Abstract
Quantum computing promises to build computers capable of solving complex problems much faster than today’s computers. This will benefit to many real-world applications such AI, machine learning, optimization problems, complex financial modelling, etc. Quantum computing will also have an impact on cryptology by allowing to break many public-key encryptions in use today. As a response to this threat the cryptography community is investigating Post-Quantum Cryptography (PQC). PQC provides encryption schemes that run on conventional computers and are believed to be secure against attacks from both classical and quantum computers. Such schemes are therefore called quantum-safe or quantum-resistant. In this work, we experiment with quantum-safe TLS to secure the communication for PostgreSQL which is an open source client-server database management system. In a client-server database, the database resides on a server, and client applications can access the database by sending requests to the server. These requests usually include requesting or modifying data. To establish a quantum-safe client-server communication, we first integrate quantum-safe TLS in PostgreSQL source code and evaluate connections between client and server. Our evaluation goal consists of measuring the overhead of TLS connections, especially when using quantum-safe algorithms. We experiment with different certificate chain lengths (from 0 to 4). Since NIST recommends applying hybrid schemes (combining both quantum-weak, i.e., current public-key crypto, and quantum-safe schemes) during the transition to quantum-safe algorithms, we also evaluate hybrid algorithms but first focus on lattice-based schemes (KYBER for key exchange and DILITHIUM for authentication) as they are believed to be the only TLS-ready alternative. Finally, we consider three security levels (128, 192, and 256), and evaluate both the running time and the bandwidth. Our results confirm that lattice-based schemes are promising, but come with significantly higher communication overhead.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
The C++ connector for PostgreSQL (2022). http://pqxx.org/development/libpqxx/
Beullens, W.: Improved cryptanalysis of UOV and rainbow. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12696, pp. 348–373. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77870-5_13
Beullens, W.: Breaking rainbow takes a weekend on a laptop. Cryptology ePrint Archive, Report 2022/214 (2022). https://ia.cr/2022/214
Boneh, D., Shoup, V.: A graduate course in applied cryptography (2017). https://crypto.stanford.edu/~dabo/cryptobook/
Chen, C., Danba, O., Hoffstein, J., et al.: NTRU algorithm speciffications and supporting documentation (2019). https://pq-crystals.org/kyber/data/kyber-specification-round3-20210804.pdf
D’Anvers, J., Karmakar, A., Roy, S.S., Vercauteren, F.: Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM. In: Proceedings of Progress in Cryptology - AFRICACRYPT 2018–10th International Conference on Cryptology in Africa, Marrakesh, Morocco, 7–9 May 2018, pp. 282–305 (2018). https://doi.org/10.1007/978-3-319-89339-6_16
Jao, D., Azarderakhsh, R., et al.: Supersingular isogeny key encapsulation (2020). https://sike.org/files/SIDH-spec.pdf
Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inform. Theory 22(6), 644–654 (1976)
Ding, J., Schmidt, D.: Rainbow, a new multivariable polynomial signature scheme. In: Proceedings of Applied Cryptography and Network Security, Third International Conference, ACNS 2005, New York, NY, USA, 7–10 June 2005, pp. 164–175 (2005). https://doi.org/10.1007/11496137_12
ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_2
Goldreich, O.: Foundations of Cryptography: Volume 2, Basic Applications. Cambridge University Press, New York (2004)
Aumasson, J.-P., Bernstein, D.J., et al.: SPHINCS+- submission to the 3rd round of the NIST post-quantum project (2020). https://sphincs.org/data/sphincs+-round3-specification.pdf
Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)
Koblitz, N., Menezes, A., Vanstone, S.A.: The state of elliptic curve cryptography. Des. Codes Cryptogr. 19(2/3), 173–193 (2000)
Ducas, L., Kiltz, E., Lepoint, T., et al.: Crystals-dilithium - algorithm specifications and supporting documentation (version 3.1) (2021). https://pq-crystals.org/dilithium/data/dilithium-specification-round3-20210208.pdf
Marzougui, S., Ulitzsch, V., Tibouchi, M., et al.: Profiling side-channel attacks on dilithium: A small bit-fiddling leak breaks it all. Cryptology ePrint Archive, Report 2022/106 (2022). https://ia.cr/2022/106
McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. The Deep Space Network Progress Report DSN PR 42-44. NASA (1978). https://tmo.jpl.nasa.gov/progress_report2/42-44/44N.PDF
NIST: Post-quantum cryptography (2016). https://csrc.nist.gov/projects/post-quantum-cryptography
NIST: Submission requirements and evaluation criteria for the post-quantum cryptography standardization process (2016). https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/call-for-proposals-final-dec-2016.pdf
NIST: Status report on the second round of the NIST post-quantum cryptography standardization process (2020). https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8309.pdf
NIST NCCoE: Migration to post-quantum cryptography project description draft (2021). https://www.nccoe.nist.gov/publications/project-description/migration-post-quantum-cryptography-project-description-draft
Ott, D., Peikert, C., et al.: Identifying research challenges in post quantum cryptography migration and cryptographic agility. CoRR abs/1909.07353 (2019). http://arxiv.org/abs/1909.07353
Paul, S., Kuzovkova, Y., Lahr, N., et al.: Mixed certificate chains for the transition to post-quantum authentication in TLS 1.3. Cryptology ePrint Archive, Report 2021/1447 (2021). https://ia.cr/2021/1447
