Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Layered Performance Analysis of TLS 1.3 Handshakes: Classical, Hybrid, and Pure Post-Quantum Key Exchange

David Gómez-Cambronero, Daniel Munteanu, Ana Isabel González-Tablas

TL;DR

This paper proposes a laboratory architecture that emulates a real-world setup in which a load test of up to 100 transactions per second is sent to a load balancer, which in turn forwards them to a backend server that returns the responses.

Abstract

In this paper, we present a laboratory study focused on the impact of post-quantum cryptography (PQC) algorithms on multiple layers of stateful HTTP over TLS transactions: the TCP handshake, the intermediate TCP-TLS layer, the TLS handshake, the intermediate TLS layer, and the HTTP application layer. To this end, we propose a laboratory architecture that emulates a real-world setup in which a load test of up to 100 transactions per second is sent to a load balancer, which in turn forwards them to a backend server that returns the responses. Each set of tests is executed using the TLS 1.3 key exchange groups as follows: traditional (or non-PQC), hybrid PQC and pure PQC. Each set of tests also varied the backend response size. Across more than thirty experiments, we performed data reduction and statistical analysis for each layer, to determine the specific impact of each algorithm (PQC and traditional) at every stage of the HTTP-over-TLS transaction.

Layered Performance Analysis of TLS 1.3 Handshakes: Classical, Hybrid, and Pure Post-Quantum Key Exchange

TL;DR

This paper proposes a laboratory architecture that emulates a real-world setup in which a load test of up to 100 transactions per second is sent to a load balancer, which in turn forwards them to a backend server that returns the responses.

Abstract

In this paper, we present a laboratory study focused on the impact of post-quantum cryptography (PQC) algorithms on multiple layers of stateful HTTP over TLS transactions: the TCP handshake, the intermediate TCP-TLS layer, the TLS handshake, the intermediate TLS layer, and the HTTP application layer. To this end, we propose a laboratory architecture that emulates a real-world setup in which a load test of up to 100 transactions per second is sent to a load balancer, which in turn forwards them to a backend server that returns the responses. Each set of tests is executed using the TLS 1.3 key exchange groups as follows: traditional (or non-PQC), hybrid PQC and pure PQC. Each set of tests also varied the backend response size. Across more than thirty experiments, we performed data reduction and statistical analysis for each layer, to determine the specific impact of each algorithm (PQC and traditional) at every stage of the HTTP-over-TLS transaction.
Paper Structure (25 sections, 2 equations, 9 figures, 5 tables)

This paper contains 25 sections, 2 equations, 9 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. PQC Standardization and Migration Context
  4. TLS 1.3
  5. PQC Deployment in TLS
  6. Performance Studies and contribution of this work
  7. Methodology and Experimental Setup
  8. Objective
  9. Environment Configuration
  10. Metrics and Data Collection
  11. Data Reduction from Packet Captures
  12. Algorithmic Configurations
  13. Monitoring and Visualization
  14. Reproducibility and Limitations
  15. Results and Discussion
  16. ...and 10 more sections

Figures (9)

  • Figure 1: TLS 1.3 full handshake over TCP with 1-RTT key exchange. Note: this study focuses on the 1-RTT full handshake mode (no 0-RTT early data, no session resumption) to measure the unmitigated impact of PQC on initial connection establishment.
  • Figure 2: Test bed architecture. Three VMs connected via local networking: the CyPerf client agent injects HTTPS traffic at 100 TPS towards Nginx (TLS termination with OQS), which proxies plain HTTP to the CyPerf backend agent. The key exchange group and response body size are independently controlled by CyPerf. The captured pcap files and TLS key logs are processed by the data-reduction script to extract per-layer latency statistics.
  • Figure 3: End-to-end latency decomposition by protocol layer (backend 4 KB). Left: p50 (median). Right: p95 (tail). Abbreviations: Hyb-512 = x25519_MLKEM512, Hyb-768 = x25519_MLKEM768, ML-512 = MLKEM512, ML-1024 = MLKEM1024.
  • Figure 4: TCP-to-TLS delay (SYN-ACK to ClientHello): full percentile profile per algorithm (backend 4 KB). Abbreviations: Hyb-512 = x25519_MLKEM512, Hyb-768 = x25519_MLKEM768, ML-512 = MLKEM512, ML-1024 = MLKEM1024.
  • Figure 5: TLS handshake latency (ClientHello to Finished) per algorithm (backend 4 KB). Abbreviations: Hyb-512 = x25519_MLKEM512, Hyb-768 = x25519_MLKEM768, ML-512 = MLKEM512, ML-1024 = MLKEM1024.
  • ...and 4 more figures