We have recently become aware of a team of researchers at R.C. ATHENA and Monash University that have completed yet another post-quantum integration of wolfSSL. Their implementations can be found at https://gitlab.com/g_tasop/ . There, you will find two projects, “PQ WolfSSL for PC” and “PQ WolfSSL for embedded”. The team discusses some of their findings regarding performance in their paper which can be found at https://eprint.iacr.org/2021/1553.pdf. They integrate the KYBER and SABER KEMs as well as Dilithium and FALCON authentication schemes.
We would like to thank the team for picking wolfSSL and highlight a particular passage from their paper:
“Regarding TLS open-source solutions for embedded systems, the most famous and widely used implementations are: Mbed TLS  and wolfSSL [8, 9]. With Mbed TLS lacking support for TLS 1.3, wolfSSL is the only option to be adopted in this paper’s research work.”
I would also like to highlight another wise passage in their paper:
“…in most realistic embedded devices usage scenarios the embedded system acts as a client, connected to a powerful server…”
We at wolfSSL agree and this is why we chose to implement FALCON. It is an authentication scheme that does not perform as well for key generation and signing, but does extremely well for the verification operation; even faster than currently standardized algorithms. In IOT server-only (non-mutual) authentication is more typical. During practical experimentation, high performance hardware can offset signing operation speeds while during verification on embedded systems, FALCON’s inherent speed can offset the performance of the hardware.
If you are interested, we encourage you to download and read the paper as it is quite unique. Here is a quick summary of some of their conclusions:
- The KEM algorithms provide similar performance to already standardized algorithms.
- The largest impact on performance is introduced by the authentication schemes.
- In terms of energy consumption, it is shown that the average current consumption is independent of PQ algorithms, since it is probably dominated by the communication transmission cost.
- If your signer is going to be resource constrained, use Dilithium, but in IOT use cases, it is more likely that your verifier is going to be resource constrained. In this case use FALCON.
Here at wolfSSL, we are here to support you and your IOT efforts; even in a post-quantum world!
Contact us at firstname.lastname@example.org for any questions or comments.