1,965 research outputs found
Post-Quantum TLS on Embedded Systems
We present our integration of post-quantum cryptography (PQC), more specifically of the post-quantum KEM scheme Kyber for key establishment and the post-quantum signature scheme SPHINCS, into the embedded TLS library mbed TLS. We measure the performance of these post-quantum primitives on four different embedded platforms with three different ARM processors and an Xtensa LX6 processor. Furthermore, we compare the performance of our experimental PQC cipher suite to a classical TLS variant using elliptic curve cryptography (ECC). Post-quantum key establishment and signature schemes have been either integrated into TLS or ported to embedded devices before. However, to the best of our knowledge, we are the first to combine TLS, post-quantum schemes, and embedded systems and to measure and evaluate the performance of post-quantum TLS on embedded platforms. Our results show that post-quantum key establishment with Kyber performs well in TLS on embedded devices compared to ECC variants. The use of SPHINCS signatures comes with certain challenges in terms of signature size and signing time, which mainly affects the use of embedded systems as PQC-TLS server but does not necessarily prevent embedded systems to act as PQC-TLS clients
Performance Evaluation of Post-Quantum TLS 1.3 on Resource-Constrained Embedded Systems
Transport Layer Security (TLS) constitutes one of the most widely used protocols for securing Internet communications and has also found broad acceptance in the Internet of Things (IoT) domain. As we progress toward a security environment resistant to quantum computer attacks, TLS needs to be transformed to support post-quantum cryptography. However, post-quantum TLS is still not standardised, and its overall performance, especially in resource-constrained, IoT-capable, embedded devices, is not well understood. In this paper, we showcase how TLS 1.3 can be transformed into quantum-safe by modifying the TLS 1.3 architecture in order to accommodate the latest Post-Quantum Cryptography (PQC) algorithms from NIST PQC process. Furthermore, we evaluate the execution time, memory, and bandwidth requirements of this proposed post-quantum variant of TLS 1.3 (PQ TLS 1.3). This is facilitated by integrating the pqm4 and PQClean library implementations of almost all PQC algorithms selected for standardisation by the NIST PQC process, as well as the alternatives to be evaluated in a new round (Round 4). The proposed solution and evaluation focuses on the lower end of resource-constrained embedded devices. Thus, the evaluation is performed on the ARM Cortex-M4 embedded platform NUCLEO-F439ZI that provides MHz clock rate, MB Flash Memory, and KB SRAM. To the authors\u27 knowledge, this is the first systematic, thorough, and complete timing, memory usage, and network traffic evaluation of PQ TLS 1.3 for all the NIST PQC process selections and upcoming candidate algorithms, that explicitly targets resource-constrained embedded systems
KEMTLS vs. Post-Quantum TLS: Performance On Embedded Systems
TLS is ubiquitous in modern computer networks. It secures transport for high-end desktops and low-end embedded devices alike. However, the public key cryptosystems currently used within TLS may soon be obsolete as large-scale quantum computers, once realized, would be able to break them. This threat has led to the development of post-quantum cryptography (PQC). The U.S. standardization body NIST is currently in the process of concluding a multi-year search for promising post-quantum signature schemes and key encapsulation mechanisms (KEMs). With the first PQC standards around the corner, TLS will have to be updated soon. However, especially for small microcontrollers, it appears the current NIST post-quantum signature finalists pose a challenge. Dilithium suffers from very large public keys and signatures; while Falcon has significant hardware requirements for efficient implementations.
KEMTLS is a proposal for an alternative TLS handshake protocol that avoids authentication through signatures in the TLS handshake. Instead, it authenticates the peers through long-term KEM keys held in the certificates. The KEMs considered for standardization are more efficient in terms of computation and/or bandwidth than the post-quantum signature schemes.
