arxiv: 2605.02978 · v1 · submitted 2026-05-04 · 💻 cs.CR · quant-ph

Recognition: 2 theorem links

· Lean Theorem

Observability for Post-Quantum TLS Readiness: A Multi-Surface Evidence Framework

Jos\'e Luis Delgado

Authors on Pith no claims yet

Pith reviewed 2026-05-08 18:49 UTC · model grok-4.3

classification 💻 cs.CR quant-ph

keywords post-quantum TLSTLS observabilityhybrid key establishmentTLS readiness measurementmulti-surface evidenceTLS 1.3active probingcertificate chain analysis

0 comments

The pith

A multi-surface evidence framework separates passive session data, active probes, certificate chains, and registries to measure post-quantum TLS readiness more accurately than single classical views.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper develops a framework that collects and distinguishes four kinds of evidence—passive session observations, active probing results, certificate-chain details, and registry knowledge—and assigns them to separate measurement planes covering session behavior, key establishment, endpoint capability, and policy. This separation matters because TLS 1.3 encryption, resumption, and related behaviors make it hard for any one data source to show whether an endpoint actually supports hybrid post-quantum key exchange. In controlled tests across 29 scenarios and a public scan of 1000 targets, the framework completed 1971 handshakes, gathered 1368 chain artifacts, and identified 310 cases of hybrid capability that classical single-surface tools missed.

Core claim

The central claim is that mapping passive session evidence, active probing, certificate-chain evidence, and registry knowledge onto distinct measurement planes produces a complete observability object for post-quantum TLS readiness, one that preserves uncertainty and contradiction when present and that detects hybrid capability in 310 targets where any inherited classical analyzer reports none.

What carries the argument

The multi-surface framework that partitions evidence into passive session, active probe, certificate-chain, and registry surfaces and projects them onto seven measurement planes (session behavior, key establishment, endpoint capability, authentication, lifecycle, observability, policy).

If this is right

Passive evidence alone closes session-level planes while active probing supplies lower bounds on endpoint capability.
Multi-surface evidence closes the full measurement object for 1971 handshakes and confirms hybrid capability in 310 targets where single classical session views are insufficient.
The framework handles 29 controlled scenarios that include TLS 1.3, HelloRetryRequest, mutual TLS, resumption, fragmentation, coalescing, and temporal drift while preserving required distinctions.
Schema-enforced observations, versioned registries, and auditable inference rules make the collected data reproducible and auditable.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Migration planners could use the same planes to prioritize which endpoints to upgrade first based on measured capability gaps rather than assumptions from session logs alone.
The separation of surfaces could be applied to other encrypted protocols where negotiation data and endpoint features must be tracked separately.
Repeated campaigns over time could track how quickly hybrid support appears once post-quantum algorithms are standardized.

Load-bearing premise

The distinctions among session negotiation, endpoint capability, certificate-chain evidence, and the source of missing observations stay meaningful and separable even when TLS 1.3 encryption, resumption, mutual authentication, truncation, fragmentation, coalescing, or temporal drift are present.

What would settle it

A reproducible scan of the same 1000 targets in which the framework reports hybrid capability for 310 endpoints but independent verification on those same endpoints shows either no hybrid support or that the framework missed hybrid support present in every classical view.

Figures

Figures reproduced from arXiv: 2605.02978 by Jos\'e Luis Delgado.

**Figure 1.** Figure 1: Multi-surface architecture. Passive session evidence, active probe evidence, certificate-chain view at source ↗

**Figure 2.** Figure 2: Benchmark v1 composition. The controlled benchmark separates canonical exact-match view at source ↗

**Figure 3.** Figure 3: Canonical plane closure by measurement mode. Passive-only evidence closes session and key view at source ↗

**Figure 4.** Figure 4: R0 public campaign summary. Counts are target-level except for probes, complete handshakes, view at source ↗

**Figure 5.** Figure 5: Baseline-zoo comparison on the 250-target stratified slice. Classical scanners provide session view at source ↗

