We investigate alternate ways to bring TLS into the post-quantum age. Notably, we try to get rid of the expensive signature schemes in the online handshake, by authenticating using only KEMs.
PhD candidate at Radboud University
My research interests include (post-quantum) cryptography and protocols
The new TLS 1.3 standard  does not yet provide any support for post-quantum algorithms. In this blog post we’ll be talking about how we could negotiate a post-quantum key exchange using a (post-quantum) Key Encapsulation Mechanism (KEM). In the NIST Standardisation effort , many KEMs are currently under consideration.
The recent KEMTLS protocol (Schwabe, Stebila and Wiggers,CCS’20) is a promising design for a quantum-safe TLS handshake protocol. …