post-quantum key exchange writeup #2281

ctz · 2024-12-13T17:25:13Z

Rendered

rustls-benchmarking · 2024-12-13T17:28:22Z

Benchmark results

Instruction counts

Significant differences

There are no significant instruction count differences

Other differences

Click to expand

8000

Scenario	Baseline	Candidate	Diff	Threshold
handshake_no_resume_aws_lc_rs_1.3_rsa_aes_server	10658784	10706027	47243 (0.44%)	0.94%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client	8592067	8567370	-24697 (-0.29%)	1.00%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes_server	10466975	10443525	-23450 (-0.22%)	1.37%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client	8605756	8612993	7237 (0.08%)	1.04%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client	3080436	3082467	2031 (0.07%)	0.27%
handshake_no_resume_ring_1.3_ecdsap256_chacha_client	3624639	3622327	-2312 (-0.06%)	0.26%
handshake_no_resume_ring_1.3_ecdsap256_aes_client	3621165	3623361	2196 (0.06%)	0.24%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_server	10738032	10744542	6510 (0.06%)	1.10%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client	3080292	3079891	-401 (-0.01%)	0.23%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server	1174530	1174391	-139 (-0.01%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server	2073843	2073991	148 (0.01%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_client	1932336	1932358	22 (0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap256_chacha_server	1613619	1613606	-13 (-0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_server	30423438	30423671	233 (0.00%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server	2077053	2077038	-15 (-0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_server	30423360	30423142	-218 (-0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_server	30380431	30380219	-212 (-0.00%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_client	27841426	27841610	184 (0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_aes_client	28210336	28210521	185 (0.00%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_server	28970230	28970068	-162 (-0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_aes_server	30420618	30420750	132 (0.00%)	0.20%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes_client	1717550	1717543	-7 (-0.00%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_client	27779400	27779503	103 (0.00%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes_client	1925601	1925594	-7 (-0.00%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_client	27839023	27838923	-100 (-0.00%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_server	28891556	28891641	85 (0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_server	30380772	30380687	-85 (-0.00%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_server	28891614	28891689	75 (0.00%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_client	27781948	27781880	-68 (-0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha_client	28180341	28180278	-63 (-0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap256_aes_server	1612230	1612233	3 (0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_client	28173438	28173386	-52 (-0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha_server	30377839	30377786	-53 (-0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_client	28206305	28206344	39 (0.00%)	0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha_client	27786389	27786427	38 (0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_client	28203371	28203406	35 (0.00%)	0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha_server	28889309	28889343	34 (0.00%)	0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_aes_client	27846005	27845975	-30 (-0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap384_chacha_server	7566722	7566714	-8 (-0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap384_aes_client	35180648	35180676	28 (0.00%)	0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_aes_server	28967793	28967815	22 (0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap384_chacha_client	35182618	35182595	-23 (-0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_client	28176539	28176530	-9 (-0.00%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_server	28970040	28970049	9 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client	58240723	58240734	11 (0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap384_aes_server	46470690	46470682	-8 (-0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes_client	58245678	58245688	10 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes_server	46423837	46423830	-7 (-0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap256_aes_server	46467812	46467805	-7 (-0.00%)	0.20%
