Post-Quantum TLS with KEMs

Last updated on 2020-10-07 research, security

We investigate alternate ways to bring TLS into the post-quantum age. Notably, we try to get rid of the expensive signature schemes in the online handshake, by authenticating using only KEMs.

cryptography Post-Quantum key-encapsulation mechanisms KEM TLS

Posts

KEMTLS on the Cryptography.fm podcast

Douglas and I appeared on Nadim’s new podcast ‘Cryptography FM’ to talk about KEMTLS

2020-10-07 1 min read

Using (post-quantum) KEMs in TLS 1.3

The new TLS 1.3 standard [1] does not yet provide any support for post-quantum algorithms. In this blog post we’ll be talking about how we could negotiate a post-quantum key exchange using a (post-quantum) Key Encapsulation Mechanism (KEM). In the NIST Standardisation effort [2], many KEMs are currently under consideration.

Last updated on 2018-10-22 3 min read research

Publications

Implementing and Measuring KEMTLS

KEMTLS (CCS 2020) is a novel alternative to the Transport Layer Security (TLS) handshake that integrates post-quantum algorithms. It …

Sofía Celi, Armando Faz-Hernández, Nick Sullivan, Goutam Tamvada, Luke Valenta, Bas Westerbaan, Thom Wiggers, Christopher Wood

More efficient post-quantum KEMTLS with pre-distributed public keys

We make KEMTLS more efficient in scenarios where the client already has the server’s long-term public key, for example through caching or because it’s pre-installed.

Peter Schwabe, Douglas Stebila, Thom Wiggers

Post-Quantum TLS without handshake signatures

We present an alternative to TLS 1.3, by authenticating using only Key-Encapsulation Mechanisms. This allows us to get rid of handshake signatures, as post-quantum signature schemes are expensive, both in bytes and computation times.

Peter Schwabe, Douglas Stebila, Thom Wiggers

Events

KEMTLS: securing TLS connections from quantum adversaries

Talk about KEMTLS on Cloudflare TV

2021-03-29 14:00 — 14:30 Virtual

Thom Wiggers, Sofía Celi

Post-Quantum TLS without handshake signatures at RWC 2021

Talk about Post-Quantum TLS without Handshake Signatures at RWC 2021 (virtual).

2021-01-11 18:15 Virtual

Thom Wiggers, Sofía Celi

Post-Quantum TLS without handshake signatures

Conference talk about Post-Quantum TLS without Handshake Signatures at ACM CCS (virtual).

2020-11-09 — 2020-11-13 Virtual

Post-Quantum TLS without handshake signatures

Talk about Post-Quantum TLS without Handshake Signatures at the Lorentz Workshop (virtual)

2020-10-05 — 2020-10-09 Virtual

Lunch talk: Post-Quantum TLS without handshake signatures

Department Lunch Talk about KEMTLS

2020-10-02 12:30 — 13:30 Virtual