Abstract
Post-quantum ciphers (PQC) are designed to replace the current public-key ciphers which are vulnerable against the quantum-equipped adversaries, e.g., RSA. We study the incorporation of the PQC algorithms into the QUIC and TCP/TLS networking protocols and analyze the performances and overheads in authentication and connection establishment. To distinguish from previous research, we focus on the newer QUIC networking protocol while comparing it with TCP/TLS. The QUIC protocol builds on UDP and its superiority over TCP/TLS is highlighted by the quicker and lower-overhead connection establishments. QUIC is thus gaining wider deployment, including its planned standardization for HTTP/3. We implement and experiment in local networking environment which provides greater analyzability and control. We compare QUIC vs. TCP/TLS when using PQC and measure the handshake overhead in time duration while varying both the PQC security strength and the networking conditions. Our results show that the PQC overhead increases with the PQC cipher security strength (the key and signature sizes) and as the network condition worsens (greater occurrences of packet dropping). Comparing between the PQC and the classical cipher with comparable security strengths, the PQC ciphers outperform RSA in the handshake time duration; both Dilithium 2 and Falcon 512 handshakes are quicker than RSA 3072.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
lsquic github. https://github.com/litespeedtech/lsquic. Accessed 18 Apr 2022
NIST-call for proposals. https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/call-for-proposals-final-dec-2016.pdf. Accessed 18 Apr 2022
Percentage of https (TLS) encrypted traffic on the internet? https://etherealmind.com/percentage-of-https-tls-encrypted-traffic-on-the-internet/. Accessed 10 Nov 2021
Alagic, G., et al.: Status report on the third round of the NIST post-quantum cryptography standardization process. US Department of Commerce, NIST (2022)
Bider, D.: Use of RSA keys with SHA-256 and SHA-512 in the Secure Shell (SSH) protocol. RFC 8332, March 2018. https://doi.org/10.17487/RFC8332, https://www.rfc-editor.org/info/rfc8332
Bishop, M.: Hypertext Transfer Protocol Version 3 (HTTP/3). Internet-Draft draft-ietf-quic-http-34, Internet Engineering Task Force, February 2021. https://datatracker.ietf.org/doc/html/draft-ietf-quic-http-34, work in Progress
Ducas, L., et al.: Crystals-dilithium: a lattice-based digital signature scheme. IACR Trans. Cryptogr. Hardware Embedded Syst., 238–268 (2018)
Fouque, P.A., et al.: Falcon: fast-Fourier lattice-based compact signatures over NTRU. Submission to the NIST’s post-quantum cryptography standardization process (2018)
Frankel, S., Krishnan, S.: IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap. RFC 6071, February 2011. https://doi.org/10.17487/RFC6071, https://www.rfc-editor.org/info/rfc6071
Iyengar, J., Thomson, M.: QUIC: a UDP-based multiplexed and secure transport. RFC 9000, May 2021. https://doi.org/10.17487/RFC9000, https://rfc-editor.org/rfc/rfc9000.txt
Kampanakis, P., Panburana, P., Daw, E., Van Geest, D.: The viability of post-quantum x. 509 certificates. IACR Cryptol. ePrint Arch. 2018, 63 (2018)
Langley, A., et al.: The QUIC transport protocol: design and internet-scale deployment. In: Proceedings of the Conference of the ACM Special Interest Group on Data Communication, pp. 183–196 (2017)
Raavi, M., Chandramouli, P., Wuthier, S., Zhou, X., Chang, S.Y.: Performance characterization of post-quantum digital certificates. In: 2021 International Conference on Computer Communications and Networks (ICCCN), pp. 1–9. IEEE (2021)
Raavi, M., Wuthier, S., Chandramouli, P., Balytskyi, Y., Zhou, X., Chang, S.-Y.: Security comparisons and performance analyses of post-quantum signature algorithms. In: Sako, K., Tippenhauer, N.O. (eds.) ACNS 2021. LNCS, vol. 12727, pp. 424–447. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-78375-4_17
Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446, August 2018. https://doi.org/10.17487/RFC8446, https://www.rfc-editor.org/info/rfc8446
Seufert, M., Schatz, R., Wehner, N., Gardlo, B., Casas, P.: Is QUIC becoming the new TCP? On the potential impact of a new protocol on networked multimedia QoE. In: 2019 Eleventh International Conference on Quality of Multimedia Experience (QoMEX), pp. 1–6. IEEE (2019)
Sikeridis, D., Kampanakis, P., Devetsikiotis, M.: Post-quantum authentication in TLS 1.3: a performance study. IACR Cryptol. ePrint Arch. 2020, 71 (2020)
Stebila, D., Mosca, M.: Post-quantum key exchange for the internet and the open quantum safe project. In: Avanzi, R., Heys, H. (eds.) SAC 2016. LNCS, vol. 10532, pp. 14–37. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69453-5_2
Yu, Y., Xu, M., Yang, Y.: When QUIC meets TCP: an experimental study. In: 2017 IEEE 36th International Performance Computing and Communications Conference (IPCCC), pp. 1–8. IEEE (2017)
Acknowledgement
This material is based upon work supported by the National Science Foundation under Grant No. 1922410 and by a grant from the U.S. Civilian Research & Development Foundation (CRDF Global).
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Raavi, M., Wuthier, S., Chandramouli, P., Zhou, X., Chang, SY. (2022). QUIC Protocol with Post-quantum Authentication. In: Susilo, W., Chen, X., Guo, F., Zhang, Y., Intan, R. (eds) Information Security. ISC 2022. Lecture Notes in Computer Science, vol 13640. Springer, Cham. https://doi.org/10.1007/978-3-031-22390-7_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-22390-7_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-22389-1
Online ISBN: 978-3-031-22390-7
eBook Packages: Computer ScienceComputer Science (R0)