transfer_no_resume_ring_1.3_rsa_aes_server	46487094	46487101	7 (0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap384_aes_server	7564559	7564560	1 (0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap384_aes_client	58338944	58338937	-7 (-0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_server	80661860	80661851	-9 (-0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap256_chacha_server	80535650	80535642	-8 (-0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap256_chacha_client	92663958	92663949	-9 (-0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_client	92710958	92710967	9 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes_client	58181206	58181211	5 (0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap256_aes_client	58331788	58331791	3 (0.00%)	0.20%
transfer_no_resume_ring_1.3_rsa_chacha_server	80554930	80554933	3 (0.00%)	0.20%
transfer_no_resume_ring_1.3_rsa_chacha_client	92674855	92674858	3 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client	92704733	92704730	-3 (-0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap384_chacha_server	80540449	80540451	2 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server	80648885	80648887	2 (0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap384_chacha_client	92673023	92673025	2 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes_server	46477538	46477537	-1 (-0.00%)	0.20%
transfer_no_resume_ring_1.2_rsa_aes_client	58225378	58225377	-1 (-0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server	80641253	80641254	1 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client	92706960	92706961	1 (0.00%)	0.20%
handshake_tickets_ring_1.3_ecdsap256_aes_server	42070498	42070498	0 (0.00%)	0.20%
handshake_session_id_ring_1.3_ecdsap384_chacha_server	41492499	41492499	0 (0.00%)	0.20%
handshake_session_id_ring_1.3_rsa_chacha_client	40186983	40186983	0 (0.00%)	0.20%
handshake_tickets_ring_1.3_ecdsap256_chacha_client	40500760	40500760	0 (0.00%)	0.20%
handshake_tickets_ring_1.3_rsa_chacha_client	40504760	40504760	0 (0.00%)	0.20%
handshake_no_resume_ring_1.3_rsa_aes_client	2655918	2655918	0 (0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.2_rsa_aes_server	5019524	5019524	0 (0.00%)	0.20%
handshake_tickets_ring_1.3_ecdsap384_chacha_server	41972348	41972348	0 (0.00%)	0.20%
handshake_session_id_ring_1.3_ecdsap256_aes_client	40277252	40277252	0 (0.00%)	0.20%
handshake_session_id_ring_1.3_rsa_chacha_server	41490398	41490398	0 (0.00%)	0.20%
handshake_session_id_ring_1.3_rsa_aes_client	40281303	40281303	0 (0.00%)	0.20%
handshake_no_resume_ring_1.2_rsa_aes_client	2563543	2563543	0 (0.00%)	0.20%
handshake_session_id_ring_1.3_rsa_aes_server	41608658	41608658	0 (0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.2_rsa_aes_client	4206499	4206499	0 (0.00%)	0.20%
handshake_session_id_ring_1.3_ecdsap256_aes_server	41610711	41610711	0 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client	58243601	58243601	0 (0.00%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server	1176817	1176817	0 (0.00%)	0.20%
handshake_session_id_ring_1.2_rsa_aes_server	4233520	4233520	0 (0.00%)	0.20%
handshake_tickets_ring_1.3_rsa_aes_server	42068138	42068138	0 (0.00%)	0.20%
handshake_session_id_ring_1.3_ecdsap384_aes_server	41610759	41610759	0 (0.00%)	0.20%
handshake_no_resume_ring_1.2_rsa_aes_server	11292436	11292436	0 (0.00%)	0.20%
handshake_session_id_ring_1.3_ecdsap256_chacha_client	40182932	40182932	0 (0.00%)	0.20%
handshake_tickets_ring_1.3_ecdsap384_aes_client	40571689	40571689	0 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server	46456933	46456933	0 (0.00%)	0.20%
handshake_tickets_ring_1.2_rsa_aes_client	4489533	4489533	0 (0.00%)	0.20%
handshake_session_id_aws_lc_rs_1.2_rsa_aes_client	3864415	3864415	0 (0.00%)	0.20%
handshake_tickets_ring_1.3_ecdsap256_aes_client	40574950	40574950	0 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server	46464567	46464567	0 (0.00%)	0.20%
transfer_no_resume_ring_1.2_rsa_aes_server	46389596	46389596	0 (0.00%)	0.20%
handshake_tickets_ring_1.3_ecdsap384_aes_server	42070688	42070688	0 (0.00%)	0.20%
handshake_session_id_ring_1.3_ecdsap256_chacha_server	41492451	41492451	0 (0.00%)	0.20%
transfer_no_resume_ring_1.3_rsa_aes_client	58342690	58342690	0 (0.00%)	0.20%
handshake_tickets_ring_1.3_ecdsap256_chacha_server	41972158	41972158	0 (0.00%)	0.20%
handshake_session_id_ring_1.2_rsa_aes_client	4229019	4229019	0 (0.00%)	0.20%
handshake_no_resume_ring_1.3_rsa_aes_server	11425039	11425039	0 (0.00%)	0.20%
handshake_tickets_ring_1.3_rsa_aes_client	40578950	40578950	0 (0.00%)	0.20%
handshake_tickets_ring_1.3_rsa_chacha_server	41969798	41969798	0 (0.00%)	0.20%
handshake_no_resume_ring_1.3_rsa_chacha_server	11430994	11430994	0 (0.00%)	0.20%
handshake_tickets_ring_1.3_ecdsap384_chacha_client	40497499	40497499	0 (0.00%)	0.20%
handshake_session_id_ring_1.3_ecdsap384_aes_client	40274309	40274309	0 (0.00%)	0.20%
handshake_tickets_ring_1.2_rsa_aes_server	4698000	4698000	0 (0.00%)	0.20%
handshake_session_id_aws_lc_rs_1.2_rsa_aes_server	3872523	3872523	0 (0.00%)	0.20%
handshake_no_resume_ring_1.3_rsa_chacha_client	2661785	2661785	0 (0.00%)	0.20%
handshake_session_id_ring_1.3_ecdsap384_chacha_client	40179989	40179989	0 (0.00%)	0.20%