In this work, we compare KEMTLS to TLS 1.3 in an embedded setting. To gain meaningful results, we present implementations of KEMTLS and TLS 1.3 on a Cortex-M4-based platform. These implementations are based on the popular WolfSSL embedded TLS library and hence share a majority of their code. In our experiments, we consider both protocols with the remaining NIST finalist signature schemes and KEMs, except for Classic McEliece which has too large public keys. Both protocols are benchmarked and compared in terms of run-time, memory usage, traffic volume and code size. The benchmarks are performed in network settings relevant to the Internet of Things, namely low-latency broadband, LTE-M and Narrowband IoT. Our results show that KEMTLS can reduce handshake time by up to 38%, can lower peak memory consumption and can save traffic volume compared to TLS 1.3
Energy Consumption Evaluation of Post-Quantum TLS 1.3 for Resource-Constrained Embedded Devices
Post-Quantum cryptography (PQC), in the past few years, constitutes the main driving force of the quantum resistance transition for security primitives, protocols and tools. TLS is one of the widely used security protocols that needs to be made quantum safe. However, PQC algorithms integration into TLS introduce various implementation overheads compared to traditional TLS that in battery powered embedded devices with constrained resources, cannot be overlooked. While there exist several works, evaluating the PQ TLS execution time overhead in embedded systems there are only a few that explore the PQ TLS energy consumption cost. In this paper, a thorough power/energy consumption evaluation and analysis of PQ TLS 1.3 on embedded systems has been made. A WolfSSL PQ TLS 1.3 custom implementation is used that integrates all the NIST PQC algorithms selected for standardisation as well as 2 out of 3 of those evaluated in NIST Round 4. Also 1 out of 2 of the BSI recommendations have been included. The PQ TLS 1.3 with the various PQC algorithms is deployed in a STM Nucleo evaluation board under a mutual and a unilateral client-server authentication scenario. The power and energy consumption collected results are analyzed in detail. The performed comparisons and overall analysis provide very interesting results indicating that the choice of the PQC algorithms in TLS 1.3 to be deployed on an embedded system may be very different depending on the device use as an authenticated or not authenticated, client or server. Also, the results indicate that in some cases, PQ TLS 1.3 implementations can be equally or more energy consumption efficient compared to traditional TLS 1.3
Thermodynamics of quantum systems under dynamical control
In this review the debated rapport between thermodynamics and quantum
mechanics is addressed in the framework of the theory of
periodically-driven/controlled quantum-thermodynamic machines. The basic model
studied here is that of a two-level system (TLS), whose energy is periodically
modulated while the system is coupled to thermal baths. When the modulation
interval is short compared to the bath memory time, the system-bath
correlations are affected, thereby causing cooling or heating of the TLS,
depending on the interval. In steady state, a periodically-modulated TLS
coupled to two distinct baths constitutes the simplest quantum heat machine
(QHM) that may operate as either an engine or a refrigerator, depending on the
modulation rate. We find their efficiency and power-output bounds and the
conditions for attaining these bounds. An extension of this model to multilevel
systems shows that the QHM power output can be boosted by the multilevel
degeneracy.
These results are used to scrutinize basic thermodynamic principles: (i)
Externally-driven/modulated QHMs may attain the Carnot efficiency bound, but
when the driving is done by a quantum device ("piston"), the efficiency
strongly depends on its initial quantum state. Such dependence has been unknown
thus far. (ii) The refrigeration rate effected by QHMs does not vanish as the
temperature approaches absolute zero for certain quantized baths, e.g.,
magnons, thous challenging Nernst's unattainability principle. (iii)
System-bath correlations allow more work extraction under periodic control than
that expected from the Szilard-Landauer principle, provided the period is in
the non-Markovian domain. Thus, dynamically-controlled QHMs may benefit from
hitherto unexploited thermodynamic resources
Dielectric losses in multi-layer Josephson junction qubits
We have measured the excited state lifetimes in Josephson junction phase and
transmon qubits, all of which were fabricated with the same scalable
multi-layer process. We have compared the lifetimes of phase qubits before and
after removal of the isolating dielectric, SiNx, and find a four-fold
improvement of the relaxation time after the removal. Together with the results
from the transmon qubit and measurements on coplanar waveguide resonators,
these measurements indicate that the lifetimes are limited by losses from the
dielectric constituents of the qubits. We have extracted the individual loss
contributions from the dielectrics in the tunnel junction barrier, AlOx, the
isolating dielectric, SiNx, and the substrate, Si/SiO2, by weighing the total
loss with the parts of electric field over the different dielectric materials.
Our results agree well and complement the findings from other studies,
demonstrating that superconducting qubits can be used as a reliable tool for
high-frequency characterization of dielectric materials. We conclude with a
discussion of how changes in design and material choice could improve qubit
lifetimes up to a factor of four.Comment: 10 pages, 4 figures,and 4 table
Two-Level Systems in Evaporated Amorphous Silicon
In -beam evaporated amorphous silicon (-Si), the densities of two-level
systems (TLS), and , determined from specific heat
and internal friction measurements, respectively, have been shown to
vary by over three orders of magnitude. Here we show that and
are proportional to each other with a constant of
proportionality that is consistent with the measurement time dependence
proposed by Black and Halperin and does not require the introduction of
additional anomalous TLS. However, and depend strongly
on the atomic density of the film () which depends on both film
thickness and growth temperature suggesting that the -Si structure is
heterogeneous with nanovoids or other lower density regions forming in a dense
amorphous network. A review of literature data shows that this atomic density
dependence is not unique to -Si. These findings suggest that TLS are not
intrinsic to an amorphous network but require a heterogeneous structure to
form
- …