Assessing the Real-World Impact of Post-Quantum Cryptography on WPA-Enterprise Networks

Bastian Buck; Lukas K\"oder; Michael Menth; Nils Lohmiller; Phil Schmieder; Tobias Heer

arxiv: 2601.22892 · v1 · submitted 2026-01-30 · 💻 cs.CR · cs.NI· cs.PF

Assessing the Real-World Impact of Post-Quantum Cryptography on WPA-Enterprise Networks

Lukas K\"oder , Nils Lohmiller , Phil Schmieder , Bastian Buck , Michael Menth , Tobias Heer This is my paper

Pith reviewed 2026-05-16 09:22 UTC · model grok-4.3

classification 💻 cs.CR cs.NIcs.PF

keywords post-quantum cryptographyWPA-EnterpriseWi-Fi authenticationML-KEMML-DSAFalconsession resumptionnetwork performance

0 comments

The pith

Post-quantum cryptography combinations make WPA-Enterprise authentication practical with limited added latency.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper evaluates how post-quantum cryptographic algorithms affect the speed of Wi-Fi enterprise network logins. It sets up a test network using standard open-source tools to measure delays at different points in the authentication process. The results identify specific algorithm pairs that balance strong quantum resistance against acceptable slowdowns. Session resumption techniques are shown to further reduce any extra time needed. This assessment matters because current Wi-Fi security will fail against future quantum computers, and knowing which replacements work in real setups helps plan the transition.

Core claim

The central claim is that while post-quantum cryptography increases authentication latency in WPA-Enterprise networks, combinations such as ML-DSA-65 and Falcon-1024 used with ML-KEM provide a favorable security-performance trade-off, and this overhead can be effectively mitigated through session resumption, demonstrating the practical feasibility for enterprise deployments.

What carries the argument

Experimental measurement of authentication latency in a testbed using FreeRADIUS and hostapd for various PQC algorithm combinations, compared to classical schemes and categorized by quantum security level.

If this is right

Combinations like ML-DSA-65 with ML-KEM offer better balance than others for quantum-safe Wi-Fi.
Session resumption reduces the performance overhead introduced by PQC.
PQC-enabled WPA-Enterprise is feasible for real enterprise deployments.
The security implications can be categorized by the quantum computational effort required to break them.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Network administrators can begin testing these specific algorithm sets in their environments to prepare for quantum threats.
Similar performance evaluations may be needed for other network protocols using PQC.
Further optimizations beyond session resumption could make PQC even more efficient in wireless settings.

Load-bearing premise

The testbed built with FreeRADIUS and hostapd accurately represents performance and behavior in production enterprise WPA-Enterprise networks.

What would settle it

Running the same PQC algorithm combinations on a large production WPA-Enterprise network and observing authentication latencies substantially higher than those measured in the testbed.

Figures

Figures reproduced from arXiv: 2601.22892 by Bastian Buck, Lukas K\"oder, Michael Menth, Nils Lohmiller, Phil Schmieder, Tobias Heer.

**Figure 2.** Figure 2: FIGURE 2: PQ-EAP-TLS message exchange between a [PITH_FULL_IMAGE:figures/full_fig_p005_2.png] view at source ↗

**Figure 3.** Figure 3: FIGURE 3: Testbed setup for three evaluation situations: a) [PITH_FULL_IMAGE:figures/full_fig_p006_3.png] view at source ↗

**Figure 4.** Figure 4: FIGURE 4: Median EAP-TLS duration of the three evalua [PITH_FULL_IMAGE:figures/full_fig_p008_4.png] view at source ↗

**Figure 5.** Figure 5: FIGURE 5: Median EAP-TLS session resumption duration [PITH_FULL_IMAGE:figures/full_fig_p009_5.png] view at source ↗

**Figure 6.** Figure 6: shows the time delta of EAP-TTLS and PQCHybrid variations compared to the authentication time of pure PQC EAP-TLS for evaluation situation a). The left makers represent the EAP-TTLS authentication, while the right markers show the PQC-Hybrid variations. The time differences are shown for the three areas (client, AP, and server) at both 2.4 GHz and 5 GHz. Across all algorithms and security levels, EAP-TTLS… view at source ↗

**Figure 7.** Figure 7: FIGURE 7: Overview of PQC algorithms number of required [PITH_FULL_IMAGE:figures/full_fig_p011_7.png] view at source ↗

read the original abstract

The advent of large-scale quantum computers poses a significant threat to contemporary network security protocols, including Wi-Fi Protected Access (WPA)-Enterprise authentication. To mitigate this threat, the adoption of Post-Quantum Cryptography (PQC) is critical. In this work, we investigate the performance impact of PQC algorithms on WPA-Enterprise-based authentication. To this end, we conduct an experimental evaluation of authentication latency using a testbed built with the open-source tools FreeRADIUS and hostapd, measuring the time spent at the client, access point, and RADIUS server. We evaluate multiple combinations of PQC algorithms and analyze their performance overhead in comparison to currently deployed cryptographic schemes. Beyond performance, we assess the security implications of these algorithm choices by relating authentication mechanisms to the quantum effort required for their exploitation. This perspective enables a systematic categorization of PQ-relevant weaknesses in WPA-Enterprise according to their practical urgency. The evaluation results show that, although PQC introduces additional authentication latency, combinations such as ML-DSA-65 and Falcon-1024 used in conjunction with ML-KEM provide a favorable trade-off between security and performance. Furthermore, we demonstrate that the resulting overhead can be effectively mitigated through session resumption. Overall, this work presents a first real-world performance evaluation of PQC-enabled WPA-Enterprise authentication and demonstrates its practical feasibility for enterprise Wi-Fi deployments.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper gives the first lab timings for PQC in WPA-Enterprise but its clean testbed leaves the real-world claims provisional.

