An Evaluation of Post-quantum and Hybrid Noise Protocol Variants on Mobile Devices

An Evaluation of Post-quantum and Hybrid Noise Protocol Variants on Mobile Devices

연구 분야: Cryptography

학회: International Conference on Information Technology and Communications Security

Noise is a framework for the design and security assessment of Authenticated Key Exchange (AKE) protocols between two parties using Diffie-Hellman (DH) as the only public-key cryptosystem. In this paper, we present an evaluation of the computation and communication cost of Noise and PQNoise, a recently introduced post-quantum version of the Noise protocol framework. Furthermore, we present combinations of the 12 fundamental (interactive) Noise patterns and their PQNoise counterparts, thereby obtaining hybrid handshake patterns, and include them in our evaluation. We integrated PQNoise and the novel hybrid patterns into Noise-C, a reference implementation of the Noise protocol framework written in C. In order to evaluate Noise and its variants, we emulated networks with different latency, throughput, and packet-loss settings using Linux network emulation tools. For all Noise handshakes we chose cryptosystems that provide a comparable (pre-quantum) level of security, namely X25519 and Kyber512. We ran our experiments on two different devices, one is a laptop with an Intel Core i5-10210U CPU and the other an Orange Pi One development board with a 32-bit ARM Cortex-A7 processor. The results we collected show that, under normal network conditions, the Noise patterns and their PQNoise counterparts have nearly identical execution times, except when the latter require an additional handshake message. However, under bad network conditions with high packet-loss rates, PQNoise falls behind Noise, mainly because of the relatively large public-key and ciphertext sizes of Kyber512. The execution times of our hybrid handshakes are almost indistinguishable from the corresponding PQNoise handshakes when the packet-loss rates are low, and at higher loss rates the differences are small.