cryptography

Post-Quantum TLS without handshake signatures

We present an alternative to TLS 1.3, by authenticating using only Key-Encapsulation Mechanisms. This allows us to get rid of handshake signatures, as post-quantum signature schemes are expensive, both in bytes and computation times.

Post-Quantum TLS with KEMs

We investigate getting rid of signatures in TLS

Solving LPN Using Large Covering Codes

Since quantum computers are expected to break most of the cryptographic schemes we rely on today, we need to look at alternatives. Learning Parity with Noise (LPN) is mathematical problem that we can base cryptographic schemes on, and it is supposed …

Rephrasing TLS key exchange in terms of KEMs

In the RFC for TLS 1.3 ( RFC8446) especially, the key exchange is defined in terms of (EC)DH key shares being exchanged. This limits us to algorithms which support non-interactive key exchanges, while this is not necessary for the security of TLS 1.3 as defined by RFC8446.1 As we would like to implement (post-quantum) KEMs into TLS 1.3, we will now describe the changes to the spec that would be required.

Time-invariant equality in assembly

For crypto code it's important that it's time-invariant, otherwise it is vulnerable to timing attacks. I've had to build this time-invariant equality test from scratch, because I couldn't find something on Google. I hope it's useful to someone else.