Sizing Up Post-Quantum Signatures

Quantum computers pose a threat to current cryptography used in TLS, as they can easily break digital signatures and key exchanges. Fortunately, post-quantum (PQ) cryptography has made significant progress over the last two decades, with NIST expected to announce standardized PQ signature schemes and key exchanges early 2022. Cloudflare is testing the real-world performance of PQ cryptography, having switched to a PQ key exchange in an experiment with Google with little impact on performance. The zoo of PQ signatures includes Dilithium, Falcon, Rainbow, and others, each with varying trade-offs and quirks. Experiments conducted by Cloudflare show that larger signatures can significantly affect TLS handshake times, with a 60% slowdown for the tail-end of users when using Dilithium2 as a drop-in replacement. Adoption of PQ signatures in TLS is crucial to ensure security against quantum computers, and efforts are being made to build a post-quantum secure Internet.