Security and Performance Analyses of Post-Quantum Digital Signature Algorithms and Their TLS and PKI Integrations
Quantum computing challenges the mathematical problems anchoring the security of the classical public key algorithms. For quantum-resistant public key algorithms, the National Institute of Standards and Technology (NIST) has undergone a multi-year standardization process and selected the post-quantu...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-06-01
|
| Series: | Cryptography |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2410-387X/9/2/38 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850156218773929984 |
|---|---|
| author | Manohar Raavi Qaiser Khan Simeon Wuthier Pranav Chandramouli Yaroslav Balytskyi Sang-Yoon Chang |
| author_facet | Manohar Raavi Qaiser Khan Simeon Wuthier Pranav Chandramouli Yaroslav Balytskyi Sang-Yoon Chang |
| author_sort | Manohar Raavi |
| collection | DOAJ |
| description | Quantum computing challenges the mathematical problems anchoring the security of the classical public key algorithms. For quantum-resistant public key algorithms, the National Institute of Standards and Technology (NIST) has undergone a multi-year standardization process and selected the post-quantum cryptography (PQC) public key digital signatures of Dilithium, Falcon, and SPHINCS<sup>+</sup>. Finding common ground to compare these algorithms can be difficult because of their design differences, including the fundamental math problems (lattice-based vs. hash-based). We use a visualization model to show the key/signature size vs. security trade-offs for all PQC algorithms. Our performance analyses compare the algorithms’ computational loads in the execution time. Building on the individual algorithms’ analyses, we analyze the communication costs and implementation overheads when integrated with Public Key Infrastructure (PKI) and with Transport Layer Security (TLS) and Transmission Control Protocol (TCP)/Internet Protocol (IP). Our results show that the lattice-based algorithms of Dilithium and Falcon induce lower computational overheads than the hash-based algorithms of SPHINCS<sup>+</sup>. In addition, the lattice-based PQC can outperform the classical algorithm with comparable security strength; for example, Dilithium 2 and Falcon 512 outperform RSA 4096 in the TLS handshake time duration. |
| format | Article |
| id | doaj-art-d533dd96d11348eb816dae46118bcade |
| institution | OA Journals |
| issn | 2410-387X |
| language | English |
| publishDate | 2025-06-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Cryptography |
| spelling | doaj-art-d533dd96d11348eb816dae46118bcade2025-08-20T02:24:38ZengMDPI AGCryptography2410-387X2025-06-01923810.3390/cryptography9020038Security and Performance Analyses of Post-Quantum Digital Signature Algorithms and Their TLS and PKI IntegrationsManohar Raavi0Qaiser Khan1Simeon Wuthier2Pranav Chandramouli3Yaroslav Balytskyi4Sang-Yoon Chang5Department of Computer Science, College of Computing and Software Engineering, Kennesaw State University, Marietta, GA 30060, USADepartment of Computer Science, University of Colorado Colorado Springs, Colorado Springs, CO 80918, USADepartment of Computer Science, University of Colorado Colorado Springs, Colorado Springs, CO 80918, USADepartment of Computer Science, University of Colorado Colorado Springs, Colorado Springs, CO 80918, USADepartment of Computer Science, University of Colorado Colorado Springs, Colorado Springs, CO 80918, USADepartment of Computer Science, University of Colorado Colorado Springs, Colorado Springs, CO 80918, USAQuantum computing challenges the mathematical problems anchoring the security of the classical public key algorithms. For quantum-resistant public key algorithms, the National Institute of Standards and Technology (NIST) has undergone a multi-year standardization process and selected the post-quantum cryptography (PQC) public key digital signatures of Dilithium, Falcon, and SPHINCS<sup>+</sup>. Finding common ground to compare these algorithms can be difficult because of their design differences, including the fundamental math problems (lattice-based vs. hash-based). We use a visualization model to show the key/signature size vs. security trade-offs for all PQC algorithms. Our performance analyses compare the algorithms’ computational loads in the execution time. Building on the individual algorithms’ analyses, we analyze the communication costs and implementation overheads when integrated with Public Key Infrastructure (PKI) and with Transport Layer Security (TLS) and Transmission Control Protocol (TCP)/Internet Protocol (IP). Our results show that the lattice-based algorithms of Dilithium and Falcon induce lower computational overheads than the hash-based algorithms of SPHINCS<sup>+</sup>. In addition, the lattice-based PQC can outperform the classical algorithm with comparable security strength; for example, Dilithium 2 and Falcon 512 outperform RSA 4096 in the TLS handshake time duration.https://www.mdpi.com/2410-387X/9/2/38quantum-resistant cryptographypost-quantum cryptographypublic key cryptographydigital signature algorithmssecurity analysisperformance analysis |
| spellingShingle | Manohar Raavi Qaiser Khan Simeon Wuthier Pranav Chandramouli Yaroslav Balytskyi Sang-Yoon Chang Security and Performance Analyses of Post-Quantum Digital Signature Algorithms and Their TLS and PKI Integrations Cryptography quantum-resistant cryptography post-quantum cryptography public key cryptography digital signature algorithms security analysis performance analysis |
| title | Security and Performance Analyses of Post-Quantum Digital Signature Algorithms and Their TLS and PKI Integrations |
| title_full | Security and Performance Analyses of Post-Quantum Digital Signature Algorithms and Their TLS and PKI Integrations |
| title_fullStr | Security and Performance Analyses of Post-Quantum Digital Signature Algorithms and Their TLS and PKI Integrations |
| title_full_unstemmed | Security and Performance Analyses of Post-Quantum Digital Signature Algorithms and Their TLS and PKI Integrations |
| title_short | Security and Performance Analyses of Post-Quantum Digital Signature Algorithms and Their TLS and PKI Integrations |
| title_sort | security and performance analyses of post quantum digital signature algorithms and their tls and pki integrations |
| topic | quantum-resistant cryptography post-quantum cryptography public key cryptography digital signature algorithms security analysis performance analysis |
| url | https://www.mdpi.com/2410-387X/9/2/38 |
| work_keys_str_mv | AT manoharraavi securityandperformanceanalysesofpostquantumdigitalsignaturealgorithmsandtheirtlsandpkiintegrations AT qaiserkhan securityandperformanceanalysesofpostquantumdigitalsignaturealgorithmsandtheirtlsandpkiintegrations AT simeonwuthier securityandperformanceanalysesofpostquantumdigitalsignaturealgorithmsandtheirtlsandpkiintegrations AT pranavchandramouli securityandperformanceanalysesofpostquantumdigitalsignaturealgorithmsandtheirtlsandpkiintegrations AT yaroslavbalytskyi securityandperformanceanalysesofpostquantumdigitalsignaturealgorithmsandtheirtlsandpkiintegrations AT sangyoonchang securityandperformanceanalysesofpostquantumdigitalsignaturealgorithmsandtheirtlsandpkiintegrations |