KEMTLS

KEMTLS vs. Post-Quantum TLS: Performance on Embedded Systems
Conference talk about our publication KEMTLS vs. Post-Quantum TLS: Performance on Embedded Systems at SPACE 2022
2022-12-11 11:30 — 12:00 LNMIIT Jaipur
Thom Wiggers
Project Slides
KEMTLS vs. Post-Quantum TLS: Performance on Embedded Systems
We investigate the performance of KEMTLS and PQ instantiations of TLS 1.3 on embedded devices.
Ruben Gonzalez, Thom Wiggers
PDF Cite Project Slides DOI
KEMTLS vs. Post-Quantum TLS: Performance on Embedded Systems
We investigate the performance of post-quantum TLS and KEMTLS clients in WolfSSL on embedded systems
Thom Wiggers
Last updated on 2022-12-10 research
A tale of two models: formal analysis of KEMTLS in Tamarin
Conference presentation of our KEMTLS formal analysis paper at ESORICS 2022
2022-09-27 15:00 — 15:20 DGI Byen CPH Conference Center
Thom Wiggers
Project Slides
A tale of two models: Formal analysis of KEMTLS in Tamarin
A tale of two models: Formal analysis of KEMTLS in Tamarin Sofía Celi, Jonathan Hoyland, Douglas Stebila and Thom Wiggers. Once upon a time... Observation: PQ signatures are quite big and/or slow Idea: Use KEMs for authentication Proposal: KEMTLS KEMTLS sequenceDiagram Client->>+Server: ClientHello: ephemeral kex Server->>-Client: ServerHello: ephemeral kex Server->>+Client: Certificate: static KEM pk Client->>-Server: Ciphertext Client->>Server: ClientFinished rect rgba(0, 0, 0, 0) Client-->>Server: Application Data end Server->>Client: ServerFinished Server-->>Client: Application Data sequenceDiagram Client->>+Server: ClientHello: ephemeral kex Server->>-Client: ServerHello: ephemeral kex Server->>+Client: Certificate: static KEM pk Client->>-Server: Ciphertext Client->>Server: ClientFinished rect pink Client-->>Server: Application Data end Server->>Client: ServerFinished Server-->>Client: Application Data Ephemeral KEM key exchange KEM public key in certificate Avoid extra round-trip by letting client send data immediately KEMTLS variants Mutual authentication What if the client already knows the server's public key?
Thom Wiggers
Last updated on 2022-09-27 research
A tale of two models: formal verification KEMTLS in Tamarin
We prove the security of KEMTLS in two Tamarin models. One mode is based on the Cremers et al. model of TLS 1.3; the other closely resembles our pen-and-paper proofs. These models allow us to analyse KEMTLS, and its extension KEMTLS-PDK from different angles.
Sofía Celi , Jonathan Hoyland, Douglas Stebila , Thom Wiggers
PDF Cite Project DOI
KEMTLS with Delayed Forward Identity Protection in (Almost) a Single Round

The recent KEMTLS protocol (Schwabe, Stebila and Wiggers,CCS’20) is a promising design for a quantum-safe TLS handshake protocol. …

Felix Günther, Simon Rastikian, Patrick Towa, Thom Wiggers
Preprint Cite Project DOI
Invited Lecture: TLS and Post-Quantum (Applied Cryptography, Radboud University)
Invited lecture about TLS, its history and making TLS post quantum. I also discuss KEMTLS.
2022-06-01 10:30 — 12:15 HG00.062
Thom Wiggers
Slides
Implementing and Measuring KEMTLS
KEMTLS (CCS 2020) is a novel alternative to the Transport Layer Security (TLS) handshake that integrates post-quantum algorithms. It …
Sofía Celi , Armando Faz-Hernández, Nick Sullivan, Goutam Tamvada, Luke Valenta, Bas Westerbaan, Thom Wiggers, Christopher Wood
Preprint PDF Cite Project DOI
More efficient post-quantum KEMTLS with pre-distributed public keys
We make KEMTLS more efficient in scenarios where the client already has the server’s long-term public key, for example through caching or because it’s pre-installed.
Preprint PDF Cite Project DOI