 2022.
[HBG+18]
Andreas Huelsing, Denis Butin, Stefan-Lukas Gazdag, Joost Rijneveld, and Aziz Mohaisen. XMSS: eXtended Merkle Signature Scheme. RFC 8391. 2018.
[Hop19]
Andrew Hopkins. Post-Quantum TLS Now Supported in AWS KMS - AWS Security Blog. November 2019.
[HW23]
James Howe and Bas Westerbaan. Benchmarking and Analysing the NIST PQC Lattice-Based Signature Schemes Standards on the ARM Cortex M7. In Nadia El Mrabet, Luca De Feo, and Sylvain Duquesne, editors, AFRICACRYPT 23: 14th International Conference on Cryptology in Africa, volume 14064 of Lecture Notes in Computer Science, pages 442–462. July 2023. Springer Nature. DOI: 10.1007/978-3-031-37679-5_19
[{ITU}19]
ITU. Recommendation ITU-T X.509 (2019) | ISO/IEC 9594-8:2020, Information Technology – Open Systems Interconnection – The Directory: Public-key and Attribute Certificate Frameworks. October 2019.
[JAC+20]
David Jao, Reza Azarderakhsh, Matthew Campagna, Craig Costello, Luca De Feo, Basil Hess, Amir Jalali, Brian Koziel, Brian LaMacchia, Patrick Longa, Michael Naehrig, Joost Renes, Vladimir Soukharev, David Urbanik, Geovandro Pereira, Koray Karabina, and Aaron Hutchinson. SIKE. Technical report, National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions. 2020.
[KK18]
Franziskus Kiefer and Kris Kwiatkowski. Hybrid ECDHE-SIDH Key Exchange for TLS. https://datatracker.ietf.org/doc/draft-kiefer-tls-ecdhe-sidh/00/. November 2018.
[KPDG18]
Panos Kampanakis, Peter Panburana, Ellie Daw, and Daniel Van Geest. The Viability of Post-quantum X.509 Certificates. https://eprint.iacr.org/2018/063. Cryptology ePrint Archive, Report 2018/063. 2018.
[KS19]
Panos Kampanakis and Dimitrios Sikeridis. Two PQ Signature Use-cases: Non-issues, challenges and potential solutions.. https://eprint.iacr.org/2019/1276. Cryptology ePrint Archive, Report 2019/1276. 2019.
[KV19]
Kris Kwiatkowski and Luke Valenta. The TLS Post-Quantum Experiment. https://blog.cloudflare.com/the-tls-post-quantum-experiment/. October 2019.
[KW16]
Hugo Krawczyk and Hoeteck Wee. The OPTLS Protocol and TLS 1.3. In 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pages 81–96. 2016. DOI: 10.1109/EuroSP.2016.18
[KZ20]
Daniel Kales and Greg Zaverucha. An Attack on Some Signature Schemes Constructed from Five-Pass Identification Schemes. In Stephan Krenn, Haya Shulman, and Serge Vaudenay, editors, CANS 20: 19th International Conference on Cryptology and Network Security, volume 12579 of Lecture Notes in Computer Science, pages 3–22. December 2020. Springer, Heidelberg. DOI: 10.1007/978-3-030-65411-5_1
[Lan16]
Adam Langley. ImperialViolet - CECPQ1 Results. https://www.imperialviolet.org/2016/11/28/cecpq1.html. November 2016.
[Lan18]
Adam Langley. ImperialViolet - CECPQ2. https://www.imperialviolet.org/2018/12/12/cecpq2.html. December 2018.
[LDK+22]
Vadim Lyubashevsky, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Peter Schwabe, Gregor Seiler, Damien Stehlé, and Shi Bai. CRYSTALS-DILITHIUM. Technical report, National Institute of Standards and Technology. available at https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022. 2022.
