We investigate alternate ways to bring TLS into the post-quantum age. Notably, we try to get rid of the expensive signature schemes in the online handshake, by authenticating using only KEMs.
Senior Cryptography Researcher
My research interests include (post-quantum) cryptography and protocols
The new TLS 1.3 standard  does not yet provide any support for post-quantum algorithms. In this blog post we’ll be talking about how we could negotiate a post-quantum key exchange using a (post-quantum) Key Encapsulation Mechanism (KEM). In the NIST Standardisation effort , many KEMs are currently under consideration.
The recent KEMTLS protocol (Schwabe, Stebila and Wiggers,CCS’20) is a promising design for a quantum-safe TLS handshake protocol. …