Forward-Secure 0-RTT Goes Live: Implementation and Performance Analysis in QUIC
F. Dallmeier, J.P. Drees, K. Gellert, T. Handirk, T. Jager, J. Klauke, S. Nachtigall, T. Renzelmann, R. Wolf, in: Cryptology and Network Security, Springer-Verlag, Cham, 2020, pp. 211–231.
Download
No fulltext has been uploaded.
Conference Paper
| Published
| English
Author
Dallmeier, Fynn;
Drees, Jan P.;
Gellert, Kai;
Handirk, Tobias;
Jager, Tibor;
Klauke, JonasLibreCat ;
Nachtigall, Simon;
Renzelmann, Timo;
Wolf, Rudi
Abstract
Modern cryptographic protocols, such as TLS 1.3 and QUIC, can send cryptographically protected data in “zero round-trip times (0-RTT)”, that is, without the need for a prior interactive handshake. Such protocols meet the demand for communication with minimal latency, but those currently deployed in practice achieve only rather weak security properties, as they may not achieve forward security for the first transmitted payload message and require additional countermeasures against replay attacks.Recently, 0-RTT protocols with full forward security and replay resilience have been proposed in the academic literature. These are based on puncturable encryption, which uses rather heavy building blocks, such as cryptographic pairings. Some constructions were claimed to have practical efficiency, but it is unclear how they compare concretely to protocols deployed in practice, and we currently do not have any benchmark results that new protocols can be compared with.We provide the first concrete performance analysis of a modern 0-RTT protocol with full forward security, by integrating the Bloom Filter Encryption scheme of Derler et al. (EUROCRYPT 2018) in the Chromium QUIC implementation and comparing it to Google’s original QUIC protocol. We find that for reasonable deployment parameters, the server CPU load increases approximately by a factor of eight and the memory consumption on the server increases significantly, but stays below 400 MB even for medium-scale deployments that handle up to 50K connections per day. The difference of the size of handshake messages is small enough that transmission time on the network is identical, and therefore not significant.We conclude that while current 0-RTT protocols with full forward security come with significant computational overhead, their use in practice is feasible, and may be used in applications where the increased CPU and memory load can be tolerated in exchange for full forward security and replay resilience on the cryptographic protocol level. Our results serve as a first benchmark that can be used to assess the efficiency of 0-RTT protocols potentially developed in the future.
Publishing Year
Proceedings Title
Cryptology and Network Security
Page
211-231
Conference
CANS 2020
Conference Location
Vienna
Conference Date
2020-12-14 – 2020-12-16
ISBN
LibreCat-ID
Cite this
Dallmeier F, Drees JP, Gellert K, et al. Forward-Secure 0-RTT Goes Live: Implementation and Performance Analysis in QUIC. In: Cryptology and Network Security. Springer-Verlag; 2020:211-231. doi:10.1007/978-3-030-65411-5_11
Dallmeier, F., Drees, J. P., Gellert, K., Handirk, T., Jager, T., Klauke, J., Nachtigall, S., Renzelmann, T., & Wolf, R. (2020). Forward-Secure 0-RTT Goes Live: Implementation and Performance Analysis in QUIC. Cryptology and Network Security, 211–231. https://doi.org/10.1007/978-3-030-65411-5_11
@inproceedings{Dallmeier_Drees_Gellert_Handirk_Jager_Klauke_Nachtigall_Renzelmann_Wolf_2020, place={Cham}, title={Forward-Secure 0-RTT Goes Live: Implementation and Performance Analysis in QUIC}, DOI={10.1007/978-3-030-65411-5_11}, booktitle={Cryptology and Network Security}, publisher={Springer-Verlag}, author={Dallmeier, Fynn and Drees, Jan P. and Gellert, Kai and Handirk, Tobias and Jager, Tibor and Klauke, Jonas and Nachtigall, Simon and Renzelmann, Timo and Wolf, Rudi}, year={2020}, pages={211–231} }
Dallmeier, Fynn, Jan P. Drees, Kai Gellert, Tobias Handirk, Tibor Jager, Jonas Klauke, Simon Nachtigall, Timo Renzelmann, and Rudi Wolf. “Forward-Secure 0-RTT Goes Live: Implementation and Performance Analysis in QUIC.” In Cryptology and Network Security, 211–31. Cham: Springer-Verlag, 2020. https://doi.org/10.1007/978-3-030-65411-5_11.
F. Dallmeier et al., “Forward-Secure 0-RTT Goes Live: Implementation and Performance Analysis in QUIC,” in Cryptology and Network Security, Vienna, 2020, pp. 211–231, doi: 10.1007/978-3-030-65411-5_11.
Dallmeier, Fynn, et al. “Forward-Secure 0-RTT Goes Live: Implementation and Performance Analysis in QUIC.” Cryptology and Network Security, Springer-Verlag, 2020, pp. 211–31, doi:10.1007/978-3-030-65411-5_11.