key-encapsulation mechanisms
We present an alternative to TLS 1.3, by authenticating using only Key-Encapsulation Mechanisms.
This allows us to get rid of handshake signatures, as post-quantum signature schemes are expensive,
both in bytes and computation times.
We investigate getting rid of signatures in TLS