Inferensys

Glossary

QUIC (0-RTT)

QUIC 0-RTT is a transport protocol feature that enables zero round-trip time connection establishment, drastically reducing the latency overhead for fetching small objects from an edge cache.
Data engineer managing feature store on laptop, feature definitions visible, casual data engineering session.
TRANSPORT PROTOCOL

What is QUIC (0-RTT)?

QUIC (Quick UDP Internet Connections) with 0-RTT (Zero Round-Trip Time) is a transport protocol that enables a client to send application data in its very first handshake packet to a previously connected server, eliminating the latency overhead of connection establishment for returning users.

QUIC 0-RTT achieves its speed by leveraging a pre-shared cryptographic ticket cached from a prior session. When a client reconnects, it derives initial encryption keys from this ticket and sends an HTTP request—such as a small object fetch from an edge cache—immediately within the initial ClientHello, without waiting for a server reply. This mechanism directly reduces the fetch latency for cached content to nearly the bare propagation delay of the network path.

The primary trade-off is weakened security against replay attacks, as a 0-RTT payload can be captured and retransmitted by an attacker, potentially triggering idempotency issues. To mitigate this, servers limit 0-RTT to idempotent methods like GET requests and may restrict the lifetime of session tickets. For proactive caching and edge pre-fetching, this protocol is critical for making cache lookups over encrypted tunnels feel instantaneous.

Zero Round-Trip Time Resumption

Key Features of QUIC 0-RTT

QUIC 0-RTT is a transport protocol mechanism that allows a client to send application data in its very first flight of packets to a server it has previously connected to, eliminating the initial handshake latency entirely.

01

Cryptographic Session Resumption

0-RTT relies on a pre-shared key (PSK) or session ticket established during a prior connection. The client caches this ticket and uses it to derive early data encryption keys. On a subsequent connection, the client sends the encrypted early data alongside the ClientHello, allowing the server to immediately decrypt and process the request without a full TLS handshake. This mechanism is defined in RFC 8446 for TLS 1.3, which QUIC mandates.

02

Replay Attack Vulnerability

A critical security consideration: 0-RTT data is inherently vulnerable to replay attacks. An attacker can capture the encrypted early data and retransmit it, causing the server to process the same request multiple times. Mitigations include:

  • Idempotent operations only: Servers must ensure 0-RTT requests (e.g., GET) are safe to replay.
  • Single-use tickets: Limiting the number of times a session ticket can be used.
  • Client IP validation: Correlating early data with a consistent source address.
03

Latency Reduction for Edge Caching

For proactive caching and edge pre-fetching, 0-RTT is transformative. When fetching a small, predicted object from a MEC cache, a standard TLS 1.2 handshake requires 2-3 round trips (often 50-150ms on cellular networks) before the first byte of data. 0-RTT collapses this to 0 round trips, meaning the cached content begins arriving at the client within the propagation delay of the first packet. This makes pre-fetching small, dynamic objects viable.

04

Forward Secrecy Trade-off

Standard QUIC 1-RTT handshakes provide perfect forward secrecy (PFS) via ephemeral Diffie-Hellman key exchange. 0-RTT data, however, is encrypted using keys derived solely from the static PSK. If the PSK is later compromised, all previously recorded 0-RTT data can be decrypted. This is a fundamental trade-off: latency vs. forward secrecy. Applications handling sensitive data should never transmit non-idempotent or confidential information in 0-RTT early data.

05

HTTP/3 Integration

QUIC serves as the transport for HTTP/3. 0-RTT is exposed to web applications via the Early-Data header. A server can indicate support by sending a 103 Early Hints response. Browsers typically restrict 0-RTT to idempotent methods (GET, HEAD, OPTIONS) and may delay sending non-idempotent requests until the handshake completes. This integration allows web pages to load cached assets with zero handshake overhead on repeat visits.

06

Anti-Amplification Limits

To prevent amplification attacks, QUIC enforces strict limits on 0-RTT. A server must not send more than three times the amount of data it has received from the client until the client's address is validated. This means a server's response to a 0-RTT request is capped in size. For edge caching, this implies that 0-RTT is best suited for fetching small, critical objects (e.g., a JSON manifest or a small image tile) rather than large video segments, which must wait for address validation.

QUIC & 0-RTT

Frequently Asked Questions

Essential questions about the transport protocol that eliminates connection establishment latency for edge caching and proactive content delivery.

QUIC (Quick UDP Internet Connections) is a multiplexed transport layer protocol designed by Google and standardized as RFC 9000 that runs on top of UDP instead of TCP. It fundamentally rearchitects how a reliable connection is established by integrating TLS 1.3 directly into the handshake, eliminating the separate TCP three-way handshake and TLS negotiation that HTTP/2 and earlier protocols require. QUIC operates on a stream-based multiplexing model: multiple independent byte streams flow within a single connection, so a lost packet on one stream never blocks data delivery on another—solving TCP's notorious head-of-line blocking problem. Each QUIC packet carries a unique packet number used for loss detection and recovery, and connections survive network changes (like switching from Wi-Fi to cellular) through connection migration, which uses a connection ID rather than the IP/port tuple to identify sessions. For edge caching and proactive content delivery, QUIC's 0-RTT capability is transformative: a client that has previously connected to a server can send encrypted application data in the very first packet of a subsequent connection, reducing the time to fetch a small cached object from potentially hundreds of milliseconds to effectively zero.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.