Network Impact of Post-Quantum Certificate Chain sizes on Time to First Byte in TLS Deployments

Computer Science > Cryptography and Security [Submitted on 27 Apr 2026] Network Impact of Post-Quantum Certificate Chain sizes on Time to First Byte in TLS Deployments Matthew Chou, Phuong Cao Post-Quantum Cryptography (PQC) is a rapidly growing deployment challenge as cryptographically relevant quantum computers (CRQC) continue to advance, leaving traditional cryptographic algorithms used in X.509 vulnerable to attack. However, PQC introduces significant deployment challenges in real-world networks, with handshake sizes increasing from 5x to over 20x compared to classical algorithms. In this work, we evaluate the time to first byte (TTFB) under CDN-focused TLS conditions to characterize the latency cost of transitioning existing internet infrastructure to quantum-safe certificate schemes. We observe discrete increases in TTFB as certificate chain sizes exceed transport layer data flight limits. To isolate the impact of certificate chains, we evaluate both ECDSA and ML-DSA-based certificate schemes, generating similarly sized certificate chains through controlled addition of certificate extensions. We additionally examine how CDN properties such as session resumption, certificate size optimizations, and geographical distribution reduce latency penalties. We utilize Zeek-monitored TLS traffic through a High-Performance Computing System (NCSA) with terabyte network connectivity across the nation to quantify real-world session resumption rates. We compare CDN-driven size optimization with Merkle Tree Certificates (MTC) to examine how size reductions allow certificate chains to remain under the flight limit threshold. We find that MTC allows for 2x-3x increase in supportable certificate chain size, whereas CDN-based optimizations yield more limited reductions, supporting up to approximately 1.6x certificate chain size increase. Comments: 12 pages, 15 figures Subjects: Cryptography and Security (cs.CR); Distributed, Parallel, and Cluster Computing (cs.DC) Cite as: arXiv:2604.24869 [cs.CR]   (or arXiv:2604.24869v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2604.24869 Focus to learn more Submission history From: Matthew Chou [view email] [v1] Mon, 27 Apr 2026 18:00:23 UTC (2,707 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-04 Change to browse by: cs cs.DC References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)