Performance Evaluation of Post-Quantum TLS 1.3 on Embedded Systems

Transport Layer Security (TLS) constitutes one of the most widely used protocols for securing Internet communication and has found broad acceptance also in the Internet of Things (IoT) domain. As we progress towards a security environment resistant against quantum computer attacks, TLS needs to be transformed in order to support post-quantum cryptography schemes. However, post-quantum TLS is still not standardized and its overall performance, especially in resource constrained, IoT capable, embedded devices is not well understood. In this paper, we evaluate the time, memory and energy requirements of a post-quantum variant of TLS version 1.3 (PQ TLS 1.3), by integrating the pqm4 library implementations of NIST round 3 post-quantum algorithms Kyber, Saber, Dilithium and Falcon into the popular wolfSSL TLS 1.3 library. In particular, our experiments focus on low end, resource constrained embedded devices manifested in the ARM Cortex-M4 embedded platform NUCLEO-F439ZI (with hardware cryptographic accelerator) and NUCLEO-F429ZI (without hardware cryptographic accelerator) boards. These two boards only provide 180MHz clock rate, 2 MB Flash Memory and 256 KB SRAM. To the authors’ knowledge this is the first thorough time delay, memory usage and energy consumption PQ TLS 1.3 evaluation using the NIST round 3 finalist algorithms for resource constrained embedded systems with and without cryptography hardware acceleration. The paper’s results show that the post-quantum signatures Dilithium and Falcon and post-quantum KEMs Kyber and Saber perform in general well in TLS 1.3 on embedded devices in terms of both TLS handshake time and energy consumption. There is no significant difference between the TLS handshake time of Kyber and Saber; However, the handshake time with Falcon is much lower than that with Dilithium. In addition, hardware cryptographic accelerator for symmetric-key primitives improves the performances of TLS handshake time by about 6% on the client side and even by 19% on the server side, on high security levels.

[1]  Ruben Niederhagen,et al.  Mixed Certificate Chains for the Transition to Post-Quantum Authentication in TLS 1.3 , 2022, IACR Cryptol. ePrint Arch..

[2]  Michael Devetsikiotis,et al.  Assessing the overhead of post-quantum cryptography in TLS 1.3 and SSH , 2020, CoNEXT.

[3]  Narseo Vallina-Rodriguez,et al.  Tracking the deployment of TLS 1.3 on the web , 2020, Comput. Commun. Rev..

[4]  Ward Beullens,et al.  Improved Cryptanalysis of UOV and Rainbow , 2020, IACR Cryptol. ePrint Arch..

[5]  John C. Platt,et al.  Quantum supremacy using a programmable superconducting processor , 2019, Nature.

[6]  Peter Schwabe,et al.  pqm4: Testing and Benchmarking NIST PQC on ARM Cortex-M4 , 2019, IACR Cryptol. ePrint Arch..

[7]  Frederik Vercauteren,et al.  Saber: Module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM , 2018, IACR Cryptol. ePrint Arch..

[8]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[9]  Damien Stehlé,et al.  CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[10]  Damien Stehlé,et al.  CRYSTALS - Kyber: A CCA-Secure Module-Lattice-Based KEM , 2017, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[11]  Narseo Vallina-Rodriguez,et al.  Studying TLS Usage in Android Apps , 2018, ANRW.

[12]  Douglas Stebila,et al.  Post-quantum Key Exchange for the Internet and the Open Quantum Safe Project , 2016, SAC.

[13]  Morris J. Dworkin,et al.  SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions , 2015 .

[14]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[15]  Paul E. Hoffman,et al.  SMTP Service Extension for Secure SMTP over Transport Layer Security , 2002, RFC.

[16]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.