The TLS Post-Quantum Experiment

In June 2019, Google and Cloudflare announced a post-quantum cryptography experiment using two key exchanges integrated into their TLS stack. The experiment aimed to evaluate the performance and feasibility of deployment in TLS of two post-quantum key agreement ciphers: isogeny-based SIKE and lattice-based HRSS. The results showed that CECPQ2 (HRSS + X25519) outperformed CECPQ2b (SIKE/p434 + X25519) for the majority of connections, indicating that fast algorithms with large keys may be more suitable for TLS than slow algorithms with small keys. However, for some devices like Windows computers and Android mobile devices, CECPQ2b outperformed CECPQ2 for the slowest connections. The HRSS algorithm performed surprisingly well in terms of speed, while SIKE incurred a significant overhead for every connection due to its computational expense.