Comparison Between Classical and Quantum Safe Schemes

In this lesson, we compare the basic factors of the most popular classical public-key schemes and some chosen post-quantum approaches. The relevant factors being compared in Table 1 and Table 2 include the time expenses of key generation, encryption, decryption, signing, and verification. To make a meaningful comparison possible, the parameters of the individual schemes are chosen such that each key achieves an estimated security level of $128$ bits. The representation of the values is relative to an RSA decryption or signing operation, where $1$ unit of time is equivalent to producing an RSA ciphertext or an RSA signature, respectively, using a $3072-bit$ RSA private key.

Comparison between encryption schemes

Table 1 shows the comparison between the classical public-key encryption schemes to the selected NTRU and McEliece schemes. As we can easily see, McEliece suffers from very large private and public keys. The key generation time of NTRU and McEliece is much faster than the generation time of RSA, but not as efficient as the generation times of classical Diffie-Hellman and Elliptic Curve Diffie-Hellman schemes. However, the encryption and the decryption times are competitive. Furthermore, we observe that ECDH still has the shortest key lengths for a non-quantum 128-bit security level.

Table 1