How Are We Going to Afford Post-Quantum Authentication?
Invited talk for Comcast Research's Monthly Research Presentation Series on the costs and challenges of post-quantum authentication.
Comprehensive Deniability Analysis of Signal Handshake Protocols: X3DH, PQXDH to Fully Post-Quantum with Deniable Ring Signatures
Conference talk presenting a unified framework for deniability analysis of Signal handshake protocols, including a deniable ring signature from Falcon/MAYO.
Bundled Authenticated Key Exchange: A Concrete Treatment of (Post-Quantum) Signal's Handshake Protocol
Conference talk presenting the BAKE framework for Signal's handshake protocols, covering X3DH, PQXDH, and the fully post-quantum RingXKEM.
Comprehensive Deniability Analysis of Signal Handshake Protocols: X3DH, PQXDH to Fully Post-Quantum with Deniable Ring Signatures
The Signal protocol relies on a handshake protocol, formerly X3DH and now PQXDH, to set up secure conversations. One of its privacy properties, of value to Signal, is deniability, …
Shuichi Katsumata
Bundled Authenticated Key Exchange: A Concrete Treatment of (Post-Quantum) Signal's Handshake Protocol
The Signal protocol relies on a special handshake protocol, formerly X3DH and now PQXDH, to set up secure conversations. Prior analysis of these protocols (or proposals for …
Shuichi Katsumata
Optimizations and Practicality of High-Security CSIDH
We propose higher-security parametersets of CSIDH, and present highly-optimized implementations. We measure the performance when using these parameters in TLS, and show that the …
fabio-campos
A tale of two models: formal verification of KEMTLS in Tamarin
We prove the security of KEMTLS in two Tamarin models. One mode is based on the Cremers et al. model of TLS 1.3; the other closely resembles our pen-and-paper proofs. These models …
Sofía Celi
Invited Lecture: TLS and Post-Quantum (Applied Cryptography, Radboud University)
Invited lecture about TLS, its history and making TLS post quantum. I also discuss KEMTLS.
Building confidence in cryptographic protocols
An introduction to formal analysis and our proof of the security of KEMTLS.
More efficient post-quantum KEMTLS with pre-distributed public keys
We make KEMTLS more efficient in scenarios where the client already has the server's long-term public key, for example through caching or because it's pre-installed.
Peter Schwabe