[LIM21]
Fukang Liu, Takanori Isobe, and Willi Meier. Cryptanalysis of Full LowMC and LowMC-M with Algebraic Techniques. In Tal Malkin and Chris Peikert, editors, Advances in Cryptology – CRYPTO 2021, Part III, volume 12827 of Lecture Notes in Computer Science, pages 368–401, Virtual Event. August 2021. Springer, Heidelberg. DOI: 10.1007/978-3-030-84252-9_13
[LSW+22]
Fukang Liu, Santanu Sarkar, Gaoli Wang, Willi Meier, and Takanori Isobe. Algebraic Meet-in-the-Middle Attack on LowMC. In Shweta Agrawal and Dongdai Lin, editors, Advances in Cryptology – ASIACRYPT 2022, Part I, volume 13791 of Lecture Notes in Computer Science, pages 225–255. December 2022. Springer, Heidelberg. DOI: 10.1007/978-3-031-22963-3_8
[MAA+20]
Dustin Moody, Gorjan Alagic, Daniel C Apon, Quynh H Cooper David A and Dang, John M Kelsey, Yi-Kai Liu, Rene C Miller Carl A and Peralta, Angela Y Perlner Ray A and Robinson, Daniel C Smith-Tone, and Jacob Alperin-Sheriff. Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process. Technical report number NIST IR 8309, National Institute of Standards and Technology. July 2020.
[MCF19]
David McGrew, Michael Curcio, and Scott Fluhrer. Leighton-Micali Hash-Based Signatures. Technical report number RFC 8554, Internet Engineering Task Force. April 2019.
[MP22]
Michele Mosca and Marco Piani. 2022 Quantum Threat Timeline Report. Technical report, Global Risk Institute. 2022.
[MS22]
Dominik Marchsreiter and Johanna Sepúlveda. Hybrid Post-Quantum Enhanced TLS 1.3 on Embedded Devices. In 2022 25th Euromicro Conference on Digital System Design (DSD), pages 905–912. August 2022. DOI: 10.1109/DSD57027.2022.00127
[MST21]
John Preuß Mattsson, Ben Smeets, and Erik Thormarker. Quantum Technology and Its Impact on Security in Mobile Networks. Ericsson Technology Review, 2021(12):2–12, 2021. DOI: 10.23919/ETR.2021.9904724
[NAB+20]
Michael Naehrig, Erdem Alkim, Joppe Bos, Léo Ducas, Karen Easterbrook, Brian LaMacchia, Patrick Longa, Ilya Mironov, Valeria Nikolaenko, Christopher Peikert, Ananth Raghunathan, and Douglas Stebila. FrodoKEM. Technical report, National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions. 2020.
[{NIS}16]
NIST. Submission Requirements and Evaluation Criteria for the Post-Quantum Cryptography Standardization Process. https://csrc.nist.rip/groups/ST/post-quantum-crypto/documents/call-for-proposals-final-dec-2016.pdf. December 2016.
[{NIS}22]
NIST. Call for Additional Digital Signature Schemes for the Post-Quantum Cryptography Standardization Process. https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/call-for-proposals-dig-sig-sept-2022.pdf. October 2022.
[{NSA}22]
NSA. Commercial National Security Algorithm Suite 2.0. https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF. 2022.
[PAA+19]
Thomas Pöppelmann, Erdem Alkim, Roberto Avanzi, Joppe Bos, Léo Ducas, Antonio de la Piedra, Peter Schwabe, Douglas Stebila, Martin R. Albrecht, Emmanuela Orsini, Valery Osheter, Kenneth G. Paterson, Guy Peer, and Nigel P. Smart. NewHope. Technical report, National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-2-submissions. 2019.
[Pei20]
Chris Peikert. He Gives C-Sieves on the CSIDH. In Anne Canteaut and Yuval Ishai, editors, Advances in Cryptology – EUROCRYPT 2020, Part II, volume 12106 of Lecture Notes in Computer Science, pages 463–492. May 2020. Springer, Heidelberg. DOI: 10.1007/978-3-030-45724-2_16
[PFH+22]
Thomas Prest, Pierre-Alain Fouque, Jeffrey Hoffstein, Paul Kirchner, Vadim Lyubashevsky, Thomas Pornin, Thomas Ricosset, Gregor Seiler, William Whyte, and Zhenfei Zhang. FALCON. Technical report, National Institute of Standards and Technology. available at https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022. 2022.
[PKLN22]
Sebastian Paul, Yulia Kuzovkova, Norman Lahr, and Ruben Niederhagen. Mixed Certificate Chains for the Transition to Post-Quantum Authentication in TLS 1.3. In Yuji Suga, Kouichi Sakurai, Xuhua Ding, and Kazue Sako, editors, ASIACCS 22: 17th ACM Symposium on Information, Computer and Communications Security, pages 727–740. 2022. ACM Press. DOI: 10.1145/3488932.3497755
[Por19]
Thomas Pornin. New Efficient, Constant-Time Implementations of Falcon. https://eprint.iacr.org/2019/893. Cryptology ePrint Archive, Report 2019/893. 2019.