read the original abstract

Post-quantum migration in Transport Layer Security (TLS) requires evidence-aware measurements that distinguish session negotiation, endpoint capability, certificate-chain evidence, and the provenance of missing observations. This distinction is essential under TLS 1.3 encryption, resumption, mutual TLS, trace truncation, fragmentation, coalescing, active certificate retrieval, and temporal drift. We present a multi-surface framework for post-quantum TLS observability. The framework separates passive session evidence, active probing, certificate-chain evidence, and registry knowledge, and maps them onto measurement planes for session behavior, key establishment, endpoint capability, authentication, lifecycle, observability, and policy. We instantiate it as a reproducible artifact with schema-enforced observations and results, versioned registries, auditable inference rules, stress contracts, and baseline adapters. We evaluate the framework on 29 controlled scenarios spanning TLS 1.2 and TLS 1.3, classical and hybrid key establishment, mutual TLS, resumption, HelloRetryRequest, truncation, fragmentation and coalescing, temporal drift, IPv6, and chain-depth variation. Passive evidence closes session-level planes, active probing establishes capability lower bounds, and multi-surface evidence closes the full measurement object while preserving uncertainty and contradiction when required. Against an inherited TLS quantum-vulnerability analyzer, the baseline detects 2 of 29 runs and 0 of 23 TLS 1.3 runs. In a stratified public campaign over 1000 targets and 2000 fresh probes, the framework completes 1971 handshakes, collects 1368 chain artifacts, confirms hybrid capability for 310 targets, and identifies 310 cases where endpoint capability exceeds what any single classical session view reveals.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

This paper gives a concrete multi-surface framework for post-quantum TLS observability that separates evidence types and shows measurable gains over single-view baselines in both controlled and public tests.

read the letter

The core contribution is a framework that splits post-quantum TLS evidence into passive session data, active probing, certificate chains, and registry knowledge, then maps those onto seven measurement planes. It ships as a reproducible artifact with schema rules, versioned registries, auditable inference, and stress contracts. In 29 controlled scenarios that cover TLS 1.3 resumption, HelloRetryRequest, truncation, fragmentation, mutual TLS, and temporal drift, the multi-surface approach closes more of the measurement object than a baseline quantum-vulnerability analyzer, which only caught 2 of 29 runs. A public campaign over 1000 targets completed 1971 handshakes and identified 310 cases where endpoint hybrid capability exceeded what any single classical view revealed. Those numbers are specific and the evaluation explicitly includes the conditions the abstract flags as difficult. The argument does not collapse into circular definitions or unfalsifiable claims, and the stress-test scenarios line up with the reported outcomes. One minor soft spot is that the public-campaign target selection and any sampling bias are not detailed enough in the summary to judge how representative the 310 confirmations are for broader internet populations. Integration effort with existing monitoring stacks is also left as future work rather than measured. This work is aimed at researchers and operators who need structured ways to track post-quantum TLS migration at scale. A reader who cares about measurement tooling for crypto transitions will find the artifact and the plane definitions useful. The paper shows clear thinking and honest engagement with the practical constraints of TLS 1.3, so it deserves a serious referee even if the framing is more engineering than theoretical breakthrough. I would send it to peer review.

Referee Report

0 major / 3 minor

Summary. The manuscript presents a multi-surface evidence framework for post-quantum TLS observability. It separates passive session evidence, active probing, certificate-chain evidence, and registry knowledge, mapping them onto measurement planes for session behavior, key establishment, endpoint capability, authentication, lifecycle, observability, and policy. The framework is instantiated as a reproducible artifact with schema-enforced observations, versioned registries, auditable inference rules, and stress contracts. It is evaluated on 29 controlled scenarios spanning TLS 1.2/1.3, hybrid key establishment, resumption, HelloRetryRequest, truncation, fragmentation, coalescing, mutual TLS, temporal drift, and chain-depth variation, plus a public campaign over 1000 targets yielding 1971 handshakes and 310 hybrid confirmations where single classical views fall short, outperforming a baseline quantum-vulnerability analyzer (2/29 and 0/23 TLS 1.3 detections).

Significance. If the results hold, this provides a practical, evidence-aware methodology for measuring TLS readiness during post-quantum migration, directly addressing observability gaps under TLS 1.3 encryption and related conditions. The concrete evaluation numbers, baseline comparison, and artifact features (auditable rules, stress contracts, reproducible schema) constitute a strength, enabling falsifiable and extensible measurements. This advances the field by supplying a structured alternative to ad-hoc single-surface analyses.

minor comments (3)

[Abstract] Abstract: the baseline comparison would be strengthened by briefly naming the inherited TLS quantum-vulnerability analyzer and its detection criteria, to allow readers to assess the improvement magnitude (2/29 vs. multi-surface results).
The description of how multi-surface evidence 'closes the measurement object while preserving uncertainty' would benefit from a short illustrative example from one of the 29 scenarios showing a preserved contradiction or uncertainty flag.
Evaluation section: the public-campaign stratification (1000 targets, 2000 probes) and data-exclusion rules should be stated explicitly to support reproducibility claims.

