Layered Performance Analysis of TLS 1.3 Handshakes: Classical, Hybrid, and Pure Post-Quantum Key Exchange

TL;DR

This study evaluates how post-quantum cryptography algorithms affect the performance of TLS 1.3 handshakes across multiple network layers in a realistic load testing environment.

Contribution

It introduces a laboratory architecture for testing TLS 1.3 with traditional, hybrid, and pure PQC algorithms under realistic load conditions.

Findings

PQC algorithms impact handshake latency at various layers.

Hybrid PQC shows intermediate performance between traditional and pure PQC.

Performance variations depend on response size and specific layer analyzed.

Abstract

In this paper, we present a laboratory study focused on the impact of post-quantum cryptography (PQC) algorithms on multiple layers of stateful HTTP over TLS transactions: the TCP handshake, the intermediate TCP-TLS layer, the TLS handshake, the intermediate TLS layer, and the HTTP application layer. To this end, we propose a laboratory architecture that emulates a real-world setup in which a load test of up to 100 transactions per second is sent to a load balancer, which in turn forwards them to a backend server that returns the responses. Each set of tests is executed using the TLS 1.3 key exchange groups as follows: traditional (or non-PQC), hybrid PQC and pure PQC. Each set of tests also varied the backend response size. Across more than thirty experiments, we performed data reduction and statistical analysis for each layer, to determine the specific impact of each algorithm (PQC and traditional) at every stage of the HTTP-over-TLS transaction.