Paper-Conference

Revisiting PQ WireGuard: A Comprehensive Security Analysis With a New Design Using Reinforced KEMs
WireGuard is a VPN protocol with an efficient, DH-based handshake. Prior attempts at making it PQ heavily relied on Classic McEliece, which has deployment complications. We revisit PQ WireGuard and manage to get rid of one of the uses of Classic McEliece by providing optimized KEMs. We also fix a flaw in the security of post-quantum WireGuard, which assumed KEM binding properties not necessarily provided by Classic McEliece.
Keitaro Hashimoto, Shuichi Katsumata, Guilhem Niot, Thom Wiggers
Preprint Cite
A Comprehensive Study of the Signal Handshake Protocol: Bundled Authenticated Key Exchange
The Signal protocol relies on a special handshake protocol, formerly X3DH and now PQXDH, to set up secure conversations. One of its …
Keitaro Hashimoto, Shuichi Katsumata, Guilhem Niot, Ida Tucker, Thom Wiggers
PDF Cite Slides
Bundled Authenticated Key Exchange: A Concrete Treatment of (Post-Quantum) Signal's Handshake Protocol
The Signal protocol relies on a special handshake protocol, formerly X3DH and now PQXDH, to set up secure conversations. Prior analysis …
Preprint PDF Cite
Comprehensive Deniability Analysis of Signal Handshake Protocols: X3DH, PQXDH to Fully Post-Quantum with Deniable Ring Signatures

The Signal protocol relies on a handshake protocol, formerly X3DH and now PQXDH, to set up secure conversations. One of its privacy …

Shuichi Katsumata , Guilhem Niot , Ida Tucker, Thom Wiggers
Preprint PDF Cite
TLS → Post-Quantum TLS: Inspecting the TLS landscape for PQC adoption on Android
The ubiquitous use of smartphones has contributed to more and more users conducting their online browsing activities through apps, …
Dimitri Mankowski, Thom Wiggers, Veelasha Moonsamy
Preprint PDF Code Dataset DOI
KEMTLS vs. Post-Quantum TLS: Performance on Embedded Systems
We investigate the performance of KEMTLS and PQ instantiations of TLS 1.3 on embedded devices.
Ruben Gonzalez, Thom Wiggers
PDF Cite Project Slides DOI
A tale of two models: formal verification of KEMTLS in Tamarin
We prove the security of KEMTLS in two Tamarin models. One mode is based on the Cremers et al. model of TLS 1.3; the other closely resembles our pen-and-paper proofs. These models allow us to analyse KEMTLS, and its extension KEMTLS-PDK from different angles.
Sofía Celi , Jonathan Hoyland, Douglas Stebila , Thom Wiggers
Preprint PDF Cite Project DOI
KEMTLS with Delayed Forward Identity Protection in (Almost) a Single Round

The recent KEMTLS protocol (Schwabe, Stebila and Wiggers,CCS’20) is a promising design for a quantum-safe TLS handshake protocol. …

Felix Günther, Simon Rastikian, Patrick Towa, Thom Wiggers
Preprint Cite Project DOI
Improving Software Quality in Cryptography Standardization Projects

The NIST post-quantum cryptography (PQC) standardization project is probably the largest and most ambitious cryptography …

Preprint PDF Cite DOI
Implementing and Measuring KEMTLS
KEMTLS (CCS 2020) is a novel alternative to the Transport Layer Security (TLS) handshake that integrates post-quantum algorithms. It …
Sofía Celi , Armando Faz-Hernández, Nick Sullivan, Goutam Tamvada, Luke Valenta, Bas Westerbaan, Thom Wiggers, Christopher Wood
Preprint PDF Cite Project DOI