KEMTLS

TLS → Post-Quantum TLS: Inspecting the TLS landscape for PQC adoption on Android

The ubiquitous use of smartphones has contributed to more and more users conducting their online browsing activities through apps, …

Dimitri Mankowski, Thom Wiggers, Veelasha Moonsamy

Post-Quantum TLS

Ph.D. thesis on post-quantum cryptography in TLS.

Thom Wiggers

KEMTLS vs. Post-Quantum TLS: Performance on Embedded Systems

Conference talk about our publication KEMTLS vs. Post-Quantum TLS: Performance on Embedded Systems at SPACE 2022

2022-12-11 11:30 — 12:00 LNMIIT Jaipur

Thom Wiggers

KEMTLS vs. Post-Quantum TLS: Performance on Embedded Systems

We investigate the performance of KEMTLS and PQ instantiations of TLS 1.3 on embedded devices.

Ruben Gonzalez, Thom Wiggers

KEMTLS vs. Post-Quantum TLS: Performance on Embedded Systems

We investigate the performance of post-quantum TLS and KEMTLS clients in WolfSSL on embedded systems

Thom Wiggers

Last updated on 2022-12-10 research

A tale of two models: formal analysis of KEMTLS in Tamarin

Conference presentation of our KEMTLS formal analysis paper at ESORICS 2022

2022-09-27 15:00 — 15:20 DGI Byen CPH Conference Center

Thom Wiggers

A tale of two models: Formal analysis of KEMTLS in Tamarin

A tale of two models: Formal analysis of KEMTLS in Tamarin Sofía Celi, Jonathan Hoyland, Douglas Stebila and Thom Wiggers. Once upon a time... Observation: PQ signatures are quite big and/or slow Idea: Use KEMs for authentication Proposal: KEMTLS KEMTLS sequenceDiagram Client->>+Server: ClientHello: ephemeral kex Server->>-Client: ServerHello: ephemeral kex Server->>+Client: Certificate: static KEM pk Client->>-Server: Ciphertext Client->>Server: ClientFinished rect rgba(0, 0, 0, 0) Client-->>Server: Application Data end Server->>Client: ServerFinished Server-->>Client: Application Data sequenceDiagram Client->>+Server: ClientHello: ephemeral kex Server->>-Client: ServerHello: ephemeral kex Server->>+Client: Certificate: static KEM pk Client->>-Server: Ciphertext Client->>Server: ClientFinished rect pink Client-->>Server: Application Data end Server->>Client: ServerFinished Server-->>Client: Application Data Ephemeral KEM key exchange KEM public key in certificate Avoid extra round-trip by letting client send data immediately KEMTLS variants Mutual authentication What if the client already knows the server's public key?

Thom Wiggers

Last updated on 2022-09-27 research

A tale of two models: formal verification of KEMTLS in Tamarin

We prove the security of KEMTLS in two Tamarin models. One mode is based on the Cremers et al. model of TLS 1.3; the other closely resembles our pen-and-paper proofs. These models allow us to analyse KEMTLS, and its extension KEMTLS-PDK from different angles.

Sofía Celi , Jonathan Hoyland, Douglas Stebila , Thom Wiggers

KEMTLS with Delayed Forward Identity Protection in (Almost) a Single Round

The recent KEMTLS protocol (Schwabe, Stebila and Wiggers,CCS’20) is a promising design for a quantum-safe TLS handshake protocol. …

Felix Günther, Simon Rastikian, Patrick Towa, Thom Wiggers

Invited Lecture: TLS and Post-Quantum (Applied Cryptography, Radboud University)

Invited lecture about TLS, its history and making TLS post quantum. I also discuss KEMTLS.

2022-06-01 10:30 — 12:15 HG00.062

Thom Wiggers