Wall-time

Significant differences

There are no significant wall-time differences

Other differences

Click to expand

Scenario	Baseline	Candidate	Diff	Threshold
transfer_no_resume_aws_lc_rs_1.2_rsa_aes	5.07 ms	5.12 ms	0.05 ms (0.94%)	3.22%
transfer_no_resume_ring_1.2_rsa_aes	6.77 ms	6.83 ms	0.06 ms (0.90%)	2.39%
handshake_tickets_aws_lc_rs_1.3_rsa_aes	5.17 ms	5.22 ms	0.05 ms (0.89%)	1.00%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes	4.53 ms	4.57 ms	0.04 ms (0.89%)	1.22%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes	5.22 ms	5.27 ms	0.04 ms (0.86%)	3.72%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha	4.50 ms	4.54 ms	0.04 ms (0.86%)	1.24%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes	4.50 ms	4.54 ms	0.04 ms (0.82%)	4.26%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes	460.17 µs	463.86 µs	3.69 µs (0.80%)	2.67%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha	4.31 ms	4.34 ms	0.03 ms (0.79%)	1.00%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes	5.15 ms	5.19 ms	0.04 ms (0.77%)	3.68%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha	458.35 µs	461.83 µs	3.48 µs (0.76%)	2.63%
handshake_no_resume_ring_1.3_ecdsap256_chacha	503.19 µs	506.92 µs	3.73 µs (0.74%)	2.14%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes	4.35 ms	4.38 ms	0.03 ms (0.73%)	1.07%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha	5.15 ms	5.19 ms	0.04 ms (0.71%)	1.24%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes	5.25 ms	5.29 ms	0.04 ms (0.71%)	1.01%
handshake_tickets_aws_lc_rs_1.2_rsa_aes	1.78 ms	1.79 ms	0.01 ms (0.69%)	1.59%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes	5.06 ms	5.10 ms	0.03 ms (0.67%)	1.00%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha	5.22 ms	5.25 ms	0.03 ms (0.67%)	1.00%
handshake_session_id_aws_lc_rs_1.3_rsa_aes	5.00 ms	5.03 ms	0.03 ms (0.63%)	1.00%
transfer_no_resume_ring_1.3_ecdsap256_aes	6.37 ms	6.41 ms	0.04 ms (0.61%)	3.43%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha	5.02 ms	5.05 ms	0.03 ms (0.60%)	1.17%
handshake_session_id_ring_1.2_rsa_aes	1.53 ms	1.54 ms	0.01 ms (0.59%)	1.07%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha	4.96 ms	4.99 ms	0.03 ms (0.59%)	1.00%
transfer_no_resume_ring_1.3_rsa_aes	6.86 ms	6.90 ms	0.04 ms (0.57%)	2.80%
handshake_tickets_ring_1.3_ecdsap256_aes	6.51 ms	6.54 ms	0.03 ms (0.52%)	1.00%
handshake_no_resume_ring_1.3_ecdsap256_aes	506.32 µs	508.91 µs	2.59 µs (0.51%)	2.11%
handshake_tickets_ring_1.2_rsa_aes	1.62 ms	1.63 ms	0.01 ms (0.50%)	1.06%
handshake_tickets_ring_1.3_rsa_aes	7.00 ms	7.03 ms	0.03 ms (0.46%)	1.00%
transfer_no_resume_ring_1.3_ecdsap384_aes	9.53 ms	9.57 ms	0.04 ms (0.45%)	2.03%
handshake_session_id_ring_1.3_ecdsap256_chacha	6.39 ms	6.42 ms	0.03 ms (0.45%)	1.00%
handshake_session_id_ring_1.3_rsa_chacha	6.87 ms	6.90 ms	0.03 ms (0.44%)	1.00%
handshake_session_id_ring_1.3_ecdsap256_aes	6.44 ms	6.46 ms	0.03 ms (0.43%)	1.00%
handshake_tickets_ring_1.3_ecdsap256_chacha	6.46 ms	6.48 ms	0.03 ms (0.40%)	1.00%
handshake_session_id_aws_lc_rs_1.2_rsa_aes	1.62 ms	1.63 ms	0.01 ms (0.40%)	1.39%
