What's the performance impact of adopting Post-Quantum Cryptography inside ADSS Server?
This blog presents controlled software-based benchmarking results, comparing classic algorithms (RSA and ECDSA) with ML-DSA within ADSS Server 8.4.
The objective is not marketing optimisation — it is architectural transparency.
In the previous articles in this series, I examined:
- Structural integration of ML-DSA within X.509 and CMS
- Interoperability validation using OpenSSL and Bouncy Castle
Now, let's look at performance benchmarks.
1. Benchmarking Scope
The following operations were measured:
Digital Signature Operations (CMS)
- RSA-2048 signing
- ECDSA‑P256 signing
- ML‑DSA‑44 (Level 2) signing
- ML‑DSA‑65 (Level 3) signing
- ML‑DSA‑87 (Level 5) signing
OCSP Response Signing
- RSA-2048
- ECDSA‑P256
- ML‑DSA‑44 (Level 2)
- ML‑DSA‑65 (Level 3)
- ML‑DSA‑87 (Level 5)
Timestamp Response Signing
- RSA-2048
- ECDSA‑P256
- ML‑DSA‑44 (Level 2)
- ML‑DSA‑65 (Level 3)
- ML‑DSA‑87 (Level 5)
All above tests were conducted using ADSS Server 8.4.0 in software‑only mode (no HSM acceleration).
2. Test Environment
- ADSS Server 8.4
- Microsoft Windows Server 2022 Standard (10.0.20348 N/A Build 20348) – RAM = 16 GB
- JVM default settings
- 1 KB payload for signing tests
- Detached CMS signing
- OCSP Response signing
- Timestamp Response signing
- Warm JVM (steady‑state performance measured)
Each test was executed in batches of 10,000 operations, and average performance was calculated.
3. Digital Signature – Signing Performance
3.1 Detached CMS Signature Performance Overview
| Algorithm | Signing Performance (TPS) | Signature Size (Approx) |
|---|---|---|
| ECDSA‑P256 | 206 | 2 bytes |
| RSA‑2048 | 230 | 256 bytes |
| ML‑DSA‑44 | 198 | 2420 bytes |
| ML‑DSA‑65 | 194 | 3309 bytes |
| ML‑DSA‑87 | 184 | 4627 bytes |
3.2 OCSP Response Performance Overview
| Algorithm | Performance (TPS) |
|---|---|
| ECDSA‑P256 | 2551 |
| RSA‑2048 | 1641 |
| ML‑DSA‑44 (Level 2) | 2205 |
| ML‑DSA‑65 (Level 3) | 1951 |
| ML‑DSA‑87 (Level 5) | 1767 |
3.3 Timestamp Response Performance Overview
| Algorithm | Performance (TPS) |
|---|---|
| ECDSA‑P256 | 3842 |
| RSA‑2048 | 2081 |
| ML‑DSA‑44 (Level 2) | 3142 |
| ML‑DSA‑65 (Level 3) | 2759 |
| ML‑DSA‑87 (Level 5) | 2437 |
Observations
- ML‑DSA signing is slower than ECDSA‑P256 but comparable to, or moderately slower than, RSA‑2048 in many cases.
- The performance increase scales with security level (2 → 3 → 5).
- Signature size increases significantly compared to classical algorithms.
From an architectural standpoint: signing performance remains practical for server‑side use, but throughput planning must account for increased computational cost.
4. Signature Verification Performance
Verification performance seems more practical as we done some raw signature testing in POC. Verification cost is critical for:
- OCSP responders
- High‑volume validation services
- Document validation platforms
4.1 Signature Verification Performance (POC)
| Algorithm | RAW Signature Verification (TPS) |
|---|---|
| ECDSA‑P256 | 2666 |
| RSA‑2048 | 21276 |
| ML‑DSA‑44 (Level 2) | 7092 |
| ML‑DSA‑65 (Level 3) | 4926 |
| ML‑DSA‑87 (Level 5) | 3154 |
Observations
- ML‑DSA verification is generally faster relative to its signing cost.
- In many cases, ML‑DSA verification is closer to RSA‑2048 than to ECDSA‑P256.
- For high‑volume validation workloads, ML‑DSA remains operationally viable.
Importantly:
Verification scaling remains linear and predictable under load.
5. Artefact Size Impact
Beyond CPU cost, PQC affects:
- Certificate size
- CRL size
- CMS signature size
- OCSP response size
5.1 Certificate Size Comparison
| Algorithm | End-Entity Certificate Size (Approx) |
|---|---|
| ECDSA‑P256 | ~1 KB |
| RSA‑2048 | ~1.5 KB |
| ML‑DSA‑3 | ~5–7 KB |
Observations
- Certificate size increases significantly.
- CRLs grow proportionally due to larger signature fields.
- CMS signatures may increase by multiple kilobytes.
Architectural implications:
- Increased storage requirements
- Increased bandwidth usage
- Potential impact on high‑frequency OCSP environments
This is often a larger operational concern than CPU cost.
6. Throughput Considerations
Under sustained load:
- ML‑DSA signing throughput is lower than ECDSA.
- CPU utilisation increases proportionally.
- Horizontal scaling becomes more relevant for high‑volume signing services.
However:
ADSS Server's stateless signing architecture allows:
- Load‑balanced scaling
- Policy‑based algorithm selection
- Hybrid classical + PQC deployment strategies
This mitigates performance concerns at scale.
7. Practical Deployment Guidance
Based on testing:
For High‑Volume Signing:
- Consider ML‑DSA‑2 where regulatory constraints allow.
- Scale horizontally rather than vertically.
For Root / CA Certificates:
- ML‑DSA‑5 provides maximum security margin.
- Performance impact is negligible due to low issuance frequency.
For Validation Services:
- Provision additional CPU capacity compared to ECDSA‑only environments.
- Monitor CRL and OCSP response sizes in bandwidth‑sensitive deployments.
8. Architectural Conclusion
The performance impact of PQC adoption in ADSS Server can be summarised as:
- CPU cost increases moderately
- Artefact size increases significantly
- Structural semantics remain unchanged
- Operational viability remains intact