read the letter

The main new thing here is the set of direct latency measurements taken on a FreeRADIUS plus hostapd testbed for several post-quantum algorithm combinations in WPA-Enterprise authentication. Earlier papers stayed at the level of theory or simulation; this one actually wires the algorithms into the real protocol flow and breaks out the time spent at client, access point, and RADIUS server. That alone makes the numbers worth looking at if you need a starting point for PQC Wi-Fi planning. They also show that session resumption cuts most of the added delay and that certain pairings (ML-DSA-65 or Falcon-1024 with ML-KEM) keep the overhead modest while meeting reasonable security targets. The security discussion is straightforward: it simply maps each choice to the quantum effort required to break it, which helps rank the options without overclaiming. The measurements themselves are reported as raw timings rather than fitted models, so they are easy to reproduce against the same setup. The soft spot is the testbed. It runs in a quiet lab with single clients and no background load, packet loss, or hardware variety. Real enterprise networks add concurrent authentications, mixed OS stacks, backbone jitter, and RADIUS contention, all of which can shift both the absolute overhead and the benefit of resumption. The abstract gives no error bars or trial counts, so it is hard to judge how stable the reported differences are. The generalization to “practical feasibility for enterprise Wi-Fi deployments” therefore rests on an untested assumption that lab conditions are representative. This paper is useful for anyone who needs concrete ballpark figures before they run their own pilots. It is not yet strong enough to settle deployment questions on its own. I would bring it to a reading group to talk through what a follow-up with realistic load would look like. I would cite the latency numbers if I needed a reference for PQC Wi-Fi costs. It deserves peer review because the data is new and the question is timely, even if the testbed needs more stress testing.

Referee Report

2 major / 0 minor

Summary. The paper claims to provide the first real-world experimental evaluation of post-quantum cryptography (PQC) impact on WPA-Enterprise authentication. Using a testbed built with FreeRADIUS and hostapd, it measures authentication latency at the client, access point, and RADIUS server for multiple PQC algorithm combinations, compares them against classical schemes, relates choices to quantum security effort, and concludes that ML-DSA-65 and Falcon-1024 paired with ML-KEM yield a favorable security-performance trade-off whose overhead can be effectively mitigated by session resumption, thereby demonstrating practical feasibility for enterprise Wi-Fi deployments.

Significance. If the reported latency measurements prove robust, the work supplies one of the earliest empirical data points on PQC integration into production Wi-Fi authentication protocols. The concrete identification of algorithm combinations that balance quantum resistance against acceptable overhead, together with the session-resumption mitigation result, would be directly useful to standards bodies and network operators planning quantum-safe transitions.

major comments (2)

[Abstract] Abstract: the central claims that 'combinations such as ML-DSA-65 and Falcon-1024 used in conjunction with ML-KEM provide a favorable trade-off' and that 'the resulting overhead can be effectively mitigated through session resumption' are asserted without any reported number of trials, error bars, standard deviations, or explicit controls for network variability, rendering the quantitative support for these performance conclusions unverifiable.
[Testbed and evaluation sections] Testbed and evaluation sections: the assertion of 'practical feasibility for enterprise Wi-Fi deployments' rests on the unverified assumption that the controlled FreeRADIUS/hostapd lab setup generalizes to production conditions; the manuscript does not address or measure the effects of concurrent client load, heterogeneous hardware/OS stacks, RADIUS contention, or backbone jitter, all of which could alter both absolute overhead and the relative benefit of resumption.

Simulated Author's Rebuttal

2 responses · 1 unresolved

We thank the referee for the constructive comments, which help strengthen the presentation of our experimental results. We address each major comment below and indicate the revisions made or planned.

read point-by-point responses

Referee: [Abstract] Abstract: the central claims that 'combinations such as ML-DSA-65 and Falcon-1024 used in conjunction with ML-KEM provide a favorable trade-off' and that 'the resulting overhead can be effectively mitigated through session resumption' are asserted without any reported number of trials, error bars, standard deviations, or explicit controls for network variability, rendering the quantitative support for these performance conclusions unverifiable.