handshake_session_id_ring_1.3_rsa_aes	6.93 ms	6.96 ms	0.03 ms (0.39%)	1.00%
transfer_no_resume_ring_1.3_ecdsap256_chacha	13.00 ms	13.05 ms	0.05 ms (0.39%)	1.58%
handshake_tickets_ring_1.3_rsa_chacha	6.94 ms	6.97 ms	0.03 ms (0.37%)	1.00%
transfer_no_resume_ring_1.3_rsa_chacha	13.50 ms	13.55 ms	0.05 ms (0.35%)	1.37%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes	1.07 ms	1.07 ms	0.00 ms (0.34%)	2.10%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes	1.09 ms	1.10 ms	0.00 ms (0.32%)	2.30%
transfer_no_resume_ring_1.3_ecdsap384_chacha	16.16 ms	16.21 ms	0.05 ms (0.31%)	1.14%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha	13.70 ms	13.74 ms	0.04 ms (0.29%)	1.48%
handshake_no_resume_ring_1.3_rsa_chacha	997.10 µs	999.99 µs	2.88 µs (0.29%)	1.00%
handshake_session_id_ring_1.3_ecdsap384_aes	9.58 ms	9.60 ms	0.03 ms (0.29%)	1.00%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha	12.98 ms	13.01 ms	0.04 ms (0.28%)	1.56%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha	13.63 ms	13.66 ms	0.04 ms (0.28%)	1.32%
handshake_session_id_ring_1.3_ecdsap384_chacha	9.53 ms	9.55 ms	0.03 ms (0.27%)	1.00%
handshake_tickets_ring_1.3_ecdsap384_aes	9.65 ms	9.67 ms	0.03 ms (0.27%)	1.00%
handshake_no_resume_ring_1.2_rsa_aes	992.97 µs	995.58 µs	2.61 µs (0.26%)	1.15%
handshake_tickets_ring_1.3_ecdsap384_chacha	9.60 ms	9.62 ms	0.02 ms (0.26%)	1.00%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes	1.18 ms	1.18 ms	0.00 ms (0.25%)	1.00%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha	1.18 ms	1.18 ms	0.00 ms (0.23%)	1.11%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha	1.11 ms	1.11 ms	0.00 ms (0.18%)	3.06%
handshake_no_resume_ring_1.3_rsa_aes	997.73 µs	999.28 µs	1.55 µs (0.16%)	1.06%
handshake_no_resume_ring_1.3_ecdsap384_aes	3.66 ms	3.66 ms	0.01 ms (0.14%)	1.00%
handshake_no_resume_ring_1.3_ecdsap384_chacha	3.66 ms	3.66 ms	0.00 ms (0.10%)	1.00%

Additional information

Historical results

Checkout details:

Base repo: https://github.com/rustls/rustls.git
Base branch: main (9aa2b69)
Candidate repo: https://github.com/rustls/rustls.git
Candidate branch: jbp-pqkx-writeup (956cf0e)

codecov · 2024-12-13T17:34:15Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 94.82%. Comparing base (9aa2b69) to head (956cf0e).
Report is 3 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2281   +/-   ##
=======================================
  Coverage   94.82%   94.82%           
=======================================
  Files         104      104           
  Lines       24100    24100           
=======================================
  Hits        22853    22853           
  Misses       1247     1247

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

ctz · 2024-12-17T12:28:03Z

This is ready for review now. The code for the non-optimised case is on jbp-pqkx-comparative-benchmarks

Manual documentation run is https://github.com/rustls/rustls/actions/runs/12372917287/job/34532172546 (deploy step is expected to fail, but prior step contains the website generation, and internal/external link checking.)

djc

Nice work!

