TY - GEN
T1 - A Quantum of QUIC
T2 - 23rd International Federation for Information Processing on Networking Conference, IFIP Networking 2024
AU - Kempf, Marcel
AU - Gauder, Nikolas
AU - Jaeger, Benedikt
AU - Zirngibl, Johannes
AU - Carle, Georg
N1 - Publisher Copyright:
© 2024 IFIP.
PY - 2024
Y1 - 2024
N2 - QUIC is a new network protocol standardized in 2021. It was designed to replace the TCP/TLS stack and is based on UDP. The most current web standard HTTP/3 is specifically designed to use QUIC as transport protocol. QUIC claims to provide secure and fast transport with low-latency connection establishment, flow and congestion control, reliable delivery, and stream multiplexing. To achieve the security goals, QUIC enforces the usage of TLS 1.3. It uses authenticated encryption with additional data (AEAD) algorithms to not only protect the payload but also parts of the header. The handshake relies on asymmetric cryptography, which will be broken with the introduction of powerful quantum computers, making the use of post-quantum cryptography inevitable. This paper presents a detailed evaluation of the impact of cryptography on QUIC performance. The high-performance QUIC implementations LSQUIC, quiche, and MsQuic are evaluated under different aspects. We break symmetric cryptography down to the different security features. To be able to isolate the impact of cryptography, we implemented a NOOP AEAD algorithm which leaves plaintext unaltered. We show that QUIC performance increases by 10 to 20 % when removing packet protection. The header protection has negligible impact on performance, especially for AES ciphers. We integrate post-quantum cryptographic algorithms into QUIC, demonstrating its feasibility without major changes to the QUIC libraries by using a TLS library that implements post-quantum algorithms. Kyber, Dilithium, and FALCON are promising candidates for post-quantum secure QUIC, as they have a low impact on the handshake duration. Algorithms like SPHINCS+with larger key sizes or more complex calculations significantly impact the handshake duration and cause additional issues in our measurements.
AB - QUIC is a new network protocol standardized in 2021. It was designed to replace the TCP/TLS stack and is based on UDP. The most current web standard HTTP/3 is specifically designed to use QUIC as transport protocol. QUIC claims to provide secure and fast transport with low-latency connection establishment, flow and congestion control, reliable delivery, and stream multiplexing. To achieve the security goals, QUIC enforces the usage of TLS 1.3. It uses authenticated encryption with additional data (AEAD) algorithms to not only protect the payload but also parts of the header. The handshake relies on asymmetric cryptography, which will be broken with the introduction of powerful quantum computers, making the use of post-quantum cryptography inevitable. This paper presents a detailed evaluation of the impact of cryptography on QUIC performance. The high-performance QUIC implementations LSQUIC, quiche, and MsQuic are evaluated under different aspects. We break symmetric cryptography down to the different security features. To be able to isolate the impact of cryptography, we implemented a NOOP AEAD algorithm which leaves plaintext unaltered. We show that QUIC performance increases by 10 to 20 % when removing packet protection. The header protection has negligible impact on performance, especially for AES ciphers. We integrate post-quantum cryptographic algorithms into QUIC, demonstrating its feasibility without major changes to the QUIC libraries by using a TLS library that implements post-quantum algorithms. Kyber, Dilithium, and FALCON are promising candidates for post-quantum secure QUIC, as they have a low impact on the handshake duration. Algorithms like SPHINCS+with larger key sizes or more complex calculations significantly impact the handshake duration and cause additional issues in our measurements.
KW - Cryptography
KW - Performance Evaluation
KW - Post-Quantum
KW - QUIC
KW - Secure Transport Protocols
UR - http://www.scopus.com/inward/record.url?scp=85202445335&partnerID=8YFLogxK
U2 - 10.23919/IFIPNetworking62109.2024.10619916
DO - 10.23919/IFIPNetworking62109.2024.10619916
M3 - Conference contribution
AN - SCOPUS:85202445335
T3 - 2024 IFIP Networking Conference, IFIP Networking 2024
SP - 195
EP - 203
BT - 2024 IFIP Networking Conference, IFIP Networking 2024
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 3 June 2024 through 6 June 2024
ER -