Post-Quantum TLS with KEMs

Thom Wiggers
Last updated on 2020-10-07 research, security

We investigate alternate ways to bring TLS into the post-quantum age. Notably, we try to get rid of the expensive signature schemes in the online handshake, by authenticating using only KEMs.

cryptography Post-Quantum key-encapsulation mechanisms KEM TLS
Thom Wiggers
Thom Wiggers
PhD candidate at Radboud University

My research interests include (post-quantum) cryptography and protocols

Posts

Building confidence in cryptographic protocols
An introduction to formal analysis and our proof of the security of KEMTLS.
Thom Wiggers
Last updated on 2022-02-27 1 min read research
Project
Making protocols post-quantum
Post-quantum key exchange and signature algorithms come with different trade-offs that we’re not used to. How do we handle that when updating protocols, and is this an opportunity to revisit the status quo?
Thom Wiggers
Last updated on 2022-02-27 1 min read
Project
Making protocols post-quantum
KEMTLS on the Cryptography.fm podcast
Douglas and I appeared on Nadim’s new podcast ‘Cryptography FM’ to talk about KEMTLS
Thom Wiggers
Last updated on 2020-10-16 1 min read
Project
Using (post-quantum) KEMs in TLS 1.3

The new TLS 1.3 standard [1] does not yet provide any support for post-quantum algorithms. In this blog post we’ll be talking about how we could negotiate a post-quantum key exchange using a (post-quantum) Key Encapsulation Mechanism (KEM). In the NIST Standardisation effort [2], many KEMs are currently under consideration.

Thom Wiggers
Last updated on 2021-05-21 3 min read research
Project

Publications

A tale of two models: formal verification KEMTLS in Tamarin
We prove the security of KEMTLS in two Tamarin models. One mode is based on the Cremers et al. model of TLS 1.3; the other closely resembles our pen-and-paper proofs. These models allow us to analyse KEMTLS, and its extension KEMTLS-PDK from different angles.
Sofía Celi , Jonathan Hoyland, Douglas Stebila , Thom Wiggers
PDF Cite Project DOI
KEMTLS with Delayed Forward Identity Protection in (Almost) a Single Round

The recent KEMTLS protocol (Schwabe, Stebila and Wiggers,CCS’20) is a promising design for a quantum-safe TLS handshake protocol. …

Felix Günther, Simon Rastikian, Patrick Towa, Thom Wiggers
Preprint Cite Project DOI
Implementing and Measuring KEMTLS
KEMTLS (CCS 2020) is a novel alternative to the Transport Layer Security (TLS) handshake that integrates post-quantum algorithms. It …
Sofía Celi , Armando Faz-Hernández, Nick Sullivan, Goutam Tamvada, Luke Valenta, Bas Westerbaan, Thom Wiggers, Christopher Wood
Preprint PDF Cite Project DOI
More efficient post-quantum KEMTLS with pre-distributed public keys
We make KEMTLS more efficient in scenarios where the client already has the server’s long-term public key, for example through caching or because it’s pre-installed.
Preprint PDF Cite Project DOI
Post-Quantum TLS without handshake signatures
We present an alternative to TLS 1.3, by authenticating using only Key-Encapsulation Mechanisms. This allows us to get rid of handshake signatures, as post-quantum signature schemes are expensive, both in bytes and computation times.
Preprint PDF Cite Code Dataset Project DOI

Events

A tale of two models: formal analysis of KEMTLS in Tamarin
Conference presentation of our KEMTLS formal analysis paper at ESORICS 2022
2022-09-27 15:00 — 15:20 DGI Byen CPH Conference Center
Thom Wiggers
Project Slides
KEMTLS-PDK
Conference talk about KEMTLS-PDK
2021-10-07 15:15 — 16:30 Virtual
Thom Wiggers
Project Slides
KEMTLS: securing TLS connections from quantum adversaries
Talk about KEMTLS on Cloudflare TV
2021-03-29 14:00 — 14:30 Virtual
Thom Wiggers, Sofía Celi
Project Slides Video
Post-Quantum TLS without handshake signatures at RWC 2021
Talk about Post-Quantum TLS without Handshake Signatures at RWC 2021 (virtual).
2021-01-11 18:15 Virtual
Thom Wiggers, Sofía Celi
Project Slides Video
Post-Quantum TLS without handshake signatures
Conference talk about Post-Quantum TLS without Handshake Signatures at ACM CCS (virtual).
2020-11-09 — 2020-11-13 Virtual
Thom Wiggers
PDF Project Slides Video
Post-Quantum TLS without handshake signatures
Talk about Post-Quantum TLS without Handshake Signatures at the Lorentz Workshop (virtual)
2020-10-05 — 2020-10-09 Virtual
Thom Wiggers
Project Slides Video
Lunch talk: Post-Quantum TLS without handshake signatures
Department Lunch Talk about KEMTLS
2020-10-02 12:30 — 13:30 Virtual
Thom Wiggers
Project Slides