We investigate alternate ways to bring TLS into the post-quantum age. Notably, we try to get rid of the expensive signature schemes in the online handshake, by authenticating using only KEMs.
Senior Cryptography Researcher at PQShield
My research interests include (post-quantum) cryptography and protocols
An introduction to formal analysis and our proof of the security of KEMTLS.
Thom WiggersLast updated on 2022-02-27 1 min read research
Post-quantum key exchange and signature algorithms come with different trade-offs that we’re not used to. How do we handle that when updating protocols, and is this an opportunity to revisit the status quo?
Thom WiggersLast updated on 2022-02-27 1 min read
Douglas and I appeared on Nadim’s new podcast ‘Cryptography FM’ to talk about KEMTLS
Thom WiggersLast updated on 2020-10-16 1 min read
The new TLS 1.3 standard  does not yet provide any support for post-quantum algorithms. In this blog post we’ll be talking about how we could negotiate a post-quantum key exchange using a (post-quantum) Key Encapsulation Mechanism (KEM). In the NIST Standardisation effort , many KEMs are currently under consideration.
Thom WiggersLast updated on 2021-05-21 3 min read research
We prove the security of KEMTLS in two Tamarin models. One mode is based on the Cremers et al. model of TLS 1.3; the other closely resembles our pen-and-paper proofs. These models allow us to analyse KEMTLS, and its extension KEMTLS-PDK from different angles.
Sofía Celi , Jonathan Hoyland, Douglas Stebila , Thom Wiggers
The recent KEMTLS protocol (Schwabe, Stebila and Wiggers,CCS’20) is a promising design for a quantum-safe TLS handshake protocol. …
Felix Günther, Simon Rastikian, Patrick Towa, Thom Wiggers
KEMTLS (CCS 2020) is a novel alternative to the Transport Layer Security (TLS) handshake that integrates post-quantum algorithms. It …
Sofía Celi , Armando Faz-Hernández, Nick Sullivan, Goutam Tamvada, Luke Valenta, Bas Westerbaan, Thom Wiggers, Christopher Wood
We make KEMTLS more efficient in scenarios where the client already has the server’s long-term public key, for example through caching or because it’s pre-installed.
We present an alternative to TLS 1.3, by authenticating using only Key-Encapsulation Mechanisms. This allows us to get rid of handshake signatures, as post-quantum signature schemes are expensive, both in bytes and computation times.
Conference talk about our publication KEMTLS vs. Post-Quantum TLS: Performance on Embedded Systems at SPACE 2022
2022-12-11 11:30 — 12:00 LNMIIT Jaipur
Conference presentation of our KEMTLS formal analysis paper at ESORICS 2022
2022-09-27 15:00 — 15:20 DGI Byen CPH Conference Center
Conference talk about KEMTLS-PDK
2021-10-07 15:15 — 16:30 Virtual
Talk about KEMTLS on Cloudflare TV
2021-03-29 14:00 — 14:30 Virtual
Thom Wiggers, Sofía Celi
Conference talk about Post-Quantum TLS without Handshake Signatures at ACM CCS (virtual).
2020-11-09 — 2020-11-13 Virtual
Talk about Post-Quantum TLS without Handshake Signatures at the Lorentz Workshop (virtual)
2020-10-05 — 2020-10-09 Virtual
Department Lunch Talk about KEMTLS
2020-10-02 12:30 — 13:30 Virtual