In this talk, I explain that although the focus on and progress with post-quantum key exchange is great, that does not mean that we should relax about post-quantum authentication. Post-quantum authentication is going to be hard and expensive (in most importantly bandwidth), and this will likely remain the case.

Ph.D. thesis on post-quantum cryptography in TLS. I investigate current proposals for post-quantum TLS, but more importantly we propose a more efficient TLS handshake that makes use of trade-offs presented by post-quantum cryptographic primitives (which were not as profound in pre-quantum primitives). This more efficient protocol we call KEMTLS. Benchmarks in several different settings for all variants of post-quantum TLS show that KEMTLS is efficient, and we also have an extensive analysis of the security of KEMTLS.