Integrating and Benchmarking KpqC in TLS/X.509
(2025) In Electronics (Switzerland) 14(18).- Abstract
Advances in quantum computing pose a fundamental threat to classical public-key cryptosystems, including RSA and elliptic-curve cryptography (ECC), which form the foundation for authentication and key exchange in the Transport Layer Security (TLS) protocol. In response to these emerging threats, Korea launched the KpqC (Korea Post-Quantum Cryptography) project in 2021 to design, evaluate, and standardize domestic PQC algorithms. To the best of our knowledge, this is the first systematic evaluation of the finalized Korean PQC algorithms (HAETAE, AIMer, SMAUG-T, NTRU+) within a production-grade TLS/X.509 stack, enabling direct comparison against NIST PQC and ECC baselines. To contextualize KpqC performance, we further compare against... (More)
Advances in quantum computing pose a fundamental threat to classical public-key cryptosystems, including RSA and elliptic-curve cryptography (ECC), which form the foundation for authentication and key exchange in the Transport Layer Security (TLS) protocol. In response to these emerging threats, Korea launched the KpqC (Korea Post-Quantum Cryptography) project in 2021 to design, evaluate, and standardize domestic PQC algorithms. To the best of our knowledge, this is the first systematic evaluation of the finalized Korean PQC algorithms (HAETAE, AIMer, SMAUG-T, NTRU+) within a production-grade TLS/X.509 stack, enabling direct comparison against NIST PQC and ECC baselines. To contextualize KpqC performance, we further compare against NIST-standardized PQC algorithms and classical ECC baselines. Our evaluation examines both static overhead (certificate size) and dynamic overhead (TLS 1.3 handshake latency) across computation-bound (localhost) and network-bound (LAN) scenarios, including embedded device and hybrid TLS configurations. Our results show that KpqC certificates are approximately 4.6–48.8× larger than ECC counterparts and generally exceed NIST PQC sizes. In computation-bound tests, both NIST PQC (ML-KEM) and KpqC hybrids exhibited similar handshake latency increases of approximately 8–9× relative to ECC. In network-bound tests, the difference between the two families was negligible, with relative overhead typically around 30–41%. These findings offer practical guidance for balancing security level, key size, packet size, and latency and support phased PQC migration strategies in real-world TLS deployments.
(Less)
- author
- Sim, Minjoo ; Song, Gyeongju ; Eum, Siwoo ; Lee, Minwoo ; Yoon, Seyoung ; Baksi, Anubhab LU and Seo, Hwajeong
- organization
- publishing date
- 2025-09
- type
- Contribution to journal
- publication status
- published
- subject
- keywords
- KpqC algorithms, post-quantum cryptography, TLS/X.509 integration
- in
- Electronics (Switzerland)
- volume
- 14
- issue
- 18
- article number
- 3717
- publisher
- MDPI AG
- external identifiers
-
- scopus:105017432317
- ISSN
- 2079-9292
- DOI
- 10.3390/electronics14183717
- language
- English
- LU publication?
- yes
- id
- 5505b944-4ef9-480b-9a8e-72d482798d06
- date added to LUP
- 2025-11-27 11:59:28
- date last changed
- 2025-11-27 12:00:26
@article{5505b944-4ef9-480b-9a8e-72d482798d06,
abstract = {{<p>Advances in quantum computing pose a fundamental threat to classical public-key cryptosystems, including RSA and elliptic-curve cryptography (ECC), which form the foundation for authentication and key exchange in the Transport Layer Security (TLS) protocol. In response to these emerging threats, Korea launched the KpqC (Korea Post-Quantum Cryptography) project in 2021 to design, evaluate, and standardize domestic PQC algorithms. To the best of our knowledge, this is the first systematic evaluation of the finalized Korean PQC algorithms (HAETAE, AIMer, SMAUG-T, NTRU+) within a production-grade TLS/X.509 stack, enabling direct comparison against NIST PQC and ECC baselines. To contextualize KpqC performance, we further compare against NIST-standardized PQC algorithms and classical ECC baselines. Our evaluation examines both static overhead (certificate size) and dynamic overhead (TLS 1.3 handshake latency) across computation-bound (localhost) and network-bound (LAN) scenarios, including embedded device and hybrid TLS configurations. Our results show that KpqC certificates are approximately 4.6–48.8× larger than ECC counterparts and generally exceed NIST PQC sizes. In computation-bound tests, both NIST PQC (ML-KEM) and KpqC hybrids exhibited similar handshake latency increases of approximately 8–9× relative to ECC. In network-bound tests, the difference between the two families was negligible, with relative overhead typically around 30–41%. These findings offer practical guidance for balancing security level, key size, packet size, and latency and support phased PQC migration strategies in real-world TLS deployments.</p>}},
author = {{Sim, Minjoo and Song, Gyeongju and Eum, Siwoo and Lee, Minwoo and Yoon, Seyoung and Baksi, Anubhab and Seo, Hwajeong}},
issn = {{2079-9292}},
keywords = {{KpqC algorithms; post-quantum cryptography; TLS/X.509 integration}},
language = {{eng}},
number = {{18}},
publisher = {{MDPI AG}},
series = {{Electronics (Switzerland)}},
title = {{Integrating and Benchmarking KpqC in TLS/X.509}},
url = {{http://dx.doi.org/10.3390/electronics14183717}},
doi = {{10.3390/electronics14183717}},
volume = {{14}},
year = {{2025}},
}