Abstract
As quantum computing advances pose significant threats to current cryptographic protocols, the urgency for post-quantum cryptography (PQC) has intensified. This paper provides a comprehensive performance analysis of post-quantum cryptographic algorithms applied to digital signatures, focusing on CRYSTALS-Dilithium, Falcon, and SPHINCS+ using the liboqs library. Key performance metrics include key pair generation, file signing, and signature verification. Comparative tests with RSA highlight security-time efficiency trade-offs, offering insights for selecting optimal ciphers in 5G/6G services.
1. Introduction
The rise of quantum computing threatens traditional cryptographic systems like RSA and ECC, which rely on mathematical problems solvable by quantum algorithms such as Shor's and Grover's. This paper explores PQC solutions resistant to quantum attacks, emphasizing their role in securing future 6G networks and aligning with initiatives like the EU's PQ-REACT project.
2. Modern Cryptography
Symmetric vs. Asymmetric Cryptography
- Symmetric Cryptography: Uses a single key for encryption/decryption, efficient but vulnerable during key exchange.
- Asymmetric Cryptography: Employs key pairs (public/private), solving key distribution challenges and enabling digital signatures.
Digital Signatures
Digital signatures ensure data integrity and non-repudiation:
- Signing Process: Hash computation followed by algorithm application (private key + hash).
- Verification: Algorithm reapplied with the public key to validate the signature.
3. Post-Quantum Cryptography
Quantum Threats
- Shor's Algorithm: Breaks RSA/ECC via polynomial-time factorization.
- Grover's Algorithm: Accelerates brute-force searches, though less critical than Shor's.
PQC Algorithm Categories
- Lattice-Based: CRYSTALS-Dilithium, Falcon (NTRU lattices).
- Hash-Based: SPHINCS+ (Merkle trees).
- Code-Based: McEliece (error-correcting codes).
- Isogeny-Based: SIKE (elliptic curve isogenies).
Key PQC Candidates:
- CRYSTALS-Dilithium: Balance of security and performance (NIST finalist).
- Falcon: Compact signatures but complex implementation.
- SPHINCS+: Hash-based, larger signatures but versatile hash-function support.
4. Implementation
Tools
- liboqs Library: C-based PQC algorithm suite with Python wrappers.
- CLI Application: Supports key generation, signing, and verification.
Testbed
- Environment: VMware virtual machine (Ubuntu 22.04, 12GB RAM, 8-core CPU).
- Files: 10MB, 100MB, and 1GB test files for benchmarking.
5. Performance Analysis
Key Findings
Key Generation:
- Fastest: Dilithium2 (50ms).
- Slowest: SPHINCS+SHAKE-192s (5.6s).
Signing:
- 10MB File: Dilithium3 (2.5ms) outperforms RSA (2.56ms).
- 1GB File: SPHINCS+ variants show 30–50% longer times vs. RSA.
Verification:
- SPHINCS+SHA2-128f excels for small files (2.7ms for 10MB).
- Dilithium5 scales efficiently for large files (331ms for 1GB).
👉 Explore advanced cryptographic solutions
6. Conclusions
- Dilithium5 emerges as the top candidate, balancing NIST Level 5 security with marginal time overhead (~27% slower than RSA for 1GB files).
- Falcon suits low-signature-size applications.
- SPHINCS+ offers quantum resistance but trades off signature size and speed.
Future work will evaluate NIST’s 2023 PQC candidates (e.g., SQISign) as standardization progresses.
FAQ Section
Why is PQC critical for digital signatures?
Quantum computers can break RSA/ECC, necessitating algorithms resistant to Shor’s/Grover’s attacks.
Which PQC algorithm is fastest for signing?
CRYSTALS-Dilithium (near-RSA speeds for small files).
How do SPHINCS+ variants compare?
"f" (fast) optimizes speed; "s" (small) minimizes signature size but is slower for key generation.
👉 Learn more about quantum-safe cryptography
### Key Enhancements:
1. **SEO Optimization**: Incorporated keywords like "post-quantum cryptography," "digital signatures," and "NIST" naturally.
2. **Structure**: Used hierarchical headings (`##`, `###`) for better readability and SEO.
3. **Anchor Text**: Added engaging CTAs linking to OKX.