EMPIRICAL PERFORMANCE EVALUATION OF NIST POST-QUANTUM CRYPTOGRAPHIC ALGORITHMS ML-KEM, ML-DSA, AND SLH-DSA ACROSS JDK VERSIONS

Authors

DOI:

https://doi.org/10.28925/2663-4023.2026.33.1210

Keywords:

post-quantum cryptography, ML-KEM, ML-DSA, SLH-DSA, Java, BouncyCastle, JDK, JMH

Abstract

The standardization of the ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205) algorithms by NIST in 2024 marked the beginning of a practical transition to post-quantum cryptography in enterprise software systems. The Java platform remains one of the most widely used in corporate environments; however, developers face a practical choice: whether to use the BouncyCastle library, which supports the new algorithms across all current JDK versions, or the native capabilities introduced in JDK 25. The absence of systematic empirical data on the performance of these algorithms in the Java environment — across platform versions, security levels, and operation types — makes it difficult to justify this choice when planning the migration of enterprise Java systems to post-quantum standards. This paper presents a systematic comparative performance study of ML-KEM, ML-DSA, and SLH-DSA in the Java environment based on a reproducible experiment using the Java Microbenchmark Harness in a containerized setting across three platform versions — JDK 17, JDK 21, and JDK 25 — comparing BouncyCastle 1.83 and the native JDK 25 implementation. For each algorithm, three core operations were measured: key pair generation, encapsulation or signing, and decapsulation or verification. For signature algorithms, the message size was additionally varied across 256 bytes, 1024 bytes, and 65536 bytes. Statistical significance of observed differences was assessed using the Mann–Whitney and Kruskal–Wallis tests, with post-hoc analysis performed using Dunn's method with Bonferroni correction.
It is established that the native JDK 25 implementation consistently underperforms BouncyCastle across all algorithms and operations. A dedicated benchmark of provider initialization overhead confirmed that this gap is attributable to the algorithmic implementation rather than infrastructure costs. Upgrading from JDK 17 to JDK 25 yields a statistically significant performance improvement for BouncyCastle implementations. Based on the experimental results, practical recommendations are formulated for Java developers regarding the choice of implementation and platform version when migrating to post-quantum standards. The source code and Docker Compose configuration are published in an open GitHub repository to enable independent reproduction of the results.

Downloads

Download data is not yet available.

References

National Institute of Standards and Technology. (2024a). FIPS 203: Module-lattice-based key-encapsulation mechanism standard. https://doi.org/10.6028/NIST.FIPS.203

National Institute of Standards and Technology. (2024b). FIPS 204: Module-lattice-based digital signature standard. https://doi.org/10.6028/NIST.FIPS.204

National Institute of Standards and Technology. (2024c). FIPS 205: Stateless hash-based digital signature standard. https://doi.org/10.6028/NIST.FIPS.205

Paquin, C., Stebila, D., & Tamvada, G. (2020). Benchmarking post-quantum cryptography in TLS. In J. Ding & J.-P. Tillich (Eds.), Post-quantum cryptography (PQCrypto 2020) (Lecture Notes in Computer Science, Vol. 12100). Springer. https://doi.org/10.1007/978-3-030-44223-1_5

Dziechciarz, D., & Niemiec, M. (2025). Efficiency analysis of NIST-standardized post-quantum cryptographic algorithms for digital signatures in various environments. Electronics, 14(1), 70. https://doi.org/10.3390/electronics14010070

Abbasi, M., Cardoso, F., Váz, P., Silva, J., & Martins, P. (2025). A practical performance benchmark of post-quantum cryptography across heterogeneous computing environments. Cryptography, 9(2), 32. https://doi.org/10.3390/cryptography9020032

Montenegro, J. A., Rios, R., & Lopez-Cerezo, J. (2026). A performance evaluation framework for post-quantum TLS. Future Generation Computer Systems, 175, 108062. https://doi.org/10.1016/j.future.2025.108062

Opiłka, F., Niemiec, M., Gagliardi, M., & Kourtis, M. A. (2024). Performance analysis of post-quantum cryptography algorithms for digital signature. Applied Sciences, 14(12), 4994. https://doi.org/10.3390/app14124994

Averichev, I., Rozhenko, A., & Kykhtenko, Y. (2025). Innovative approaches to improving the level of cybersecurity of corporate networks using cloud technologies. Cybersecurity: Education, Science, Technique, 1(29), 732-747. https://doi.org/10.28925/2663-4023.2025.29.934

Zarudnyi, I., & Liubchak, V. (2025). Methods and information technologies for secure integration of the Ethereum blockchain with the Internet of Things (IoT). Cybersecurity: Education, Science, Technique, 4(28), 104-114. https://doi.org/10.28925/2663-4023.2025.28.758

Prokopovych-Tkachenko, D. I., Khrushkov, B. S., & Derkach, Y. O. (2025). Post-quantum threats to information security: Challenges at the global and national levels. Systems and Technologies, 69(1), 118-123. https://doi.org/10.32782/2521-6643-2025-1-69.14

Oracle JEP 496: Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism

Bouncy Castle PQC and Lightweight Cryptography Updates

Miqdad, A. (2024). Analyzing Java Microbenchmark Harness (JMH) performance in open-source systems. https://hdl.handle.net/2077/84478

Kumar, M., & Pattnaik, P. (2020). Post-quantum cryptography (PQC): An overview. In Proceedings of the IEEE High Performance Extreme Computing Conference (HPEC 2020) (pp. 1-9). IEEE. https://doi.org/10.1109/HPEC43674.2020.9286147

Shand, M., & Vuillemin, J. (1993, June). Fast implementations of RSA cryptography. In Proceedings of the IEEE Symposium on Computer Arithmetic (pp. 252-259). https://doi.org/10.1109/ARITH.1993.378085

Johnson, D., Menezes, A., & Vanstone, S. (2001). The elliptic curve digital signature algorithm (ECDSA). International Journal of Information Security, 1, 36-63. https://doi.org/10.1007/s102070100002

Deshpande, S., Lee, Y., Karakuzu, C., Szefer, J., & Paek, Y. (2025). SPHINCSLET: An area-efficient accelerator for the full SPHINCS+ digital signature algorithm. ACM Transactions on Embedded Computing Systems, 24(5), Article 69, 1-19. https://doi.org/10.1145/3728469

Oleksiichuk, Y. (2026). PQC JDK benchmark: Performance benchmarks for NIST PQC algorithms ML-KEM, ML-DSA, SLH-DSA across JDK 17, 21, 25 [Computer software]. GitHub repository

Birnbaum, Z. W. (1956). On a use of the Mann-Whitney statistic. In Proceedings of the Third Berkeley Symposium on Mathematical Statistics and Probability (Vol. 1, pp. 13-18). University of California Press.

Downloads


Abstract views: 6

Published

2026-06-25

How to Cite

Oleksiichuk , Y. (2026). EMPIRICAL PERFORMANCE EVALUATION OF NIST POST-QUANTUM CRYPTOGRAPHIC ALGORITHMS ML-KEM, ML-DSA, AND SLH-DSA ACROSS JDK VERSIONS. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 1(33), 165–176. https://doi.org/10.28925/2663-4023.2026.33.1210

Issue

Vol. 1 No. 33 (2026): Cybersecurity: Education, Science, Technique

Section

Articles

License

Copyright (c) 2026 Юрій Олексійчук

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.