Simulated Author's Rebuttal

0 responses · 0 unresolved

We thank the referee for the positive summary, significance assessment, and recommendation of minor revision. The referee's description accurately reflects the framework's separation of passive, active, certificate, and registry surfaces; the mapping to the seven measurement planes; the reproducible artifact with schema enforcement, versioned registries, auditable rules, and stress contracts; and the evaluation results on the 29 controlled scenarios plus the public campaign of 1971 handshakes. We note that no specific major comments were provided in the report.

Circularity Check

0 steps flagged

No significant circularity

full rationale

The manuscript presents a multi-surface observability framework for post-quantum TLS without any derivation chain, equations, fitted parameters, or predictions that reduce to inputs by construction. It defines four evidence surfaces (passive session, active probing, certificate-chain, registry), maps them to measurement planes, instantiates the framework as a reproducible artifact with schema rules and stress contracts, and evaluates it empirically on 29 controlled scenarios plus a public campaign of 1971 handshakes. No self-citation is invoked as a load-bearing uniqueness theorem, no ansatz is smuggled, and no renaming of known results occurs; the added value over single-surface baselines is shown directly by the reported detection rates and hybrid-capability confirmations on independent targets. The argument remains self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 1 invented entities

Only the abstract is available, so the ledger is necessarily incomplete. The central contribution is the framework itself rather than new mathematical axioms or fitted constants.

invented entities (1)

multi-surface evidence framework no independent evidence
purpose: Separates passive session evidence, active probing, certificate-chain evidence, and registry knowledge to produce complete yet uncertainty-preserving measurements of post-quantum TLS readiness
Introduced as the primary new artifact in the abstract; no independent falsifiable handle is described beyond the evaluation results themselves.

pith-pipeline@v0.9.0 · 5602 in / 1348 out tokens · 43207 ms · 2026-05-08T18:49:03.915718+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

21 extracted references · 11 canonical work pages

[1]

Considerations for Achieving Cryptographic Agility: Strategies and Practices

Elaine Barker et al. Considerations for Achieving Cryptographic Agility: Strategies and Practices . NIST Cybersecurity White Paper NIST CSWP 39. National Institute of Standards and Technology, Dec. 19, 2025. doi: 10.6028/NIST.CSWP.39. url: https://doi.org/10.6028/NIST.CSWP.39

work page doi:10.6028/nist.cswp.39 2025
[2]

Toward Realistic AI-Generated Student Questions to Support Instructor Training

Subeen Cho et al. “Toward Crypto Agility: Automated Analysis of Quantum-Vulnerable TLS via Packet Inspection”. In: Security, Privacy, and Applied Cryptography Engineering. Ed. by Chandan Karfa, Navid Asadi, and Anupam Chattopadhyay. Vol. 16406. Lecture Notes in Computer Science. SPACE 2025 proceedings. Cham: Springer, Feb. 12, 2026, pp. 114–133. doi: 10.1...

work page doi:10.1007/978-3-032- 2025
[3]

The Transport Layer Security (TLS) Protocol Version 1.2

Tim Dierks and Eric Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2 . RFC 5246. Aug. 2008. doi: 10.17487/RFC5246. url: https://www.rfc-editor.org/info/rfc5246

work page doi:10.17487/rfc5246 2008
[4]

A Fast Quantum Mechanical Algorithm for Database Search

Lov K. Grover. “A Fast Quantum Mechanical Algorithm for Database Search”. In:Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing . STOC ’96. Association for Computing Machinery, 1996, pp. 212–219. doi: 10.1145/237814.237866

work page doi:10.1145/237814.237866 1996
[5]

Use of ML-DSA in TLS 1.3

Tim Hollebeek, Sophie Schmieg, and Bas Westerbaan. Use of ML-DSA in TLS 1.3 . Internet-Draft draft-ietf-tls-mldsa-02. Work in Progress. Internet Engineering Task Force, Mar. 22, 2026. 5 pp. url: https://datatracker.ietf.org/doc/draft-ietf-tls-mldsa/02/

2026
[6]

Elliptic curve cryptosystems

Neal Koblitz. “Elliptic Curve Cryptosystems”. In:Mathematics of Computation 48.177 (Jan. 1987), pp. 203–209. doi: 10.1090/S0025-5718-1987-0866109-5

work page doi:10.1090/s0025-5718-1987-0866109-5 1987
[7]

Internet- Draft draft-ietf-tls-ecdhe-mlkem-04

Kris Kwiatkowski et al.Post-quantum hybrid ECDHE-MLKEM Key Agreement for TLSv1.3. Internet- Draft draft-ietf-tls-ecdhe-mlkem-04. Work in Progress. Internet Engineering Task Force, Feb. 8,
[8]

url: https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/04/

12 pp. url: https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/04/
[9]

