In the post-quantum era, it is predicted that secure encryption algorithms like RSA and ECC will be broken within microseconds. In response, NIST has made the transition to post-quantum cryptography necessary by completing the ML-KEM standard (FIPS 203) in August 2024. However, integrating these new algorithms into the existing TLS 1.3 infrastructure raises some concerns, particularly in resource-constrained IoT devices where computing power and memory are limited. This paper evaluates the TLS 1.3 handshake performance of ML-KEM-512, ML-KEM-768, ML-KEM-1024, and hybrid X25519+ML-KEM-768 on a Raspberry Pi 4 (ARM Cortex-A72) in five different network scenarios (loopback, LAN (10 ms RTT), WAN (50 ms RTT), and packet loss rates of 1% and 5%). Experiments were performed using OpenSSL 3.x integrated with liboqs, with 100 iterations for each configuration. The results show that ML-KEM algorithms, which have high computational costs, introduce negligible computational overhead compared to the classic X25519 under low latency conditions, and base-state 1-RTT handshake times range from 11.3 to 13.3 ms. The ML-KEM 512 algorithm showed the best performance, particularly due to its small packet size. ML-KEM reached 180 ms with 5% loss, while X25519 reached 281 ms. It was also observed that session restart times consistently reduced handshake latency for all algorithms. In algorithm tests, ML-KEM 512 provided a 4.16-fold speedup at the base level. In WAN conditions, network RTT becomes the dominant bottleneck, and the choice of KEM algorithm becomes practically irrelevant. This demonstrates that ML-KEM algorithms are a usable standard even with limited hardware and that session restart is a significant example of optimization in IoT applications.
Cemile İnce (Tue,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: