TLS1.3后量子安全迁移方案、实现和性能评测

本文分析了NIST量子安全标准化进程第二轮和中国密码算法设计竞赛获奖的格基后量子密码算法,并从性能、安全级别和消息长度等方面对它们进行了比较;探讨了将这些算法集成到TLS 1.3的可行性和途径,通过将后量子密钥封装算法和签名算法及其混合模式集成到标准TLS 1.3,我们实现了一个后量子安全TLS 1.3软件库,可以进行后量子安全握手以对抗量子对手.此外,我们构建了一个测试TLS 1.3协议在各种网络条件下性能的实验框架,允许我们独立控制链路延迟和丢包率等变量,隔离出单独的网络特性,从而在一台电脑上模拟客户机-服务器网络实验,检查各种后量子算法对建立TLS 1.3连接产生的影响.实验结果表明,TCP的分段机制可以保证具有超长公钥/密文/签名的后量子格基密码算法在TLS 1.3协议正常运行;尽管网络延迟会隐藏大部分后量子算法的性能差异,但是在高质量的链路上,计算速度是决定因素;当网络丢包率较大时,具有较短传输数据的后量子算法将展现出带宽优势.我们的实验结果也为在不同网络条件下如何选择后量子算法提供指导,有助于将后量子算法进一步标准化和将TLS 1.3向后量子安全发展和迁移.

Design,Implementation and Performance Evaluation of Migrating Post-quantum Safe Schemes to TLS1.3

This paper analyzes the lattice-based schemes selected into Round 2 candidates of NIST's standardization process for quantum-safe algorithms,and the lattice-based winners in Chinese Cryptographic Algorithm Design Competition,and compares their performance,security level,and message sizes.The feasibility and methods of integrating these algorithms into TLS 1.3 are discussed.This paper introduces an approach to safeguard TLS 1.3 to post quantum safe via integrating lattice based key encapsulation algorithms,signature algorithms and their hybrid mode schemes together.A software library of post quantum safe TLS 1.3 is implemented to conduct post quantum secure handshake protocol against quantum adversary.In addition,an experimental framework for testing such a TLS protocol under various network conditions is developed.It allows one to isolate the effect of individual network characteristics by independently controlling the variables such as link delay and packet loss rate,then examine the performance impact of various post quantum primitives on TLS connection establishment.The test results show that the TCP segmentation mechanism ensures the lattice-based schemes with long public key/ciphertext/signature to work correctly in TLS 1.3 protocol.Among the test results,a key observation is that,although network delay can hide most of the impact from post quantum algorithm with slow computation,the predominant factor is the cryptographic computation time over high-quality network link,and when the network packet loss rate is large,the post quantum algorithm with fewer data packets to transmit will get an advantage in bandwidth.The experimental results show the potential applications of post quantum algorithms under different network conditions,which helps further standardization of post quantum algorithms,and is beneficial to the development and migration to TLS 1.3 with post quantum security.