Paul, S., Niethammer, M.: On the importance of cryptographic agility for industrial automation. at - Automatisierungstechnik 67(5), 402–416 (2019). https://doi.org/10.1515/auto-2019-0019. https://www.degruyter.com/document/doi/10.1515/auto-2019-0019/html
Paul, S., Scheible, P.: Towards post-quantum security for cyber-physical systems: integrating PQC into industrial M2M communication. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds.) ESORICS 2020. LNCS, vol. 12309, pp. 295–316. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-59013-0_15
Fouque, P.-A., Hoffstein, J., Kirchner, P., et al.: Falcon: fast-fourier lattice-based compact signatures over NTRU (2020). https://falcon-sign.info/falcon.pdf
Ravi, P., Jhanwar, M.P., Howe, J., et al.: Side-channel assisted existential forgery attack on Dilithium - a NIST PQC candidate. Cryptology ePrint Archive, Report 2018/821 (2018). https://ia.cr/2018/821
Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446, August 2018. 10.17487/RFC8446. https://www.rfc-editor.org/info/rfc8446
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Avanzi, R., Bos, J., Ducas, L., et al.: Crystals-kyber (version 3.02) - submission to round 3 of the NIST post-quantum project (2021). https://pq-crystals.org/kyber/data/kyber-specification-round3-20210804.pdf
Shor, P.W.: Algorithms for quantum computation: Discrete logarithms and factoring. In: 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, 20–22 November 1994, pp. 124–134 (1994). https://doi.org/10.1109/SFCS.1994.365700
Shor, P.W.: Polynominal time algorithms for discrete logarithms and factoring on a quantum computer. In: Proceedings of Algorithmic Number Theory, First International Symposium, ANTS-I, Ithaca, NY, USA, 6–9 May 1994, p. 289 (1994). https://doi.org/10.1007/3-540-58691-1_68
Stebila, D., Mosca, M.: Post-quantum key exchange for the internet and the open quantum safe project. In: Selected Areas in Cryptography - SAC 2016–23rd International Conference, St. John’s, NL, Canada, 10–12 August 2016, Revised Selected Papers, pp. 14–37 (2016). https://doi.org/10.1007/978-3-319-69453-5_2
psycopg2 - python-postgresql database adapter (2021). https://pypi.org/project/psycopg2/
The PostgreSQL Global Development Group: Postgresql 14.2 documentation (2022). https://www.postgresql.org/files/documentation/pdf/14/postgresql-14-A4.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Results for the WAN Setting
A Results for the WAN Setting
Figures 12, 13 and 14 show the elapsed time for a TLS Handshake in a WAN with 140 ms network latency. Figure 12 illustrates the case when the signature is RSA vs. DILITHIUM and the KEX/KEM is ECDH vs. KYBER. For security level 1, the handshake with RSA/ECDH is comparable to PQC, except for certificate chains with a length of 4, where PQC is a little slower. For security level 3, the handshake with RSA/ECDH is faster for certificate chain lengths of 1 and 2, and slower for lengths 3 and 4. At level 5, Handshake with RSA/ECDH is slower than PQC. Figure 13 illustrates the case when the signature is ECDSA vs. DILITHIUM and the KEX/KEM is ECDH vs. KYBER. With security level 1, the handshake with ECDSA/ECDH is comparable to RSA/ECDH, i.e., also comparable to PQC except for certificate chains with a length of 4, where PQC is a little slower. At security level 3, we observe comparable performance for certificate chain lengths 1 and 2, and a faster ECDSA/ECDH handshake for certificate chain lengths 3 and 5. Concerning level 5, Handshake with ECDSA/ECDH is a little faster than PQC. Figure 14 illustrates the case when the signature is RSA/ECDSA vs. Hybrids and the KEX/KEM is ECDH vs. Hybrids. As for the LAN case, we consider hybrids with combined algorithms at the same security level (e.g.: ECDSA-DILITHIUM, RSA-DILITHIUM, ECDH-KYBER) and the result is comparable to the results in Figs. 12 and 13.
We remark that, in the WAN setting, the handshake with PQC is a little slower than using classic algorithms. This is different in the LAN setting. We attribute this difference to the larger communication size that needs to be sent over a long distance. That is, the communication overhead of the handshake with PQC is noticeable in the WAN but not in the LAN setting.
Elapsed time in milliseconds for a TLS handshake on WAN, comparing RSA/ECDH and DILITHIUM/KYBER with different certificate chain lengths and different security levels. PRIME256V1, SECP384R1, SECP521R1 are curves for ECDH.
Elapsed time in milliseconds for a TLS handshake on WAN, comparing ECDSA/ECDH and DILITHIUM/KYBER with different certificate chain lengths and different security levels. PRIME256V1, SECP384R1, SECP521R1 are curves for ECDH.
Elapsed time in milliseconds for a TLS handshake on WAN, comparing ECDSA/ECDH and DILITHIUM/KYBER in hybrid mode, with different certificate chain lengths and different NIST security levels. Each hybrid combines a classic and a quantum-safe algorithm. P256_DILITHIUM2 (resp. P256_KYBER512) stands for 256-bit ECDSA (resp. ECDH) together with DILITHIUM2 (resp. KYBER512).
Rights and permissions
Copyright information
© 2022 IFIP International Federation for Information Processing
About this paper
Cite this paper
Tueno, A., Boehm, D., Choe, S.H. (2022). Integrating and Evaluating Quantum-safe TLS in Database Applications. In: Sural, S., Lu, H. (eds) Data and Applications Security and Privacy XXXVI. DBSec 2022. Lecture Notes in Computer Science, vol 13383. Springer, Cham. https://doi.org/10.1007/978-3-031-10684-2_15
Download citation
DOI: https://doi.org/10.1007/978-3-031-10684-2_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-10683-5
Online ISBN: 978-3-031-10684-2
eBook Packages: Computer ScienceComputer Science (R0)