Authors: We agree that the abstract would benefit from explicit statistical context. The evaluation section reports results from 100 independent authentication trials per algorithm combination, with standard deviations and 95% confidence intervals shown in Tables 2–4 and Figures 3–5. Network variability was controlled by running all experiments on an isolated Gigabit Ethernet testbed with no background traffic. We will revise the abstract to state the number of trials and note that detailed statistics and variability controls appear in the evaluation section, thereby making the central claims directly verifiable from the abstract. revision: yes
Referee: [Testbed and evaluation sections] Testbed and evaluation sections: the assertion of 'practical feasibility for enterprise Wi-Fi deployments' rests on the unverified assumption that the controlled FreeRADIUS/hostapd lab setup generalizes to production conditions; the manuscript does not address or measure the effects of concurrent client load, heterogeneous hardware/OS stacks, RADIUS contention, or backbone jitter, all of which could alter both absolute overhead and the relative benefit of resumption.

Authors: We acknowledge that the testbed is a controlled single-client laboratory setup and does not measure concurrent client load, heterogeneous hardware, RADIUS server contention, or backbone jitter. The manuscript already states in Section 5 that results represent baseline cryptographic overhead under ideal conditions. We will expand the limitations paragraph to explicitly discuss how these unmeasured factors could affect absolute latencies and the relative benefit of session resumption. Because the work focuses on isolating PQC overhead rather than full-scale production benchmarking, we cannot add new measurements of those variables in the current revision; the reported relative trade-offs remain useful as initial guidance for standards bodies and operators. revision: partial

standing simulated objections not resolved

Complete empirical validation of generalization to production environments with concurrent clients, heterogeneous hardware, and variable backbone conditions would require additional large-scale experiments outside the scope of this study.

Circularity Check

0 steps flagged

No circularity: direct empirical measurements with no derivation chain

full rationale

The paper conducts an experimental evaluation using a testbed with FreeRADIUS and hostapd to measure authentication latencies for various PQC algorithm combinations. Claims about favorable trade-offs (e.g., ML-DSA-65 + Falcon-1024 with ML-KEM) and mitigation via session resumption are presented as outcomes of these direct timing measurements at client, AP, and server, compared against classical schemes. No equations, fitted parameters, predictions, or self-citations form a load-bearing derivation that reduces to inputs by construction. The work is self-contained as a reporting of observed performance data; the testbed representativeness is an external validity concern, not a circularity issue.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claim rests on the domain assumption that the chosen testbed configuration and PQC algorithm implementations produce latencies representative of production enterprise networks; no free parameters or invented entities are introduced.

axioms (1)

domain assumption The testbed built with FreeRADIUS and hostapd accurately represents performance in production enterprise WPA-Enterprise networks
Invoked to generalize measured latencies to real-world deployments

pith-pipeline@v0.9.0 · 5562 in / 1111 out tokens · 28600 ms · 2026-05-16T09:22:16.543755+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

37 extracted references · 37 canonical work pages

[1]

The EAP-TLS Authentication Protocol,

D. Simon, R. Hurst, and D. B. D. Aboba, “The EAP-TLS Authentication Protocol,” RFC 5216, 2008. [Online]. Available: https://www.rfc-editor.org/info/rfc5216

work page 2008
[2]

Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0),

P. Funk and S. Blake-Wilson, “Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0),” RFC 5281, Aug. 2008. [Online]. Available: https://www.rfc-editor.org/info/rfc5281

work page 2008
[3]

Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer,

P. W. Shor, “Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer,”SIAM Journal on Computing, vol. 26, no. 5, 1997

work page 1997
[4]

Entwicklungsstand Quantencomputer – Version 2.1,

Bundesamt f ¨ur Sicherheit in der Informationstechnik (BSI), “Entwicklungsstand Quantencomputer – Version 2.1,” Bundesamt f¨ur Sicherheit in der Informationstechnik, Studie, Jan. 2025, last Accessed: 2025-10-01. [Online]. Available: https: 12 VOLUME , //www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/ Studien/Quantencomputer/Entwicklungstand QC ...

work page 2025
[5]

Post-Quantum Cryptography: Call for Proposals,

National Institute of Standards and Technology, “Post-Quantum Cryptography: Call for Proposals,” December 2016, last Accessed: 2025-07-08. [Online]. Available: https://csrc.nist.gov/ Projects/Post-Quantum-Cryptography/Call-for-Proposals

work page 2016
[6]

Post-Quantum Signatures Zoo: NIST Round 2,

PQShield Research Team, “Post-Quantum Signatures Zoo: NIST Round 2,” 2024, Last Accessed: 2025-10-01. [Online]. Available: https://pqshield.github.io/nist-sigs-zoo/

work page 2024
[7]

SPHINCS+,

A. H ¨ulsing, D. J. Bernstein, C. Dobraunig, M. Eichlseder, S. Fluhrer, S.-L. Gazdag, P. Kampanakis, S. K ¨olbl, T. Lange, M. M. Lauridsen, F. Mendel, R. Niederhagen, C. Rechberger, J. Rijneveld, P. Schwabe, J.-P. Aumasson, B. Westerbaan, and W. Beullens, “SPHINCS+,” 2020, Last Accessed: 2025-10-01. [Online]. Available: https://csrc.nist.gov/projects/post...

work page 2020
[8]

Call for Additional Digital Signature Schemes for the Post-Quantum Cryptography Standardization Process,

National Institute of Standards and Technology, “Call for Additional Digital Signature Schemes for the Post-Quantum Cryptography Standardization Process,” 2022, Last Accessed: 2025- 07-03. [Online]. Available: https://csrc.nist.gov/csrc/media/Projects/ pqc-dig-sig/documents/call-for-proposals-dig-sig-sept-2022.pdf

work page 2022
[9]

