Network Impact of Post-Quantum Certificate Chain sizes on Time to First Byte in TLS Deployments

TL;DR

This study assesses how post-quantum cryptography impacts TLS latency, focusing on certificate chain sizes and network optimizations to maintain acceptable time to first byte in real-world CDN scenarios.

Contribution

It evaluates the latency effects of large post-quantum certificate chains and compares size reduction techniques like Merkle Tree Certificates and CDN optimizations.

Findings

Merkle Tree Certificates support 2-3x larger certificate chains.

CDN-based size optimizations support up to 1.6x larger chains.

Latency increases are linked to certificate chain size exceeding flight limits.

Abstract

Post-Quantum Cryptography (PQC) is a rapidly growing deployment challenge as cryptographically relevant quantum computers (CRQC) continue to advance, leaving traditional cryptographic algorithms used in X.509 vulnerable to attack. However, PQC introduces significant deployment challenges in real-world networks, with handshake sizes increasing from 5x to over 20x compared to classical algorithms. In this work, we evaluate the time to first byte (TTFB) under CDN-focused TLS conditions to characterize the latency cost of transitioning existing internet infrastructure to quantum-safe certificate schemes. We observe discrete increases in TTFB as certificate chain sizes exceed transport layer data flight limits. To isolate the impact of certificate chains, we evaluate both ECDSA and ML-DSA-based certificate schemes, generating similarly sized certificate chains through controlled addition of certificate extensions. We additionally examine how CDN properties such as session resumption, certificate size optimizations, and geographical distribution reduce latency penalties. We utilize Zeek-monitored TLS traffic through a High-Performance Computing System (NCSA) with terabyte network connectivity across the nation to quantify real-world session resumption rates. We compare CDN-driven size optimization with Merkle Tree Certificates (MTC) to examine how size reductions allow certificate chains to remain under the flight limit threshold. We find that MTC allows for 2x-3x increase in supportable certificate chain size, whereas CDN-based optimizations yield more limited reductions, supporting up to approximately 1.6x certificate chain size increase.