I presented my work on The Performance of Post-Quantum TLS 1.3 at CoNEXT 2023! A recording is available on YouTube. A short summary here.

Our work gives a practical view on the performance of post-quantum TLS. We are no cryptography experts, but specialized on network measurements. Modern networks are very complex and the large key sizes of the post-quantum algorithms can have significant side-effects in unoptimized setups. Moreover, existing optimizations might just not hold anymore because some of the basic assumptions changed. For example, using traditional algorithms we can fit the whole handshake in a single IP packet, so it makes sense to group them together, however, the post-quantum algorithms need multiple packets anyway, so we can optimize differently. Seeing the recent progress in Quantum Computers, it gets more and more likely that our traditional cryptography is broken in the near future, so we should do something now! The hybrid algorithms are a great choice to enable on your own servers already now to secure against the “store-now, decrypt-later” threat.