Live performance
PQC benchmarks — real numbers, reproducible
These are not marketing numbers. Every value below is captured by the same liboqs build that runs in QNSP production, on the host listed in the test environment box. Re-run the script yourself; the JSON output is committed to the repo.
Key Encapsulation Mechanisms (KEMs)
p50 latency per operation. 500 iterations per algorithm with one untimed warm-up.
| Algorithm | Standard | NIST cat. | Keygen p50 | Encaps p50 | Decaps p50 | Keygen ops/s | Pub key | Ciphertext |
|---|---|---|---|---|---|---|---|---|
| ML-KEM-512 | FIPS 203 | L1 | 6.0 µs | 7.0 µs | 7.0 µs | 137.2k /s | 800B | 768B |
| ML-KEM-768 | FIPS 203 | L3 | 0.010 ms | 0.010 ms | 0.011 ms | 99.8k /s | 1184B | 1088B |
| ML-KEM-1024 | FIPS 203 | L5 | 0.014 ms | 0.014 ms | 0.016 ms | 68.4k /s | 1568B | 1568B |
Digital signatures
p50 latency per operation. Iteration counts vary by algorithm cost (ML-DSA: 100–200, Falcon: 50, SLH-DSA: 10–25). Message size: 179 bytes.
| Algorithm | Standard | NIST cat. | Keygen p50 | Sign p50 | Verify p50 | Verify ops/s | Pub key | Sig size |
|---|---|---|---|---|---|---|---|---|
| ML-DSA-44 | FIPS 204 | L2 | 0.035 ms | 0.139 ms | 0.037 ms | 26.1k /s | 1312B | 2420B |
| ML-DSA-65 | FIPS 204 | L3 | 0.068 ms | 0.207 ms | 0.060 ms | 16.6k /s | 1952B | 3309B |
| ML-DSA-87 | FIPS 204 | L5 | 0.097 ms | 0.246 ms | 0.095 ms | 10.3k /s | 2592B | 4627B |
| Falcon-512 | FN-DSA (NIST round 3) | L1 | 2.95 ms | 0.110 ms | 0.017 ms | 57.2k /s | 897B | 654B |
| SLH-DSA-SHA2-128f | FIPS 205 | L1 | 0.503 ms | 11.69 ms | 0.722 ms | 1.4k /s | 32B | 17088B |
| SLH-DSA-SHA2-256f | FIPS 205 | L5 | 2.08 ms | 39.56 ms | 1.07 ms | 945 /s | 64B | 49856B |
Reproduce these numbers
git clone https://github.com/cuilabs/qnsppnpm installpnpm --filter @qnsp/web-portal run bench:pqc- Diff your output against /pqc-benchmarks/pqc-latest.json. Absolute timings vary with hardware; the cross-algorithm ratios should match.
Source: apps/web/scripts/run-pqc-benchmarks.ts. Schema: apps/web/lib/benchmark-types.ts. The runner uses process.hrtime.bigint() for nanosecond timing and discards the first untimed iteration to remove cold-cache and JIT warmup effects.
What this proves
Production PQC isn't a research problem — it's a measurement problem
ML-KEM-768 (the FIPS 203 default for most QNSP tiers) generates a key pair in microseconds and runs encapsulate / decapsulate at hundreds of thousands of operations per second on commodity hardware. ML-DSA-65 signatures verify orders of magnitude faster than they sign — making PQC viable on the synchronous request path of services that issue many short-lived tokens. SLH-DSA is conservative and slow but produces hash-based signatures with a different security argument than lattice-based schemes, and we benchmark it so customers in regulated sectors can pick it deliberately rather than ruling it out by reputation.
These numbers are why QNSP can run a PQC-only crypto policy at the edge gateway, KMS, and audit-service tiers without extra infrastructure. The same liboqs binary that produced this JSON also handles every key, signature, and audit record on the platform.