Post-Quantum TLS on Embedded Systems: Integrating and Evaluating Kyber and SPHINCS+ with mbed TLS

We present our integration of post-quantum cryptography (PQC), more specifically of the post-quantum KEM scheme Kyber for key establishment and the post-quantum signature scheme SPHINCS+, into the embedded TLS library mbed TLS. We measure the performance of these post-quantum primitives on four different embedded platforms with three different ARM processors and an Xtensa LX6 processor. Furthermore, we compare the performance of our experimental PQC cipher suite to a classical TLS variant using elliptic curve cryptography (ECC). Post-quantum key establishment and signature schemes have been either integrated into TLS or ported to embedded devices before. However, to the best of our knowledge, we are the first to combine TLS, post-quantum schemes, and embedded systems and to measure and evaluate the performance of post-quantum TLS on embedded platforms. Our results show that post-quantum key establishment with Kyber performs well in TLS on embedded devices compared to ECC variants. The use of SPHINCS+ signatures comes with certain challenges in terms of signature size and signing time, which mainly affects the use of embedded systems as PQC-TLS server but does not necessarily prevent embedded systems to act as PQC-TLS clients.

[1]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[2]  Erdem Alkim,et al.  NewHope on ARM Cortex-M , 2016, SPACE.

[4]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[5]  Tim Güneysu,et al.  Evaluation of Lattice-Based Signature Schemes in Embedded Systems , 2018, 2018 25th IEEE International Conference on Electronics, Circuits and Systems (ICECS).

[6]  Tim Güneysu,et al.  Implementing the NewHope-Simple Key Exchange on Low-Cost FPGAs , 2017, LATINCRYPT.

[7]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[8]  Scott R. Fluhrer,et al.  SPHINCS + Submission to the NIST post-quantum project , 2017 .

[9]  Michael Devetsikiotis,et al.  Post-Quantum Authentication in TLS 1.3: A Performance Study , 2020, IACR Cryptol. ePrint Arch..

[10]  Zhe Liu,et al.  High-Performance Ideal Lattice-Based Cryptography on 8-Bit AVR Microcontrollers , 2017, ACM Trans. Embed. Comput. Syst..

[11]  Damien Stehlé,et al.  CRYSTALS - Kyber: A CCA-Secure Module-Lattice-Based KEM , 2017, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[12]  Peter Schwabe,et al.  Software Speed Records for Lattice-Based Signatures , 2013, PQCrypto.

[13]  Leslie Lamport,et al.  Constructing Digital Signatures from a One Way Function , 2016 .

[14]  Peter Schwabe,et al.  ARMed SPHINCS - Computing a 41KB signature in 16KB of RAM , 2015, IACR Cryptol. ePrint Arch..

[15]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[16]  Craig Costello,et al.  Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem , 2015, 2015 IEEE Symposium on Security and Privacy.

[17]  Peter Schwabe,et al.  SPHINCS: Practical Stateless Hash-Based Signatures , 2015, EUROCRYPT.

[18]  Tim Güneysu,et al.  High-Performance Ideal Lattice-Based Cryptography on 8-Bit ATxmega Microcontrollers , 2015, LATINCRYPT.

[19]  Tim Güneysu,et al.  Beyond ECDSA and RSA: Lattice-based digital signatures on constrained devices , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[20]  Christian Paquin,et al.  Benchmarking Post-Quantum Cryptography in TLS , 2020, IACR Cryptol. ePrint Arch..

[21]  Martin Rötteler,et al.  Post-Quantum Cryptography , 2015, Lecture Notes in Computer Science.

[22]  Bo-Yin Yang,et al.  Postquantum SSL/TLS for Embedded Systems , 2014, 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications.

[23]  Miklós Ajtai,et al.  Generating hard instances of lattice problems (extended abstract) , 1996, STOC '96.

[24]  Chen-Mou Cheng,et al.  High Performance Post-Quantum Key Exchange on FPGAs , 2021, J. Inf. Sci. Eng..

[25]  Peter Schwabe,et al.  Memory-Efficient High-Speed Implementation of Kyber on Cortex-M4 , 2019, IACR Cryptol. ePrint Arch..

[26]  Tim Güneysu,et al.  Standard Lattice-Based Key Encapsulation on Embedded Devices , 2018, IACR Cryptol. ePrint Arch..