Implementing and Measuring KEMTLS

Abstract

KEMTLS is a novel alternative to the Transport Layer Security (TLS) handshake that integrates post-quantum algorithms. It uses key encapsulation mechanisms (KEMs) for both confidentiality and authentication, achieving post-quantum security while obviating the need for expensive post-quantum signatures. The original KEMTLS paper presents a security analysis, Rust implementation, and benchmarks over emulated networks. In this work, we provide full Go implementations of KEMTLS and other post-quantum handshake alternatives, describe their integration into a distributed system, and provide performance evaluations over real network conditions. We compare the standard (non-quantum-resistant) TLS 1.3 handshake with three alternatives: one that uses post-quantum signatures in combination with post-quantum KEMs (PQTLS), one that uses KEMTLS, and one that is a reduced round trip version of KEMTLS (KEMTLS-PDK). In addition to the performance evaluations, we discuss how the design of these protocols impacts TLS from an implementation and configuration perspective.

Citation

@inproceedings{celi_latincrypt2021,
  author = {Sofía Celi and
            Armando Faz-Hernández and
            Nick Sullivan and
            Goutam Tamvada and
            Luke Valenta and
            Thom Wiggers and
            Bas Westerbaan and
            Christopher A. Wood},
  title = {Implementing and Measuring KEMTLS},
  booktitle = {Progress in Cryptology - LATINCRYPT 2021 - 7th International Conference on Cryptology and Information Security in Latin America, Bogotá, Colombia, October 6-8, 2021, Proceedings},
  editor = {Longa, Patrick and Ràfols, Carla},
  publisher = {Springer International Publishing},
  address = {Bogotá, Colombia},
  isbn = {978-3-030-88238-9},
  pages = {88--107},
  year = {2021},
  month = {oct},
  doi = {10.1007/978-3-030-88238-9_5}
}