[pro23a]
The HAPKIDO project. HAPKIDO: For Quantum-Safe Public Key Infrastructures. https://hapkido.tno.nl/. 2023.
[pro23b]
The Open Quantum Safe project. Github repository: OQS liboqs library. https://github.com/open-quantum-safe/liboqs. 2023.
[pro23c]
The Open Quantum Safe project. Github repository: OQS OpenSSL 3 provider. https://github.com/open-quantum-safe/oqs-provider. 2023.
[pro23d]
The Open Quantum Safe project. Github repository: OQS OpenSSL fork. https://github.com/open-quantum-safe/openssl. 2023.
[pro23e]
The OpenSSL project. Github repository: OpenSSL. https://github.com/openssl/openssl. 2023.
[PSS21]
Sebastian Paul, Felix Schick, and Jan Seedorf. TPM-Based Post-Quantum Cryptography: A Case Study on Quantum-Resistant and Mutually Authenticated TLS for IoT Environments. In Proceedings of the 16th International Conference on Availability, Reliability and Security, pages 1–10. August 2021. Association for Computing Machinery. DOI: 10.1145/3465481.3465747
[PST20]
Christian Paquin, Douglas Stebila, and Goutam Tamvada. Benchmarking Post-quantum Cryptography in TLS. In Jintai Ding and Jean-Pierre Tillich, editors, Post-Quantum Cryptography - 11th International Conference, PQCrypto 2020, pages 72–91. 2020. Springer, Heidelberg. DOI: 10.1007/978-3-030-44223-1_5
[Res18]
Eric Rescorla. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446. August 2018.
[SAB+18]
N Smart, M Abdalla, E Bjørstad, C Cid, and B Gierlichs. Algorithms, Key Size and Protocols Report (2018). Technical report number Project 645421, ECRYPT - CSA. 2018.
[SAB+22]
Peter Schwabe, Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Gregor Seiler, Damien Stehlé, and Jintai Ding. CRYSTALS-KYBER. Technical report, National Institute of Standards and Technology. available at https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022. 2022.
[SCH+19]
Simona Samardjiska, Ming-Shing Chen, Andreas Hulsing, Joost Rijneveld, and Peter Schwabe. MQDSS. Technical report, National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-2-submissions. 2019.
[SFG24]
D. Stebila, S. Fluhrer, and S. Gueron. Internet-Draft: Hybrid Key Exchange in TLS 1.3. https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/10/. April 2024.
[SKD20a]
Dimitrios Sikeridis, Panos Kampanakis, and Michael Devetsikiotis. Assessing the Overhead of Post-Quantum Cryptography in TLS 1.3 and SSH. In Proceedings of the 16th International Conference on Emerging Networking EXperiments and Technologies, pages 149–156, New York, NY, USA. 2020. Association for Computing Machinery. DOI: 10.1145/3386367.3431305
[SKD20b]
Dimitrios Sikeridis, Panos Kampanakis, and Michael Devetsikiotis. Post-Quantum Authentication in TLS 1.3: A Performance Study. In ISOC Network and Distributed System Security Symposium – NDSS 2020. February 2020. The Internet Society. DOI: 10.14722/ndss.2020.24203
[SM16]
Douglas Stebila and Michele Mosca. Post-quantum Key Exchange for the Internet and the Open Quantum Safe Project. In Roberto Avanzi and Howard M. Heys, editors, SAC 2016: 23rd Annual International Workshop on Selected Areas in Cryptography, volume 10532 of Lecture Notes in Computer Science, pages 14–37. August 2016. Springer, Heidelberg. DOI: 10.1007/978-3-319-69453-5_2
[SS17]
John M. Schanck and Douglas Stebila. A Transport Layer Security (TLS) Extension For Establishing An Additional Shared Secret. https://datatracker.ietf.org/doc/draft-schanck-tls-additional-keyshare/00/. April 2017.
