Post-Quantum TLS
Ph.D. thesis on post-quantum cryptography in TLS. I investigate current proposals for post-quantum TLS, but more importantly we propose a more efficient TLS handshake that makes …
Professional Summary
Thom Wiggers is a cryptography researcher at PQShield.
His PhD thesis was on the interactions of post-quantum cryptography with protocols, under the supervision of Peter Schwabe, at the Institute of Computing and Information Sciences, Radboud University in The Netherlands.
Education
Ph.D. in Post-Quantum Cryptography
2018-09-01
2024-01-09
Radboud University Nijmegen
MSc in Computing Science
2015-09-01
2018-08-31
Radboud University Nijmegen
Interests
Cryptography
Post-Quantum Cryptography
Protocols
Information Security
📚 My Research
Thom Wiggers is a cryptography researcher at PQShield. His research focuses on the design, formal analysis, and standardization of post-quantum cryptographic protocols.
Building on his PhD research into KEM-based authentication (KEMTLS), he has recently worked on redesigning Post-Quantum WireGuard using reinforced KEMs and providing a comprehensive deniability analysis of the Signal handshake protocol.
In the IETF, Thom is active in the PQUIP, PLANTS, and TLS working groups. In the TLS working group, he is a member of its formal analysis triage team (FATT). He is currently working on standardizing state and backup management for stateful hash-based signatures and has co-authored the AuthKEM proposal for TLS.
Featured Publications
Post-Quantum TLS without handshake signatures
We present an alternative to TLS 1.3, by authenticating using only Key-Encapsulation Mechanisms. This allows us to get rid of handshake signatures, as post-quantum signature …
Peter Schwabe
Recent Publications
Revisiting PQ WireGuard: A Comprehensive Security Analysis With a New Design Using Reinforced KEMs.
IEEE S&P 2026,
2026.
A Comprehensive Study of the Signal Handshake Protocol: Bundled Authenticated Key Exchange.
NIST PQC Conference,
2025.
Bundled Authenticated Key Exchange: A Concrete Treatment of (Post-Quantum) Signal's Handshake Protocol.
USENIX Security ‘25,
2025.
Comprehensive Deniability Analysis of Signal Handshake Protocols: X3DH, PQXDH
to Fully Post-Quantum with Deniable Ring Signatures
.
USENIX Security ‘25,
2025.
Optimizations and Practicality of High-Security CSIDH.
IACR Communications in Cryptology,
2024.
Recent & Upcoming Talks
Bundled Authenticated Key Exchange: A Concrete Treatment of (Post-Quantum) Signal's Handshake Protocol
Conference talk presenting the BAKE framework for Signal's handshake protocols, covering X3DH, PQXDH, and the fully post-quantum RingXKEM.
Comprehensive Deniability Analysis of Signal Handshake Protocols: X3DH, PQXDH to Fully Post-Quantum with Deniable Ring Signatures
Conference talk presenting a unified framework for deniability analysis of Signal handshake protocols, including a deniable ring signature from Falcon/MAYO.
Extended Key Update FATT Report
I presented a Formal Analysis Triage Team report on Extended Key Usage (EKU) in the TLS working group session.
Hash-based Signatures: State and Backup Management draft-ietf-pquip-hbs-state-00
I presented a status update on our IETF draft on stateful HBS state management, now adopted as a PQUIP working group document.
Fully PQ TLS in the WWW
Key exchange in TLS is now mostly PQ! But what about authentication? In this talk, I discussed some of the ongoing work to make the costs of PQ certificates acceptable so that …
Recent News
Using Emoji in (pdf)LaTex
I recently wanted to use Emoji in a paper, but I did not want to force my contributors into using LuaLaTeX or XeLaTeX (in which you can just use fancy fonts). So as a work around, …
Post-quantum TLS experiments
Recently, I have computed the sizes and measured the performance of post-quantum TLS (both PQ key exchange and post-quantum authentication). In these experiments, I have examined …
hxp 2022 (2023) CTF writeup
After I found myself in a vacation rental with Bas and Joost, we thought it would be fun to have a go at a few of hxp’s 2022 2023 ctf challenges as team #RU (long story relating to …
LaTeX Tips and Tricks
After a discussion on twitter I decided I should write down a few of the tips and tricks I’ve learnt over the years of writing papers and many other things in LaTeX.
Cloudflare Internship
If you’re curious about some of the things I’ve worked on while at Cloudflare, see this post on Cloudflare’s internal blog.
Building confidence in cryptographic protocols
An introduction to formal analysis and our proof of the security of KEMTLS.
Making protocols post-quantum
Post-quantum key exchange and signature algorithms come with different trade-offs that we’re not used to. How do we handle that when updating protocols, and is this an opportunity …
Todoist, Omnifocus and Things 3 review
A brief overview of three to-do/project management apps.
KEMTLS on the Cryptography.fm podcast
Douglas and I appeared on Nadim's new podcast ‘Cryptography FM’ to talk about KEMTLS
Dissecting Proctorio
This article previously appeared in Thalia’s Thabloid, in the 2019–2020 issue number 5. It was written at the end of May and may not reflect current practice at Radboud University. …
Contact
You can reach me via email at [email protected].