{"paper":{"title":"Signature Placement in Post-Quantum TLS Certificate Hierarchies: An Experimental Study of ML-DSA and SLH-DSA in TLS 1.3 Authentication","license":"http://creativecommons.org/licenses/by/4.0/","headline":"Placing SLH-DSA in the TLS server leaf certificate produces orders-of-magnitude higher handshake latency and server compute costs than restricting it to upper hierarchy layers.","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Jos\\'e Luis Delgado Jim\\'enez","submitted_at":"2026-04-07T17:13:10Z","abstract_excerpt":"Post-quantum migration in TLS 1.3 couples signature-algorithm choice with certificate-hierarchy structure, chain exposure during the handshake, and role-dependent cryptographic cost. In certificate-based authentication, the practical effect of a signature family depends on where it appears in the certification hierarchy, how much of that hierarchy is exposed during the handshake, and how the resulting cryptographic cost is distributed across client and server roles. Post-quantum TLS migration must therefore be evaluated as cryptographic design within authenticated key establishment, with algor"},"claims":{"count":4,"items":[{"kind":"strongest_claim","text":"The clearest discontinuity appears when SLH-DSA is placed in the server leaf certificate. In that configuration, handshake latency and server-side compute cost increase by orders of magnitude, while strategies that confine SLH-DSA to upper trust layers and preserve ML-DSA in the interactive leaf remain within a substantially more plausible operational range.","source":"verdict.strongest_claim","status":"machine_extracted","claim_id":"C1","attestation":"unclaimed"},{"kind":"weakest_assumption","text":"That the local laboratory setup using OpenSSL 3 and oqsprovider produces measurements representative of production TLS deployments across varied network conditions and hardware.","source":"verdict.weakest_assumption","status":"machine_extracted","claim_id":"C2","attestation":"unclaimed"},{"kind":"one_line_summary","text":"Placing SLH-DSA in the TLS server leaf certificate causes orders-of-magnitude higher handshake latency and server compute cost than confining it to upper certificate layers while using ML-DSA at the leaf.","source":"verdict.one_line_summary","status":"machine_extracted","claim_id":"C3","attestation":"unclaimed"},{"kind":"headline","text":"Placing SLH-DSA in the TLS server leaf certificate produces orders-of-magnitude higher handshake latency and server compute costs than restricting it to upper hierarchy layers.","source":"verdict.pith_extraction.headline","status":"machine_extracted","claim_id":"C4","attestation":"unclaimed"}],"snapshot_sha256":"d095b7a9a0b7c1f154381b837ff526608b5fe550ee2079ef72a92727cb8199a3"},"source":{"id":"2604.06100","kind":"arxiv","version":3},"verdict":{"id":"4b0be981-52d0-46e3-82b8-2e6bb7e1fe4a","model_set":{"reader":"grok-4.3"},"created_at":"2026-05-10T19:12:48.937998Z","strongest_claim":"The clearest discontinuity appears when SLH-DSA is placed in the server leaf certificate. In that configuration, handshake latency and server-side compute cost increase by orders of magnitude, while strategies that confine SLH-DSA to upper trust layers and preserve ML-DSA in the interactive leaf remain within a substantially more plausible operational range.","one_line_summary":"Placing SLH-DSA in the TLS server leaf certificate causes orders-of-magnitude higher handshake latency and server compute cost than confining it to upper certificate layers while using ML-DSA at the leaf.","pipeline_version":"pith-pipeline@v0.9.0","weakest_assumption":"That the local laboratory setup using OpenSSL 3 and oqsprovider produces measurements representative of production TLS deployments across varied network conditions and hardware.","pith_extraction_headline":"Placing SLH-DSA in the TLS server leaf certificate produces orders-of-magnitude higher handshake latency and server compute costs than restricting it to upper hierarchy layers."},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2604.06100/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":2,"snapshot_sha256":"dd7c7f07759005e591fcdefbd3a7ff848d11f28e03feffa81fce8400731e43ac"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"}