Quantum-resistant SSL/TLS: Preparing for Post-quantum Cryptography
Abstract
The rise of quantum computing presents a significant threat to current cryptographic protocols, including SSL/TLS, which are fundamental to secure communication over the internet. This paper provides a comprehensive review of quantum-resistant SSL/TLS implementations to address the looming risks posed by quantum attacks. Using the PRISMA methodology, 766 articles were screened, with 27 meeting the inclusion criteria for in-depth analysis. The study evaluates the design, testing, and validation processes of quantum-resistant algorithms such as SPHINCS+, CRYSTALS-Kyber, and Dilithium, emphasising their integration into TLS 1.3. Key findings highlight advancements in algorithmic choices, protocol modifications, and security assurances while addressing challenges like computational overhead and compatibility issues. By offering a thorough assessment of current developments, this paper aims to guide future research and practical deployment of quantum-resistant cryptography to safeguard digital communications in the post-quantum era
Downloads
References
Al-darwbi, M. Y., Ghorbani, A. A., & Lashkari, A. H. (2020). KeyShield: A scalable and quantum-safe key management scheme. IEEE Open Journal of the Communications Society, 2, 87–101.
Alnahawi, N., Müller, J., Oupický, J., & Wiesmaier, A. (2024). A Comprehensive Survey on Post-Quantum TLS. IACR Communications in Cryptology, 1(2).
Awan, U., Hannola, L., Tandon, A., Goyal, R. K., & Dhir, A. (2022). Quantum computing challenges in the software industry. A fuzzy AHP-based approach. Information and Software Technology, 147, 106896.
Bernstein, D. J., & Lange, T. (2017). Post-quantum cryptography. Nature, 549(7671), 188–194. https://doi.org/10.1038/nature23461
Crockett, E., Paquin, C., & Stebila, D. (2019). Prototyping post-quantum and hybrid key exchange and authentication in TLS and SSH. Cryptology ePrint Archive. Retrieved from https://eprint.iacr.org/2019/858
Dong, B., & Wang, Q. (2024). Evaluating Post-Quantum Cryptography on Embedded Systems: A Performance Analysis. arXiv preprint arXiv:2409.05298.
Gonzalez, R., & Wiggers, T. (2022). KEMTLS vs. Post-Quantum TLS: Performance on embedded systems. In International Conference on Security, Privacy, and Applied Cryptography Engineering (pp. 99–117). Springer.
Henrich, J., et al. (2023). Performance Impact of PQC KEMs on TLS 1.3 Under Varying Network Characteristics. In International Conference on Information Security (pp. 267–287). Springer.
Kempf, M., et al. (2024). A Quantum of QUIC: Dissecting Cryptography with Post-Quantum Insights. arXiv preprint arXiv:2405.09264.
Khan, M. U., et al. (2024). Exploration of PQC-Based Digital Signature Schemes in TLS Certificates. The Asian Bulletin of Big Data Management, 4(3).
Lee, S. W., & Son, T. S. (2023). Feasibility Study of Post Quantum Cryptography in TLS 1.3. Journal of Digital Contents Society, 24(1), 167–175.
Mosca, M. (2015). Cybersecurity in an era with quantum computers: Will we be ready? IEEE Security & Privacy, 16(5), 38–41. https://doi.org/10.1109/MSP.2018.3761723
National Institute of Standards and Technology. (2016). Post-Quantum Cryptography Standardization. Retrieved from https://csrc.nist.gov/projects/post-quantum-cryptography
Page, M. J., McKenzie, J. E., Bossuyt, P. M., Boutron, I., Hoffmann, T. C., Mulrow, C. D., ... & Moher, D. (2021). The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. BMJ, 372, n71.
Paul, S., et al. (2022). Mixed certificate chains for the transition to post-quantum authentication in TLS 1.3. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security (pp. 727–740).
Rescorla, E. (2018). The Transport Layer Security (TLS) Protocol Version 1.3 (RFC 8446). Internet Engineering Task Force. Retrieved from https://datatracker.ietf.org/doc/html/rfc8446
Shor, P. W. (1994). Algorithms for quantum computation: Discrete logarithms and factoring. In Proceedings of the 35th Annual Symposium on Foundations of Computer Science (pp. 124–134). IEEE.
Sikeridis, D., Kampanakis, P., & Devetsikiotis, M. (2020). Post-quantum authentication in TLS 1.3: A performance study. Cryptology ePrint Archive. Retrieved from https://eprint.iacr.org/2020/071
Sikeridis, D., et al. (2023). ELCA: Introducing Enterprise-level Cryptographic Agility for a Post-Quantum Era. Cryptology ePrint Archive. Retrieved from https://eprint.iacr.org/2023/501
Stebila, D., & Wilson, S. (2024). Quantum-safe account recovery for WebAuthn. In Proceedings of the 19th ACM Asia Conference on Computer and Communications Security (pp. 1814–1830).
Tasopoulos, G., et al. (2022). Performance evaluation of post-quantum TLS 1.3 on resource-constrained embedded systems. In International Conference on Information Security Practice and Experience (pp. 432–451). Springer.
Wehner, S., Elkouss, D., & Hanson, R. (2018). Quantum internet: A vision for the road ahead. Science, 362(6412), eaam9288. https://doi.org/10.1126/science.aam9288
Xia, T., et al. (2024). A Quantum-Resistant Identity Authentication and Key Agreement Scheme for UAV Networks Based on Kyber Algorithm. Drones, 8(8), 359.
Zheng, J., et al. (2024). Delving into Post-Quantum TLS Performance: Faster ML-KEM in TLS 1.3 Implementation and Assessment. arXiv preprint arXiv:2404.13544.
Copyright (c) 2025 Robert Tuhaise, Oscar Correia, Joseph Ocaya, Peter Gladino, Onongha Ekuri
This work is licensed under a Creative Commons Attribution 4.0 International License.
