Pith Number

pith:5YWKUSTT

pith:2026:5YWKUSTTHX46KLQOVCTHUQM74C

not attested not anchored not stored refs pending

Signature Placement in Post-Quantum TLS Certificate Hierarchies: An Experimental Study of ML-DSA and SLH-DSA in TLS 1.3 Authentication

Jos\'e Luis Delgado Jim\'enez

Placing SLH-DSA in the TLS server leaf certificate produces orders-of-magnitude higher handshake latency and server compute costs than restricting it to upper hierarchy layers.

arxiv:2604.06100 v3 · 2026-04-07 · cs.CR

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?

Add to your LaTeX paper

\usepackage{pith}
\pithnumber{5YWKUSTTHX46KLQOVCTHUQM74C}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp

2 Internet Archive

3 Author claim open · sign in to claim

4 Citations open

5 Replications open

✓ Portable graph bundle live · download bundle · merged state

The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

The clearest discontinuity appears when SLH-DSA is placed in the server leaf certificate. In that configuration, handshake latency and server-side compute cost increase by orders of magnitude, while strategies that confine SLH-DSA to upper trust layers and preserve ML-DSA in the interactive leaf remain within a substantially more plausible operational range.

C2weakest assumption

That the local laboratory setup using OpenSSL 3 and oqsprovider produces measurements representative of production TLS deployments across varied network conditions and hardware.

C3one line summary

Placing SLH-DSA in the TLS server leaf certificate causes orders-of-magnitude higher handshake latency and server compute cost than confining it to upper certificate layers while using ML-DSA at the leaf.

Formal links

2 machine-checked theorem links

Receipt and verification

First computed	2026-05-21T01:04:25.446450Z
Builder	pith-number-builder-2026-05-17-v1
Signature	Pith Ed25519 (`pith-v1-2026-05`) · public key
Schema	pith-number/v1.0

Canonical hash

ee2caa4a733df9e52e0ea8a67a419fe09bebdddcc1257e13a4fbbcfc5232d414

Aliases

arxiv: 2604.06100 · arxiv_version: 2604.06100v3 · doi: 10.48550/arxiv.2604.06100 · pith_short_12: 5YWKUSTTHX46 · pith_short_16: 5YWKUSTTHX46KLQO · pith_short_8: 5YWKUSTT

Agent API

Resolver JSON Graph JSON Events JSON Schema Signing key

Verify this Pith Number yourself

curl -sH 'Accept: application/ld+json' https://pith.science/pith/5YWKUSTTHX46KLQOVCTHUQM74C \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: ee2caa4a733df9e52e0ea8a67a419fe09bebdddcc1257e13a4fbbcfc5232d414

Canonical record JSON

{
  "metadata": {
    "abstract_canon_sha256": "edc30ce43510afd0bb55fb58b590d52c4f407a9fc0b6ec57f8494aaded041a84",
    "cross_cats_sorted": [],
    "license": "http://creativecommons.org/licenses/by/4.0/",
    "primary_cat": "cs.CR",
    "submitted_at": "2026-04-07T17:13:10Z",
    "title_canon_sha256": "7d13e31d78cebb06a0b4e6daac300b47446a67b62ff3baecc4153a3c5aa8c566"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2604.06100",
    "kind": "arxiv",
    "version": 3
  }
}