KpqBench: Performance and Implementation Security Analysis of KpqC Competition Round 1 Candidatesopen access
- Authors
- Choi, Yongryeol; Kim, Mingi; Kim, Youngbeom; Song, Jingyo; Jin, Jaehwan; Kim, Heeseok; Seo, Seog Chung
- Issue Date
- 2024
- Publisher
- Keywords
- Security; NIST; Benchmark testing; Software algorithms; Libraries; Cryptography; Quantum computing; Software quality; Post-quantum cryptosystems; benchmarking; constant-time; cryptographic library; KpqC competition; metamorphic testing; software validation
- Citation
- IEEE ACCESS, v.12, pp 18606 - 18626
- Pages
- 21
- Indexed
- Journal Title
- Volume
- 12
- Start Page
- 18606
- End Page
- 18626
- 10.1109/ACCESS.2024.3361316
- 2169-3536
- Abstract
- As the global migration to post-quantum cryptography (PQC) continues to progress actively, in Korea, the Post-Quantum Cryptography Research Center has been established to acquire PQC technology, leading the KpqC Competition. In February 2022, the KpqC Competition issued a call for proposals for PQC algorithms. By November 2022, 16 candidates were selected for the first round (7 KEMs and 9 DSAs). Currently, Round 1 submissions are being evaluated with respect to security, efficiency, and scalability in various environments. At the current stage, evaluating the software through an analysis to improve the software quality of the first-round submissions is judged appropriately. In this paper, we present analysis results regarding performance and implementation security on based dependency-free approach of external libraries. Namely, we configure extensive tests for an analysis with no dependencies by replacing external libraries that can complicate the build process with hard coding. From the performance perspective, we provide analysis results of performance profiling, execution time, and memory usage for each of the KpqC candidates. From the implementation security perspective, we examine bugs and errors in the actual implementations using Valgrind software, a Metamorphic Testing methodology that can include wide test coverage and constant-time implementation against the timing attack. Until the KpqC standard algorithm is announced, we argue that continuous integration of extensive tests will lead to a high-level clean code of KpqC candidates.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - Graduate School > Department of Cyber Security > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.