---
_id: '28997'
abstract:
- lang: eng
text: "Modern cryptographic protocols, such as TLS 1.3 and QUIC, can send cryptographically
protected data in “zero round-trip times (0-RTT)”, that is, without the need for
a prior interactive handshake. Such protocols meet the demand for communication
with minimal latency, but those currently deployed in practice achieve only rather
weak security properties, as they may not achieve forward security for the first
transmitted payload message and require additional countermeasures against replay
attacks.Recently, 0-RTT protocols with full forward security and replay resilience
have been proposed in the academic literature. These are based on puncturable
encryption, which uses rather heavy building blocks, such as cryptographic pairings.
Some constructions were claimed to have practical efficiency, but it is unclear
how they compare concretely to protocols deployed in practice, and we currently
do not have any benchmark results that new protocols can be compared with.We provide
the first concrete performance analysis of a modern 0-RTT protocol with full forward
security, by integrating the Bloom Filter Encryption scheme of Derler et al. (EUROCRYPT
2018) in the Chromium QUIC implementation and comparing it to Google’s original
QUIC protocol. We find that for reasonable deployment parameters, the server CPU
load increases approximately by a factor of eight and the memory consumption on
the server increases significantly, but stays below 400 MB even for medium-scale
deployments that handle up to 50K connections per day. The difference of
the size of handshake messages is small enough that transmission time on the network
is identical, and therefore not significant.We conclude that while current 0-RTT
protocols with full forward security come with significant computational overhead,
their use in practice is feasible, and may be used in applications where the increased
CPU and memory load can be tolerated in exchange for full forward security and
replay resilience on the cryptographic protocol level. Our results serve as a
first benchmark that can be used to assess the efficiency of 0-RTT protocols potentially
developed in the future.\r\n"
author:
- first_name: Fynn
full_name: Dallmeier, Fynn
last_name: Dallmeier
- first_name: Jan P.
full_name: Drees, Jan P.
last_name: Drees
- first_name: Kai
full_name: Gellert, Kai
last_name: Gellert
- first_name: Tobias
full_name: Handirk, Tobias
last_name: Handirk
- first_name: Tibor
full_name: Jager, Tibor
last_name: Jager
- first_name: Jonas
full_name: Klauke, Jonas
id: '40915'
last_name: Klauke
orcid: 0000-0001-9160-9636
- first_name: Simon
full_name: Nachtigall, Simon
last_name: Nachtigall
- first_name: Timo
full_name: Renzelmann, Timo
last_name: Renzelmann
- first_name: Rudi
full_name: Wolf, Rudi
last_name: Wolf
citation:
ama: 'Dallmeier F, Drees JP, Gellert K, et al. Forward-Secure 0-RTT Goes Live: Implementation
and Performance Analysis in QUIC. In: Cryptology and Network Security.
Springer-Verlag; 2020:211-231. doi:10.1007/978-3-030-65411-5_11'
apa: 'Dallmeier, F., Drees, J. P., Gellert, K., Handirk, T., Jager, T., Klauke,
J., Nachtigall, S., Renzelmann, T., & Wolf, R. (2020). Forward-Secure 0-RTT
Goes Live: Implementation and Performance Analysis in QUIC. Cryptology and
Network Security, 211–231. https://doi.org/10.1007/978-3-030-65411-5_11'
bibtex: '@inproceedings{Dallmeier_Drees_Gellert_Handirk_Jager_Klauke_Nachtigall_Renzelmann_Wolf_2020,
place={Cham}, title={Forward-Secure 0-RTT Goes Live: Implementation and Performance
Analysis in QUIC}, DOI={10.1007/978-3-030-65411-5_11},
booktitle={Cryptology and Network Security}, publisher={Springer-Verlag}, author={Dallmeier,
Fynn and Drees, Jan P. and Gellert, Kai and Handirk, Tobias and Jager, Tibor and
Klauke, Jonas and Nachtigall, Simon and Renzelmann, Timo and Wolf, Rudi}, year={2020},
pages={211–231} }'
chicago: 'Dallmeier, Fynn, Jan P. Drees, Kai Gellert, Tobias Handirk, Tibor Jager,
Jonas Klauke, Simon Nachtigall, Timo Renzelmann, and Rudi Wolf. “Forward-Secure
0-RTT Goes Live: Implementation and Performance Analysis in QUIC.” In Cryptology
and Network Security, 211–31. Cham: Springer-Verlag, 2020. https://doi.org/10.1007/978-3-030-65411-5_11.'
ieee: 'F. Dallmeier et al., “Forward-Secure 0-RTT Goes Live: Implementation
and Performance Analysis in QUIC,” in Cryptology and Network Security,
Vienna, 2020, pp. 211–231, doi: 10.1007/978-3-030-65411-5_11.'
mla: 'Dallmeier, Fynn, et al. “Forward-Secure 0-RTT Goes Live: Implementation and
Performance Analysis in QUIC.” Cryptology and Network Security, Springer-Verlag,
2020, pp. 211–31, doi:10.1007/978-3-030-65411-5_11.'
short: 'F. Dallmeier, J.P. Drees, K. Gellert, T. Handirk, T. Jager, J. Klauke, S.
Nachtigall, T. Renzelmann, R. Wolf, in: Cryptology and Network Security, Springer-Verlag,
Cham, 2020, pp. 211–231.'
conference:
end_date: 2020-12-16
location: Vienna
name: CANS 2020
start_date: 2020-12-14
date_created: 2021-12-15T17:43:11Z
date_updated: 2022-03-11T10:59:41Z
doi: 10.1007/978-3-030-65411-5_11
extern: '1'
language:
- iso: eng
page: 211-231
place: Cham
publication: Cryptology and Network Security
publication_identifier:
isbn:
- '9783030654108'
- '9783030654115'
issn:
- 0302-9743
- 1611-3349
publication_status: published
publisher: Springer-Verlag
status: public
title: 'Forward-Secure 0-RTT Goes Live: Implementation and Performance Analysis in
QUIC'
type: conference
user_id: '40915'
year: '2020'
...