I feel like the article kind of buries the lede ("rustls can do PQC handshakes faster than OpenSSL handles regular ones"), and I wonder if it might be worth restructuring to put that conclusion up front (maybe also in the title), and then back it up with the full story?

cpu

I'm not sure if I'm missing something obvious, or looking at an older rendering, but in the part of the writeup that says "Instead, we can do:" and has the second diagram I feel like it's not super clear what the difference is between that diagram, and the one before it. Could we maybe use some colour here? Something like:

Diagram 1: [ML-KEM share (green)][X25519 share (yellow)] [X25519 share (orange)]
Diagram 2: [ML-KEM share (green)][X25519 share (yellow)] [X25519 share (yellow)]

ctz · 2024-12-17T13:22:33Z

I'm not sure if I'm missing something obvious, or looking at an older rendering, but in the part of the writeup that says "Instead, we can do:" and has the second diagram I feel like it's not super clear what the difference is between that diagram, and the one before it. Could we maybe use some colour here? Something like:

Diagram 1: [ML-KEM share (green)][X25519 share (yellow)] [X25519 share (orange)]

Diagram 2: [ML-KEM share (green)][X25519 share (yellow)] [X25519 share (yellow)]

Have just tried this.

I feel like the article kind of buries the lede ("rustls can do PQC handshakes faster than OpenSSL handles regular ones"),

Yeah I think I'm trying to tell two stories. Maybe this could be clearer as two completely separate pages?

one page about the optimization
another about the overall cost of pq key exchange, and the comparison to openssl

djc · 2024-12-17T13:57:07Z

Yeah I think I'm trying to tell two stories. Maybe this could be clearer as two completely separate pages?

one page about the optimization
another about the overall cost of pq key exchange, and the comparison to openssl

I think both of those might be too thin on their own so combining them could still make sense, just consider more clearly separating these two topics and presenting them in optimal order (which I suggest would be to have the OpenSSL comparison come first).

cpu · 2024-12-17T14:01:32Z

I think both of those might be too thin on their own so combining them could still make sense

FWIW I was thinking the same 👍

ctz · 2024-12-17T15:21:22Z

I think both of those might be too thin on their own so combining them could still make sense

OK, I think that reads a lot better. WDYT?

cpu

I think this version reads better. Thanks!

ctz force-pushed the jbp-pqkx-writeup branch from 79a4507 to f937994 Compare December 16, 2024 15:54

ctz added 2 commits December 17, 2024 10:19

rustls-post-quantum: benchmarks

e262936

rustls-bench: support rustls-post-quantum

f977c2c

ctz force-pushed the jbp-pqkx-writeup branch 2 times, most recently from 78c0430 to 7eca367 Compare December 17, 2024 12:05

ctz marked this pull request as ready for review December 17, 2024 12:06

ctz had a problem deploying to github-pages December 17, 2024 12:23 — with GitHub Actions Failure

djc approved these changes Dec 17, 2024

View reviewed changes

cpu approved these changes Dec 17, 2024

View reviewed changes

ctz force-pushed the jbp-pqkx-writeup branch from 7eca367 to ac0ee3b Compare December 17, 2024 13:18

ctz force-pushed the jbp-pqkx-writeup branch from ac0ee3b to 644cc89 Compare December 17, 2024 14:57

rustls-post-quantum: optimization writeup

956cf0e

ctz force-pushed the jbp-pqkx-writeup branch from 644cc89 to 956cf0e Compare December 17, 2024 15:09

cpu approved these changes Dec 17, 2024

View reviewed changes

ctz added this pull request to the merge queue Dec 17, 2024

Merged via the queue into main with commit de8e612 Dec 17, 2024
60 checks passed

ctz deleted the jbp-pqkx-writeup branch December 17, 2024 16:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

post-quantum key exchange writeup #2281

post-quantum key exchange writeup #2281

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

post-quantum key exchange writeup #2281

post-quantum key exchange writeup #2281

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Benchmark results

Instruction counts

Significant differences

Other differences

Wall-time

Significant differences

Other differences

Additional information

Uh oh!

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!