KEMTLS

A tale of two models: formal analysis of KEMTLS in Tamarin

Conference presentation of our KEMTLS formal analysis paper at ESORICS 2022

2022-09-27 15:00 — 15:20 DGI Byen CPH Conference Center

Thom Wiggers

A tale of two models: Formal analysis of KEMTLS in Tamarin

A tale of two models: Formal analysis of KEMTLS in Tamarin Sofía Celi, Jonathan Hoyland, Douglas Stebila and Thom Wiggers. Once upon a time... Observation: PQ signatures are quite big and/or slow Idea: Use KEMs for authentication Proposal: KEMTLS KEMTLS sequenceDiagram Client->>+Server: ClientHello: ephemeral kex Server->>-Client: ServerHello: ephemeral kex Server->>+Client: Certificate: static KEM pk Client->>-Server: Ciphertext Client->>Server: ClientFinished rect rgba(0, 0, 0, 0) Client-->>Server: Application Data end Server->>Client: ServerFinished Server-->>Client: Application Data sequenceDiagram Client->>+Server: ClientHello: ephemeral kex Server->>-Client: ServerHello: ephemeral kex Server->>+Client: Certificate: static KEM pk Client->>-Server: Ciphertext Client->>Server: ClientFinished rect pink Client-->>Server: Application Data end Server->>Client: ServerFinished Server-->>Client: Application Data Ephemeral KEM key exchange KEM public key in certificate Avoid extra round-trip by letting client send data immediately KEMTLS variants Mutual authentication What if the client already knows the server's public key?

Thom Wiggers

Last updated on 2022-09-27 research

A tale of two models: formalizing KEMTLS in Tamarin

We prove the security of KEMTLS in two Tamarin models. One mode is based on the Cremers et al. model of TLS 1.3; the other closely resembles our pen-and-paper proofs. These models allow us to analyse KEMTLS, and its extension KEMTLS-PDK from different angles.

Sofía Celi , Jonathan Hoyland, Douglas Stebila , Thom Wiggers

KEMTLS with Delayed Forward Identity Protection in (Almost) a Single Round

The recent KEMTLS protocol (Schwabe, Stebila and Wiggers,CCS’20) is a promising design for a quantum-safe TLS handshake protocol. …

Felix Günther, Simon Rastikian, Patrick Towa, Thom Wiggers

Invited Lecture: TLS and Post-Quantum (Applied Cryptography, Radboud University)

Invited lecture about TLS, its history and making TLS post quantum. I also discuss KEMTLS.

2022-06-01 10:30 — 12:15 HG00.062

Thom Wiggers

Implementing and Measuring KEMTLS

KEMTLS (CCS 2020) is a novel alternative to the Transport Layer Security (TLS) handshake that integrates post-quantum algorithms. It …

Sofía Celi , Armando Faz-Hernández, Nick Sullivan, Goutam Tamvada, Luke Valenta, Bas Westerbaan, Thom Wiggers, Christopher Wood

More efficient post-quantum KEMTLS with pre-distributed public keys

We make KEMTLS more efficient in scenarios where the client already has the server’s long-term public key, for example through caching or because it’s pre-installed.

Peter Schwabe , Douglas Stebila , Thom Wiggers

KEMTLS: securing TLS connections from quantum adversaries

Talk about KEMTLS on Cloudflare TV

2021-03-29 14:00 — 14:30 Virtual

Thom Wiggers, Sofía Celi

Post-Quantum TLS without handshake signatures at RWC 2021

Talk about Post-Quantum TLS without Handshake Signatures at RWC 2021 (virtual).

2021-01-11 18:15 Virtual

Thom Wiggers, Sofía Celi

Post-Quantum TLS without handshake signatures

Conference talk about Post-Quantum TLS without Handshake Signatures at ACM CCS (virtual).

2020-11-09 — 2020-11-13 Virtual

Thom Wiggers