CRYSTALS-KYBER,

P. Schwabe, R. Avanzi, J. Bos, L. Ducas, E. Kiltz, T. Lepoint, V . Lyubashevsky, J. M. Schanck, G. Seiler, and D. Stehl ´e, “CRYSTALS-KYBER,” 2020, Last Accessed: 2025-10-01. [Online]. Available: https://csrc.nist.gov/projects/post-quantum-cryptography/ post-quantum-cryptography-standardization/round-3-submissions

work page 2020
[10]

title Post-quantum cryptography standards: FIPS 203, 204, 205

National Institute of Standards and Technology, “Module-Lattice- Based Key-Encapsulation Mechanism Standard,” Department of Commerce, Federal Information Processing Standards Publication NIST FIPS 203, 2024, Last Accessed: 2025-10-01. [Online]. Available: https://doi.org/10.6028/NIST.FIPS.203

work page doi:10.6028/nist.fips.203 2024
[11]

Module-Lattice-Based Digital Signature Standard,

——, “Module-Lattice-Based Digital Signature Standard,” Department of Commerce, Federal Information Processing Standards Publication NIST FIPS 204, 2024. [Online]. Available: https://doi.org/10.6028/ NIST.FIPS.204

work page 2024
[12]

Stateless Hash-Based Digital Signature Standard,

——, “Stateless Hash-Based Digital Signature Standard,” Department of Commerce, Federal Information Processing Standards Publication NIST FIPS 205, 2024. [Online]. Available: https://doi.org/10.6028/ NIST.FIPS.205

work page 2024
[13]

Basic Lattice Cryptography: The concepts behind Kyber (ML-KEM) and Dilithium (ML-DSA),

V . Lyubashevsky, “Basic Lattice Cryptography: The concepts behind Kyber (ML-KEM) and Dilithium (ML-DSA),” Cryptology ePrint Archive, Report 2024/1287, 2024, Last Accessed: 2025-10-01. [Online]. Available: https://eprint.iacr.org/2024/1287

work page 2024
[14]

Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process,

G. Alagic, D. Apon, D. Cooper, Q. Dang, T. Dang, J. Kelsey, J. Lichtinger, Y .-K. Liu, C. Miller, D. Moody, R. Peralta, R. Perlner, A. Robinson, and D. Smith-Tone, “Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process,” National Institute of Standards and Technology, NIST Interagency or Internal Report, July 2022....

work page doi:10.6028/nist.ir.8413-upd1 2022
[15]

A Fast Quantum Mechanical Algorithm for Database Search,

L. K. Grover, “A Fast Quantum Mechanical Algorithm for Database Search,” inACM Symposium on Theory of Computing (STOC), Philadelphia, USA, May 1996

work page 1996
[16]

A look at the latest post-quantum signature standardization candidates,

B. Westerbaan and L. Valenta, “A look at the latest post-quantum signature standardization candidates,” 2022, Last Accessed: 2025-07-07. [Online]. Available: https://blog.cloudflare. com/another-look-at-pq-signatures/

work page 2022
[17]

EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3,

J. P. Mattsson and M. Sethi, “EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3,” RFC 9190, 2022. [Online]. Available: https://www.rfc-editor.org/info/rfc9190

work page 2022
[18]

The Transport Layer Security (TLS) Protocol Version 1.3,

E. Rescorla, “The Transport Layer Security (TLS) Protocol Version 1.3,” RFC 8446, 2018. [Online]. Available: https://www.rfc-editor. org/info/rfc8446

work page 2018
[19]

Re: [Cfrg] proposed PAKE selection process,

Steve Thomas, “Re: [Cfrg] proposed PAKE selection process,” CFRG Mailing list, Tech. Rep., 2019, Last Accessed: 2025- 10-01. [Online]. Available: https://mailarchive.ietf.org/arch/msg/cfrg/ dtf91cmavpzT47U3A VxrVGNB5UM/

work page 2019
[20]

The “Quantum Annoying

E. Eaton and D. Stebila, “The “Quantum Annoying” Property of Password-Authenticated Key Exchange Protocols,” inInterna- tional Conference on Post-Quantum Cryptography (PQCrypto), Dae- jeon,South Korea, Jul. 2021

work page 2021
[21]

WiFi Re- ceived Signal Strength (RSS) Based Automated Attendance System for Educational Institutions,

S. M. Khan, M. T. Maliha, M. S. Haque, and A. Rahman, “WiFi Re- ceived Signal Strength (RSS) Based Automated Attendance System for Educational Institutions,” inInternational Conference on Networking, Systems, and Security (NSysS), Khulna Karak, Bangladesh, Jan. 2025

work page 2025
[22]

Post-Quantum Cryptography: Additional Digital Signature Schemes,

National Institute of Standards and Technology, “Post-Quantum Cryptography: Additional Digital Signature Schemes,” Department of Commerce, Federal Information Processing Standards Publication, 2025, Last Accessed: 2025-10-01. [Online]. Available: https: //csrc.nist.gov/Projects/pqc-dig-sig/round-2-additional-signatures

work page 2025
[23]