Module -Lattice- Based Digital Signature Mechanism,

National Institute of Standards and Technology. Module-Lattice-Based Digital Signature Standard . Federal Information Processing Standards Publication FIPS 204. U.S. Department of Commerce. National Institute of Standards and Technology, Aug. 13, 2024. doi: 10.6028/NIST.FIPS.204. url: https://doi.org/10.6028/NIST.FIPS.204

work page doi:10.6028/nist.fips.204 2024
[10]

The NIST Cybersecurity Framework (CSF) 2.0

National Institute of Standards and Technology. Module-Lattice-Based Key-Encapsulation Mecha- nism Standard. Federal Information Processing Standards Publication FIPS 203. U.S. Department of Commerce. National Institute of Standards and Technology, Aug. 13, 2024.doi: 10.6028/NIST. FIPS.203. url: https://doi.org/10.6028/NIST.FIPS.203

work page doi:10.6028/nist 2024
[11]

Stateless Hash -Based Digital Signature Standard,

National Institute of Standards and Technology. Stateless Hash-Based Digital Signature Standard . Federal Information Processing Standards Publication FIPS 205. U.S. Department of Commerce. National Institute of Standards and Technology, Aug. 13, 2024. doi: 10.6028/NIST.FIPS.205. url: https://doi.org/10.6028/NIST.FIPS.205

work page doi:10.6028/nist.fips.205 2024
[12]

Devon O’Brien.Protecting Chrome Traffic with Hybrid Kyber KEM . Aug. 10, 2023. url: https: //blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html (visited on 04/27/2026)

2023
[13]

Post-Quantum Cryptography Recommendations for TLS-based Applications

Tirumaleswar Reddy.K and Hannes Tschofenig. Post-Quantum Cryptography Recommendations for TLS-based Applications. Internet-Draft draft-ietf-uta-pqc-app-01. Work in Progress. Internet Engineering Task Force, Feb. 24, 2026. 23 pp.url: https://datatracker.ietf.org/doc/draft- ietf-uta-pqc-app/01/

2026
[14]

Use of Composite ML-DSA in TLS 1.3

Tirumaleswar Reddy.K et al. Use of Composite ML-DSA in TLS 1.3 . Internet-Draft draft-reddy-tls- composite-mldsa-09. Work in Progress. Internet Engineering Task Force, Feb. 3, 2026. 13 pp. url: https://datatracker.ietf.org/doc/draft-reddy-tls-composite-mldsa/09/

2026
[15]

The transport layer security (TLS) protocol version 1.3

Eric Rescorla. The Transport Layer Security (TLS) Protocol Version 1.3 . RFC 8446. Aug. 2018. doi: 10.17487/RFC8446. url: https://www.rfc-editor.org/info/rfc8446. 23

work page doi:10.17487/rfc8446 2018
[16]

A Method for Obtaining Digital Signatures and Public-Key Cryptosystems

Ronald L. Rivest, Adi Shamir, and Leonard Adleman. “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems”. In: Communications of the ACM 21.2 (Feb. 1, 1978), pp. 120–126. doi: 10.1145/359340.359342

work page doi:10.1145/359340.359342 1978
[17]

Algorithms for Quantum Computation: Discrete Logarithms and Factoring

Peter W. Shor. “Algorithms for Quantum Computation: Discrete Logarithms and Factoring”. In: Proceedings of the 35th Annual Symposium on Foundations of Computer Science . IEEE Computer Society Press, 1994, pp. 124–134. doi: 10.1109/SFCS.1994.365700

work page doi:10.1109/sfcs.1994.365700 1994
[18]

SSLyze project. SSLyze. Fast and powerful SSL/TLS scanning tool and Python library.url: https: //github.com/nabla-c0d3/sslyze (visited on 04/27/2026)

2026
[19]

Hybrid key exchange in TLS 1.3

Douglas Stebila, Scott Fluhrer, and Shay Gueron. Hybrid key exchange in TLS 1.3 . Internet-Draft draft-ietf-tls-hybrid-design-16. Work in Progress. Internet Engineering Task Force, Sept. 7, 2025. 23 pp. url: https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/16/

2025
[20]

testssl.sh

testssl.sh project. testssl.sh. Free command-line tool for checking TLS/SSL ciphers, protocols, and cryptographic flaws. url: https://github.com/testssl/testssl.sh (visited on 04/27/2026)

2026
[21]

scenario_id

Bas Westerbaan and Cefan Daniel Rubin. Defending against future threats: Cloudflare goes post- quantum. Oct. 3, 2022. url: https://blog.cloudflare.com/post-quantum-for-all/ (visited on 04/27/2026). 24 15 Appendices A Formal Measurement Object The artifact represents each inferred result as a structured object, a simplified view is shown below. { " scenari...

2022