[SSW20]
Peter Schwabe, Douglas Stebila, and Thom Wiggers. Post-Quantum TLS Without Handshake Signatures. In Jay Ligatti, Xinming Ou, Jonathan Katz, and Giovanni Vigna, editors, ACM CCS 2020: 27th Conference on Computer and Communications Security, pages 1461–1480. November 2020. ACM Press. DOI: 10.1145/3372297.3423350
[SSW21]
Peter Schwabe, Douglas Stebila, and Thom Wiggers. More Efficient Post-quantum KEMTLS with Pre-distributed Public Keys. In Elisa Bertino, Haya Shulman, and Michael Waidner, editors, ESORICS 2021: 26th European Symposium on Research in Computer Security, Part I, volume 12972 of Lecture Notes in Computer Science, pages 3–22. October 2021. Springer, Heidelberg. DOI: 10.1007/978-3-030-88418-5_1
[SWZ16]
John M. Schanck, William Whyte, and Zhenfei Zhang. Quantum-Safe Hybrid (QSH) Ciphersuite for Transport Layer Security (TLS) Version 1.2. https://datatracker.ietf.org/doc/draft-whyte-qsh-tls12/02/. 2016.
[TLF+22]
George Tasopoulos, Jinhui Li, Apostolos P. Fournaris, Raymond K. Zhao, Amin Sakzad, and Ron Steinfeld. Performance Evaluation of Post-Quantum TLS 1.3 on Resource-Constrained Embedded Systems. In Chunhua Su, Dimitris Gritzalis, and Vincenzo Piuri, editors, Information Security Practice and Experience, pages 432–451. 2022. Springer International Publishing. DOI: 10.1007/978-3-031-21280-2_24
[TPD21]
Chengdong Tao, Albrecht Petzoldt, and Jintai Ding. Efficient Key Recovery for All HFE Signature Variants. In Tal Malkin and Chris Peikert, editors, Advances in Cryptology – CRYPTO 2021, Part I, volume 12825 of Lecture Notes in Computer Science, pages 70–93, Virtual Event. August 2021. Springer, Heidelberg. DOI: 10.1007/978-3-030-84242-0_4
[Wel20]
D. L. Weller. Incorporating Post-Quantum Cryptography in a Microservice Environment. https://rp.os3.nl/2019-2020/p13/report.pdf. February 2020.
[Wes22]
Bas Westerbaan. NIST's Pleasant Post-Quantum Surprise. https://blog.cloudflare.com/nist-post-quantum-surprise/. July 2022.
[Wes24]
[Wig24]
Thom Wiggers. Post-Quantum TLS. PhD thesis, Radboud University, Nijmegen, The Netherlands, 2024.
[WS23]
Bas Westerbaan and Douglas Stebila. X25519Kyber768Draft00 Hybrid Post-Quantum Key Agreement. https://datatracker.ietf.org/doc/draft-tls-westerbaan-xyber768d00/03/. September 2023.
[WZFG17]
W. Whyte, Z. Zhang, S. Fluhrer, and O. Garcia-Morchon. Internet-Draft: Quantum-Safe Hybrid (QSH) Key Exchange for Transport Layer Security (TLS) Version 1.3. https://datatracker.ietf.org/doc/draft-whyte-qsh-tls13/06/. October 2017.
[Zal99]
Christof Zalka. Grover's Quantum Searching Algorithm Is Optimal. Physical Review A, 60(4):2746–2751, October 1999. DOI: 10.1103/PhysRevA.60.2746
[ZCD+20]
Greg Zaverucha, Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig, Jonathan Katz, Xiao Wang, Vladmir Kolesnikov, and Daniel Kales. Picnic. Technical report, National Institute of Standards and Technology. available at https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions. 2020.
[ZZD+15]
Jiang Zhang, Zhenfeng Zhang, Jintai Ding, Michael Snook, and Özgür Dagdelen. Authenticated Key Exchange from Ideal Lattices. In Elisabeth Oswald and Marc Fischlin, editors, Advances in Cryptology – EUROCRYPT 2015, Part II, volume 9057 of Lecture Notes in Computer Science, pages 719–751. April 2015. Springer, Heidelberg. DOI: 10.1007/978-3-662-46803-6_24

PDFPDF Open access

History
Submitted: 2024-03-14
Accepted: 2024-06-03
Published: 2024-07-08
How to cite

Nouri Alnahawi, Johannes Müller, Jan Oupický, and Alexander Wiesmaier, A Comprehensive Survey on Post-Quantum TLS. IACR Communications in Cryptology, vol. 1, no. 2, Jul 08, 2024, doi: 10.62056/ahee0iuc.

License

Copyright is held by the author(s)

This work is licensed under a Creative Commons Attribution (CC BY) license.