Performance Evaluation of Quantum-Resistant TLS for Consumer IoT Devices,

J. Bozhko, Y . Hanna, R. Harrilal-Parchment, S. Tonyali, and K. Akkaya, “Performance Evaluation of Quantum-Resistant TLS for Consumer IoT Devices,” inIEEE Consumer Communications and Networking Conference (CCNC), Las Vegas, USA, Jan. 2023

work page 2023
[24]

A comprehensive and realistic performance evaluation of post-quantum security for consumer IoT devices,

Y . Hanna, J. Bozhko, S. Tonyali, R. Harrilal-Parchment, M. Cebe, and K. Akkaya, “A comprehensive and realistic performance evaluation of post-quantum security for consumer IoT devices,”Internet of Things, vol. 33, Sep. 2025

work page 2025
[25]

Post-Quantum TLS on Embedded Systems: Integrating and Evaluating Kyber and SPHINCS+ with Mbed TLS,

K. B ¨urstinghaus-Steinbach, C. Krauß, R. Niederhagen, and M. Schnei- der, “Post-Quantum TLS on Embedded Systems: Integrating and Evaluating Kyber and SPHINCS+ with Mbed TLS,” inACM Asia Conference on Computer and Communications Security (ASIA CSS), Taipei, Taiwan, Oct. 2020

work page 2020
[26]

Performance Evaluation of Post-Quantum TLS 1.3 on Resource-Constrained Embedded Systems,

G. Tasopoulos, J. Li, A. P. Fournaris, R. K. Zhao, A. Sakzad, and R. Steinfeld, “Performance Evaluation of Post-Quantum TLS 1.3 on Resource-Constrained Embedded Systems,” inInternational Conference on Information Security Practice and Experience (ISPEC), Cham, Nov. 2022

work page 2022
[27]

Performance Evaluation of TLS 1.3 Handshake on Resource-Constrained Devices Using NIST’s Third Round Post-Quantum Key Encapsulation Mechanisms and Digital Signatures,

S. Sarıbas ¸ and S. Tonyalı, “Performance Evaluation of TLS 1.3 Handshake on Resource-Constrained Devices Using NIST’s Third Round Post-Quantum Key Encapsulation Mechanisms and Digital Signatures,” inInternational Conference on Computer Science and Engineering (UBMK), Diyarbakir, Turkey, Sep. 2022

work page 2022
[28]

The Performance of Post-Quantum TLS 1.3,

M. Sosnowski, F. Wiedner, E. Hauser, L. Steger, D. Schoinianakis, S. Gallenm ¨uller, and G. Carle, “The Performance of Post-Quantum TLS 1.3,” inProceedings of the International Conference on emerging Networking EXperiments and Technologies (CoNEXT), Paris, France, Dec. 2023

work page 2023
[29]

Assessing the Overhead of Post-Quantum Cryptography in TLS 1.3 and SSH,

D. Sikeridis, P. Kampanakis, and M. Devetsikiotis, “Assessing the Overhead of Post-Quantum Cryptography in TLS 1.3 and SSH,” in Proceedings of the International Conference on emerging Networking EXperiments and Technologies (CoNEXT), Barcelona, Spain, Nov. 2020

work page 2020
[30]

Post-Quantum Authentication in TLS 1.3: A Performance Study,

——, “Post-Quantum Authentication in TLS 1.3: A Performance Study,” inNetwork and Distributed System Security Symposium (NDSS), San Diego, USA, Feb. 2020

work page 2020
[31]

A Performance Evaluation Framework for Post-Quantum TLS,

J. A. Montenegro, R. Rios, and J. Lopez-Cerezo, “A Performance Evaluation Framework for Post-Quantum TLS,”Future Generation Computer Systems, vol. 175, 2026

work page 2026
[32]

Evaluating the Per- formance of Post-Quantum Secure Algorithms in the TLS Protocol,

I. Tzinos, K. Limniotis, and N. Kolokotronis, “Evaluating the Per- formance of Post-Quantum Secure Algorithms in the TLS Protocol,” Journal of Surveillance, Security and Safety, vol. 3, 2022

work page 2022
[33]

Mixed Cer- tificate Chains for the Transition to Post-Quantum Authentication in TLS 1.3,

S. Paul, Y . Kuzovkova, N. Lahr, and R. Niederhagen, “Mixed Cer- tificate Chains for the Transition to Post-Quantum Authentication in TLS 1.3,” inACM Asia Conference on Computer and Communications Security (ASIA CSS), Nagasaki, Japan, May 2022

work page 2022
[34]

Perfor- mance Impact of PQC KEMs on TLS 1.3 Under Varying Network Characteristics,

J. Henrich, A. Heinemann, A. Wiesmaier, and N. Schmitt, “Perfor- mance Impact of PQC KEMs on TLS 1.3 Under Varying Network Characteristics,” inInternational Conference on Information Security (ISC), Groningen, Netherlands, Nov. 2023

work page 2023
[35]

Post-Quantum Key Exchange in TLS 1.3: Further Analysis on Performance of New Cryptographic Standards,

K. Souvatzidaki and K. Limniotis, “Post-Quantum Key Exchange in TLS 1.3: Further Analysis on Performance of New Cryptographic Standards,”Cryptography, vol. 9, 2025

work page 2025
[36]

A Lot of Data and Added Complexity. How Does PQC Affect the Performance of My TLS Connection?

