OpenSSLNTRU: Faster post-quantum TLS key exchange

by   Daniel J. Bernstein, et al.

Google's CECPQ1 experiment in 2016 integrated a post-quantum key-exchange algorithm, newhope1024, into TLS 1.2. The Google-Cloudflare CECPQ2 experiment in 2019 integrated a more efficient key-exchange algorithm, ntruhrss701, into TLS 1.3. This paper revisits the choices made in CECPQ2, and shows how to achieve higher performance for post-quantum key exchange in TLS 1.3 using a higher-security algorithm, sntrup761. Previous work had indicated that ntruhrss701 key generation was much faster than sntrup761 key generation, but this paper makes sntrup761 key generation much faster by generating a batch of keys at once. Batch key generation is invisible at the TLS protocol layer, but raises software-engineering questions regarding the difficulty of integrating batch key exchange into existing TLS libraries and applications. This paper shows that careful choices of software layers make it easy to integrate fast post-quantum software, including batch key exchange, into TLS with minor changes to TLS libraries and no changes to applications. As a demonstration of feasibility, this paper reports successful integration of its fast sntrup761 library, via a lightly patched OpenSSL, into an unmodified web browser and an unmodified TLS terminator. This paper also reports TLS 1.3 handshake benchmarks, achieving more TLS 1.3 handshakes per second than any software included in OpenSSL.



There are no comments yet.


page 23


Towards practical key exchange from ordinary isogeny graphs

We revisit the ordinary isogeny-graph based cryptosystems of Couveignes ...

A post-quantum key exchange protocol from the intersection of quadric surfaces

In this paper we present a key exchange protocol in which Alice and Bob ...

An Improvement of a Key Exchange Protocol Relying on Polynomial Maps

Akiyama et al. (Int. J. Math. Indust., 2019) proposed a post-quantum key...

Pre- and post-quantum Diffie-Hellman from groups, actions, and isogenies

Diffie-Hellman key exchange is at the foundations of public-key cryptogr...

Revisiting Deniability in Quantum Key Exchange via Covert Communication and Entanglement Distillation

We revisit the notion of deniability in quantum key exchange (QKE), a to...

QSOR: Quantum-Safe Onion Routing

In this work, we propose a study on the use of post-quantum cryptographi...

Zur Integration von Post-Quantum Verfahren in bestehende Softwareprodukte

Currently, PQC algorithms are being standardized to address the emerging...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.