Cloudflare Research logo

Measuring TLS key exchange with post-quantum KEM

Krzysztof Kwiatkowski, Nick Sullivan, Adam Langley, Dave Levin, Alan Mislove
Workshop Record of the Second PQC Standardization Conference. 2019.
read this publication ↗


NIST is in the process of selecting new post-quantum cryptographic algorithms that are secure against both quantum (PQ) and classical computers. NIST has selected a few candidates from among all submissions for further consideration and study.
Our goal is to understand how these algorithms act when used by real clients over real networks, particularly candidate algorithms with a significant difference in public-key or ciphertext sizes. Our focus is on how different key sizes affect handshake time in the context of Transport Layer Security (TLS) as used on the web in HTTPS. Our two primary candidates are NTRU-based HRSS and isogeny-based SIKE. The following table shows a few characteristics for both algorithms. Performance characteristics are from running the BoringSSL speed test on an Intel Skylake CPU.

Research Areas

Cryptography, Network Security, Internet Measurement

Related Projects

Post-quantum Cryptography