The Impact of Quantum-Safe Cryptography (QSC) on Website Response

TL;DR

This study evaluates the performance impact of NIST's Quantum-Safe Cryptography algorithms on website response times, demonstrating their efficiency under various network conditions and advocating for their adoption to enhance data security against quantum threats.

Contribution

It provides empirical performance analysis of QSC algorithms in real-world web scenarios, offering a framework for validating their efficacy and encouraging adoption.

Findings

QSC algorithms outperform classical encryption under normal and congested networks.

Total download times improve for larger files with QSC.

QSC performs better under high latency and packet loss conditions.

Abstract

Modern web traffic relies on 2048-bit RSA encryption to secure our data in transit. Rapid advances in Quantum Computing pose a grave challenge by allowing hackers to break this encryption in hours. In August of 2024, the National Institute of Standards and Technology published Quantum-Safe Cryptography (QSC) standards, including CRYSTALS-Kyber for general encryption and CRYSTALS-Dilithium, FALCON, and SPHINCS+ for digital signatures. Despite this proactive approach, the slow adoption of encryption protocols remains a concern, leaving a significant portion of data vulnerable to interception. In this context, this study aims to evaluate the impact of NIST's Quantum-Resistant Cryptographic Algorithms on website response times, particularly focusing on SSL handshake time and total download time under varying network conditions. By assessing the performance of these algorithms, this research seeks to provide empirical evidence and a reusable framework for validating the efficacy of QSC in real-world scenarios. It was found that the QSC algorithms outperformed the classical algorithm under normal and congested network conditions. There was also found to be an improvement in the total download time for larger file sizes, and a better performance by QSC under higher latency and packet loss conditions. Therefore, this study recommends that websites switch to QSC when the standards are ratified. These insights are crucial for accelerating the adoption of QSC and ensuring the security of data in the face of quantum computing threats.