Security and Performance Analyses of Post-Quantum Digital Signature Algorithms and Their TLS and PKI Integrations

Security and Performance Analyses of Post-Quantum Digital Signature Algorithms and Their TLS and PKI Integrations

Quantum computing challenges the mathematical problems anchoring the security of the classical public key algorithms. For quantum-resistant public key algorithms, the National Institute of Standards and Technology (NIST) has undergone a multi-year standardization process and selected the post-quantu...

Full description

Saved in:
Bibliographic Details
Main Authors: Manohar Raavi, Qaiser Khan, Simeon Wuthier, Pranav Chandramouli, Yaroslav Balytskyi, Sang-Yoon Chang
Format: Article
Language:English
Published: MDPI AG 2025-06-01
Series:Cryptography
Subjects:
quantum-resistant cryptography
post-quantum cryptography
public key cryptography
digital signature algorithms
security analysis
performance analysis
Online Access:https://www.mdpi.com/2410-387X/9/2/38
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Quantum computing challenges the mathematical problems anchoring the security of the classical public key algorithms. For quantum-resistant public key algorithms, the National Institute of Standards and Technology (NIST) has undergone a multi-year standardization process and selected the post-quantum cryptography (PQC) public key digital signatures of Dilithium, Falcon, and SPHINCS<sup>+</sup>. Finding common ground to compare these algorithms can be difficult because of their design differences, including the fundamental math problems (lattice-based vs. hash-based). We use a visualization model to show the key/signature size vs. security trade-offs for all PQC algorithms. Our performance analyses compare the algorithms’ computational loads in the execution time. Building on the individual algorithms’ analyses, we analyze the communication costs and implementation overheads when integrated with Public Key Infrastructure (PKI) and with Transport Layer Security (TLS) and Transmission Control Protocol (TCP)/Internet Protocol (IP). Our results show that the lattice-based algorithms of Dilithium and Falcon induce lower computational overheads than the hash-based algorithms of SPHINCS<sup>+</sup>. In addition, the lattice-based PQC can outperform the classical algorithm with comparable security strength; for example, Dilithium 2 and Falcon 512 outperform RSA 4096 in the TLS handshake time duration.
ISSN:2410-387X

Similar Items