This project provides a comprehensive benchmarking suite for testing various post-quantum cryptography (PQC) algorithms in TLS handshakes. It supports testing different Key Encapsulation Mechanism (KEM) and signature algorithms, with configurable network conditions.
- Benchmark multiple PQC algorithms including:
- KEMs: Kyber, MLKEM, BIKE, HQC, Frodo, and classical algorithms
- Signatures: Dilithium, SPHINCS+, Falcon, MAYO, and classical algorithms
- For more information, please refer to the yml file in the loop folder.
- Network condition simulation (packet loss, bandwidth limitation)
- Detailed performance metrics:
- Handshake time
- Memory usage
- CPU utilization
- Success/failure rates
- Automated result analysis with visualizations
- Support for hybrid classical-PQC combinations
- Linux-based operating system (tested on Ubuntu 20.04+)
- Root/sudo privileges (required for network namespace operations)
- Python 3.8 or higher
pip install -r requirements.txt
Required packages:
- psutil=6.0.0
- matplotlib=3.7.5.
- seaborn=0.13.0
- pandas=2.0.3
- numpy=1.24.0
- pyyaml=5.4.1
- pytest=4.6.9
- pytest-forked=1.1.3
- pytest-xdist=1.31.0
- Custom OpenSSL build with oqsprovider support
- OpenSSL Default Provider (v3.3.2) OpenSSL OQS Provider (v0.7.1-dev) liboqs (v0.11)
- oqsprovider installed and configured(Enable the algorithms you need to use as needed. You can refer to the oqs-provider page)
- Clone the repository:
git clone https://github.com/EscapedShark/TLS_PQC_performance.git
cd pqc-tls-benchmark- Install Python dependencies:
pip install -r requirements.txt- Ensure OpenSSL with oqsprovider is properly installed:
export OPENSSL_PATH="/usr/local/ssl/bin/openssl"The benchmark suite uses YAML configuration files to specify algorithms and network conditions. Example configuration:
algorithms:
kem:
- x25519
- kyber512
- mlkem768
sig:
- ed25519
- dilithium2
- falcon512
network_settings:
packet_loss: 10 # percentage
bandwidth: 10mbit # bandwidth limit
interface: veth0 # network interfaceYou can change the number of runs by modifying the run_benchmark function in benchmark.py
sudo python3 benchmark.py config.ymlsudo ./script.shThis will run benchmarks for all configuration files in the loop directory.
Results are saved in the results directory with the following structure:
results/
├── [config_name]/
│ ├── performance_statistics.csv
│ ├── handshake_error_statistics.png
│ ├── avg_handshake_time.png
│ ├── avg_memory_usage.png
│ ├── avg_cpu_usage.png
│ └── [algorithm]_results.txt
Each benchmark generates:
- Detailed performance metrics
- Error statistics
- Visualization plots
- Raw data in CSV format
The suite consists of several key components:
benchmark.py: Main benchmarking orchestratorclient.py: TLS client implementationserver.py: TLS server implementationutility.py: Helper functions and analysis toolsscript.sh: Batch processing script
The benchmark uses Linux network namespaces to create isolated network environments:
- Creates server_ns and client_ns namespaces
- Configures virtual ethernet (veth) pairs
- Applies network conditions (packet loss, bandwidth limits)
Common issues and solutions:
- Permission Errors
sudo chmod +x script.sh
sudo python3 benchmark.py config.yml- Network Namespace Issues
# Clean up existing namespaces
sudo ip netns delete server_ns
sudo ip netns delete client_ns- OpenSSL Provider Issues
# Verify OpenSSL providers
$OPENSSL_PATH list -providers- v1.0.0 (2025-01)
- Initial release
- Support for basic PQC algorithms
- Network condition simulation
- Performance metrics collection
Contributions are welcome! Please feel free to submit a Pull Request.
This project is licensed under the MIT License - see the LICENSE file for details.
- OpenQuantumSafe project for oqsprovider
- OpenSSL team
- Contributors and testers
For questions and support, please open an issue in the GitHub repository.