J. Henrich, N. Schmitt, N. Alnahawi, and A. Heinemann, “A Lot of Data and Added Complexity. How Does PQC Affect the Performance of My TLS Connection?” inInternational Conference on Information Security (ISC), Seoul, Korea, Oct. 2025

work page 2025
[37]

Post-Quantum MACsec in Ethernet Networks,

J. Y . Cho and A. Sergeev, “Post-Quantum MACsec in Ethernet Networks,”Journal of Cyber Security and Mobility, vol. 10, 2021. VOLUME , 13 Authoret al.: Preparation of Papers for IEEE OPEN JOURNALS LUKAS K ¨ODERreceived the M.S. degrees in Applied Informatics with a specialization in IT Se- curity in 2024. He is currently pursuing the Ph.D. degree in Inform...

work page 2021

[1] [1]

The EAP-TLS Authentication Protocol,

D. Simon, R. Hurst, and D. B. D. Aboba, “The EAP-TLS Authentication Protocol,” RFC 5216, 2008. [Online]. Available: https://www.rfc-editor.org/info/rfc5216

work page 2008

[2] [2]

Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0),

P. Funk and S. Blake-Wilson, “Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0),” RFC 5281, Aug. 2008. [Online]. Available: https://www.rfc-editor.org/info/rfc5281

work page 2008

[3] [3]

Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer,

P. W. Shor, “Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer,”SIAM Journal on Computing, vol. 26, no. 5, 1997

work page 1997

[4] [4]

Entwicklungsstand Quantencomputer – Version 2.1,

Bundesamt f ¨ur Sicherheit in der Informationstechnik (BSI), “Entwicklungsstand Quantencomputer – Version 2.1,” Bundesamt f¨ur Sicherheit in der Informationstechnik, Studie, Jan. 2025, last Accessed: 2025-10-01. [Online]. Available: https: 12 VOLUME , //www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/ Studien/Quantencomputer/Entwicklungstand QC ...

work page 2025

[5] [5]

Post-Quantum Cryptography: Call for Proposals,

National Institute of Standards and Technology, “Post-Quantum Cryptography: Call for Proposals,” December 2016, last Accessed: 2025-07-08. [Online]. Available: https://csrc.nist.gov/ Projects/Post-Quantum-Cryptography/Call-for-Proposals

work page 2016

[6] [6]

Post-Quantum Signatures Zoo: NIST Round 2,

PQShield Research Team, “Post-Quantum Signatures Zoo: NIST Round 2,” 2024, Last Accessed: 2025-10-01. [Online]. Available: https://pqshield.github.io/nist-sigs-zoo/

work page 2024

[7] [7]

SPHINCS+,

A. H ¨ulsing, D. J. Bernstein, C. Dobraunig, M. Eichlseder, S. Fluhrer, S.-L. Gazdag, P. Kampanakis, S. K ¨olbl, T. Lange, M. M. Lauridsen, F. Mendel, R. Niederhagen, C. Rechberger, J. Rijneveld, P. Schwabe, J.-P. Aumasson, B. Westerbaan, and W. Beullens, “SPHINCS+,” 2020, Last Accessed: 2025-10-01. [Online]. Available: https://csrc.nist.gov/projects/post...

work page 2020

[8] [8]

Call for Additional Digital Signature Schemes for the Post-Quantum Cryptography Standardization Process,

National Institute of Standards and Technology, “Call for Additional Digital Signature Schemes for the Post-Quantum Cryptography Standardization Process,” 2022, Last Accessed: 2025- 07-03. [Online]. Available: https://csrc.nist.gov/csrc/media/Projects/ pqc-dig-sig/documents/call-for-proposals-dig-sig-sept-2022.pdf

work page 2022

[9] [9]

CRYSTALS-KYBER,

P. Schwabe, R. Avanzi, J. Bos, L. Ducas, E. Kiltz, T. Lepoint, V . Lyubashevsky, J. M. Schanck, G. Seiler, and D. Stehl ´e, “CRYSTALS-KYBER,” 2020, Last Accessed: 2025-10-01. [Online]. Available: https://csrc.nist.gov/projects/post-quantum-cryptography/ post-quantum-cryptography-standardization/round-3-submissions

work page 2020

[10] [10]

title Post-quantum cryptography standards: FIPS 203, 204, 205

National Institute of Standards and Technology, “Module-Lattice- Based Key-Encapsulation Mechanism Standard,” Department of Commerce, Federal Information Processing Standards Publication NIST FIPS 203, 2024, Last Accessed: 2025-10-01. [Online]. Available: https://doi.org/10.6028/NIST.FIPS.203

work page doi:10.6028/nist.fips.203 2024

[11] [11]

Module-Lattice-Based Digital Signature Standard,

——, “Module-Lattice-Based Digital Signature Standard,” Department of Commerce, Federal Information Processing Standards Publication NIST FIPS 204, 2024. [Online]. Available: https://doi.org/10.6028/ NIST.FIPS.204

work page 2024

[12] [12]

