Quantum-Safe Evaluation of TLS 1.3 Hybrid with ML-DSA
##plugins.themes.bootstrap3.article.main##
Abstract
Quantum computing poses a significant threat to classical cryptographic schemes widely used in modern networks, particularly RSA and ECC, which are vulnerable to Shor’s algorithm. To address this challenge, this study conducts a post-quantum security evaluation of TLS 1.3 by implementing hybrid X25519+Kyber key exchange and ML-DSA digital signatures. The objective is to assess the performance, overhead, and effectiveness of hybrid TLS in ensuring long-term data confidentiality within enterprise environments. The research method involves building a server–client testbed using OpenSSL with the oqs-provider, applying network load simulations under various latencies, and measuring key metrics including handshake latency, CPU utilization, certificate size, and client compatibility. The results indicate that hybrid TLS 1.3 with X25519+Kyber introduces only moderate handshake latency, while ML-DSA increases certificate size but remains manageable for deployment in modern enterprise systems. The conclusion of this study is that combining X25519+Kyber with ML-DSA offers an effective transition path towards quantum-safe networks without significantly sacrificing system performance..
##plugins.themes.bootstrap3.article.details##
[2] D. Stebila, S. Fluhrer, and S. Gueron, “Hybrid key exchange in TLS 1.3,” Internet Engineering Task Force, Internet Draft draft-stebila-tls-hybrid-design-03, Feb. 2020. Accessed: Oct. 11, 2025. [Online]. Available: https://datatracker.ietf.org/doc/draft-stebila-tls-hybrid-design
[3] M. Sosnowski et al., “The Performance of Post-Quantum TLS 1.3,” in Companion of the 19th International Conference on emerging Networking EXperiments and Technologies, Paris France: ACM, Dec. 2023, pp. 19–27. doi: 10.1145/3624354.3630585.
[4] J. A. Montenegro, R. Rios, and J. Lopez-Cerezo, “A performance evaluation framework for post-quantum TLS,” Future Gener. Comput. Syst., vol. 175, p. 108062, Feb. 2026, doi: 10.1016/j.future.2025.108062.
[5] P. Kampanakis and W. Childs-Klein, “The impact of data-heavy, post-quantum TLS 1.3 on the Time-To-Last-Byte of Web connections,” in Proceedings 2024 Workshop on Measurements, Attacks, and Defenses for the Web, San Diego, CA, USA: Internet Society, 2024. doi: 10.14722/madweb.2024.23010.
[6] I. Tzinos, K. Limniotis, and N. Kolokotronis, “Evaluating the performance of post-quantum secure algorithms in the TLS protocol,” J. Surveill. Secur. Saf., vol. 3, no. 3, pp. 101–127, 2022, doi: 10.20517/jsss.2022.15.
[7] H. Jia, M. Wang, B. Li, Y. Liu, J. Guo, and P. Zhang, “5GC$^2$ache: Improving 5G UPF Performance via Cache Optimization,” 2024, arXiv. doi: 10.48550/ARXIV.2404.13991.
[8] M. Abbasi, F. Cardoso, P. Váz, J. Silva, and P. Martins, “A Practical Performance Benchmark of Post-Quantum Cryptography Across Heterogeneous Computing Environments,” Cryptography, vol. 9, no. 2, p. 32, May 2025, doi: 10.3390/cryptography9020032.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.