Stateless Hash-Based Digital Signature Standard,

——, “Stateless Hash-Based Digital Signature Standard,” Department of Commerce, Federal Information Processing Standards Publication NIST FIPS 205, 2024. [Online]. Available: https://doi.org/10.6028/ NIST.FIPS.205

work page 2024

[13] [13]

Basic Lattice Cryptography: The concepts behind Kyber (ML-KEM) and Dilithium (ML-DSA),

V . Lyubashevsky, “Basic Lattice Cryptography: The concepts behind Kyber (ML-KEM) and Dilithium (ML-DSA),” Cryptology ePrint Archive, Report 2024/1287, 2024, Last Accessed: 2025-10-01. [Online]. Available: https://eprint.iacr.org/2024/1287

work page 2024

[14] [14]

Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process,

G. Alagic, D. Apon, D. Cooper, Q. Dang, T. Dang, J. Kelsey, J. Lichtinger, Y .-K. Liu, C. Miller, D. Moody, R. Peralta, R. Perlner, A. Robinson, and D. Smith-Tone, “Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process,” National Institute of Standards and Technology, NIST Interagency or Internal Report, July 2022....

work page doi:10.6028/nist.ir.8413-upd1 2022

[15] [15]

A Fast Quantum Mechanical Algorithm for Database Search,

L. K. Grover, “A Fast Quantum Mechanical Algorithm for Database Search,” inACM Symposium on Theory of Computing (STOC), Philadelphia, USA, May 1996

work page 1996

[16] [16]

A look at the latest post-quantum signature standardization candidates,

B. Westerbaan and L. Valenta, “A look at the latest post-quantum signature standardization candidates,” 2022, Last Accessed: 2025-07-07. [Online]. Available: https://blog.cloudflare. com/another-look-at-pq-signatures/

work page 2022

[17] [17]

EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3,

J. P. Mattsson and M. Sethi, “EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3,” RFC 9190, 2022. [Online]. Available: https://www.rfc-editor.org/info/rfc9190

work page 2022

[18] [18]

The Transport Layer Security (TLS) Protocol Version 1.3,

E. Rescorla, “The Transport Layer Security (TLS) Protocol Version 1.3,” RFC 8446, 2018. [Online]. Available: https://www.rfc-editor. org/info/rfc8446

work page 2018

[19] [19]

Re: [Cfrg] proposed PAKE selection process,

Steve Thomas, “Re: [Cfrg] proposed PAKE selection process,” CFRG Mailing list, Tech. Rep., 2019, Last Accessed: 2025- 10-01. [Online]. Available: https://mailarchive.ietf.org/arch/msg/cfrg/ dtf91cmavpzT47U3A VxrVGNB5UM/

work page 2019

[20] [20]

The “Quantum Annoying

E. Eaton and D. Stebila, “The “Quantum Annoying” Property of Password-Authenticated Key Exchange Protocols,” inInterna- tional Conference on Post-Quantum Cryptography (PQCrypto), Dae- jeon,South Korea, Jul. 2021

work page 2021

[21] [21]

WiFi Re- ceived Signal Strength (RSS) Based Automated Attendance System for Educational Institutions,

S. M. Khan, M. T. Maliha, M. S. Haque, and A. Rahman, “WiFi Re- ceived Signal Strength (RSS) Based Automated Attendance System for Educational Institutions,” inInternational Conference on Networking, Systems, and Security (NSysS), Khulna Karak, Bangladesh, Jan. 2025

work page 2025

[22] [22]

Post-Quantum Cryptography: Additional Digital Signature Schemes,

National Institute of Standards and Technology, “Post-Quantum Cryptography: Additional Digital Signature Schemes,” Department of Commerce, Federal Information Processing Standards Publication, 2025, Last Accessed: 2025-10-01. [Online]. Available: https: //csrc.nist.gov/Projects/pqc-dig-sig/round-2-additional-signatures

work page 2025

[23] [23]

Performance Evaluation of Quantum-Resistant TLS for Consumer IoT Devices,

J. Bozhko, Y . Hanna, R. Harrilal-Parchment, S. Tonyali, and K. Akkaya, “Performance Evaluation of Quantum-Resistant TLS for Consumer IoT Devices,” inIEEE Consumer Communications and Networking Conference (CCNC), Las Vegas, USA, Jan. 2023

work page 2023

[24] [24]

A comprehensive and realistic performance evaluation of post-quantum security for consumer IoT devices,

Y . Hanna, J. Bozhko, S. Tonyali, R. Harrilal-Parchment, M. Cebe, and K. Akkaya, “A comprehensive and realistic performance evaluation of post-quantum security for consumer IoT devices,”Internet of Things, vol. 33, Sep. 2025

work page 2025

[25] [25]

Post-Quantum TLS on Embedded Systems: Integrating and Evaluating Kyber and SPHINCS+ with Mbed TLS,

K. B ¨urstinghaus-Steinbach, C. Krauß, R. Niederhagen, and M. Schnei- der, “Post-Quantum TLS on Embedded Systems: Integrating and Evaluating Kyber and SPHINCS+ with Mbed TLS,” inACM Asia Conference on Computer and Communications Security (ASIA CSS), Taipei, Taiwan, Oct. 2020

work page 2020

[26] [26]

Performance Evaluation of Post-Quantum TLS 1.3 on Resource-Constrained Embedded Systems,

G. Tasopoulos, J. Li, A. P. Fournaris, R. K. Zhao, A. Sakzad, and R. Steinfeld, “Performance Evaluation of Post-Quantum TLS 1.3 on Resource-Constrained Embedded Systems,” inInternational Conference on Information Security Practice and Experience (ISPEC), Cham, Nov. 2022

work page 2022

[27] [27]

Performance Evaluation of TLS 1.3 Handshake on Resource-Constrained Devices Using NIST’s Third Round Post-Quantum Key Encapsulation Mechanisms and Digital Signatures,

S. Sarıbas ¸ and S. Tonyalı, “Performance Evaluation of TLS 1.3 Handshake on Resource-Constrained Devices Using NIST’s Third Round Post-Quantum Key Encapsulation Mechanisms and Digital Signatures,” inInternational Conference on Computer Science and Engineering (UBMK), Diyarbakir, Turkey, Sep. 2022

work page 2022

[28] [28]

The Performance of Post-Quantum TLS 1.3,

M. Sosnowski, F. Wiedner, E. Hauser, L. Steger, D. Schoinianakis, S. Gallenm ¨uller, and G. Carle, “The Performance of Post-Quantum TLS 1.3,” inProceedings of the International Conference on emerging Networking EXperiments and Technologies (CoNEXT), Paris, France, Dec. 2023

work page 2023

[29] [29]

Assessing the Overhead of Post-Quantum Cryptography in TLS 1.3 and SSH,

D. Sikeridis, P. Kampanakis, and M. Devetsikiotis, “Assessing the Overhead of Post-Quantum Cryptography in TLS 1.3 and SSH,” in Proceedings of the International Conference on emerging Networking EXperiments and Technologies (CoNEXT), Barcelona, Spain, Nov. 2020

work page 2020

[30] [30]

Post-Quantum Authentication in TLS 1.3: A Performance Study,

——, “Post-Quantum Authentication in TLS 1.3: A Performance Study,” inNetwork and Distributed System Security Symposium (NDSS), San Diego, USA, Feb. 2020

work page 2020

[31] [31]

A Performance Evaluation Framework for Post-Quantum TLS,

J. A. Montenegro, R. Rios, and J. Lopez-Cerezo, “A Performance Evaluation Framework for Post-Quantum TLS,”Future Generation Computer Systems, vol. 175, 2026

work page 2026

[32] [32]

Evaluating the Per- formance of Post-Quantum Secure Algorithms in the TLS Protocol,

I. Tzinos, K. Limniotis, and N. Kolokotronis, “Evaluating the Per- formance of Post-Quantum Secure Algorithms in the TLS Protocol,” Journal of Surveillance, Security and Safety, vol. 3, 2022

work page 2022

[33] [33]

Mixed Cer- tificate Chains for the Transition to Post-Quantum Authentication in TLS 1.3,

S. Paul, Y . Kuzovkova, N. Lahr, and R. Niederhagen, “Mixed Cer- tificate Chains for the Transition to Post-Quantum Authentication in TLS 1.3,” inACM Asia Conference on Computer and Communications Security (ASIA CSS), Nagasaki, Japan, May 2022

work page 2022

[34] [34]

Perfor- mance Impact of PQC KEMs on TLS 1.3 Under Varying Network Characteristics,

J. Henrich, A. Heinemann, A. Wiesmaier, and N. Schmitt, “Perfor- mance Impact of PQC KEMs on TLS 1.3 Under Varying Network Characteristics,” inInternational Conference on Information Security (ISC), Groningen, Netherlands, Nov. 2023

work page 2023

[35] [35]

Post-Quantum Key Exchange in TLS 1.3: Further Analysis on Performance of New Cryptographic Standards,

K. Souvatzidaki and K. Limniotis, “Post-Quantum Key Exchange in TLS 1.3: Further Analysis on Performance of New Cryptographic Standards,”Cryptography, vol. 9, 2025

work page 2025

[36] [36]

A Lot of Data and Added Complexity. How Does PQC Affect the Performance of My TLS Connection?

J. Henrich, N. Schmitt, N. Alnahawi, and A. Heinemann, “A Lot of Data and Added Complexity. How Does PQC Affect the Performance of My TLS Connection?” inInternational Conference on Information Security (ISC), Seoul, Korea, Oct. 2025

work page 2025

[37] [37]

Post-Quantum MACsec in Ethernet Networks,

J. Y . Cho and A. Sergeev, “Post-Quantum MACsec in Ethernet Networks,”Journal of Cyber Security and Mobility, vol. 10, 2021. VOLUME , 13 Authoret al.: Preparation of Papers for IEEE OPEN JOURNALS LUKAS K ¨ODERreceived the M.S. degrees in Applied Informatics with a specialization in IT Se- curity in 2024. He is currently pursuing the Ph.D. degree in Inform...

work page 2021