A tale of two models: Formal analysis of KEMTLS in Tamarin
A tale of two models: Formal analysis of KEMTLS in Tamarin Sofia Celi, Jonathan Hoyland, Douglas Stebila and me. Once upon a time... Observation: PQ signatures are quite big and/or …
A tale of two models: formal verification of KEMTLS in Tamarin
We prove the security of KEMTLS in two Tamarin models. One mode is based on the Cremers et al. model of TLS 1.3; the other closely resembles our pen-and-paper proofs. These models …
Sofía Celi
KEMTLS with Delayed Forward Identity Protection in (Almost) a Single Round
The recent KEMTLS protocol (Schwabe, Stebila and Wiggers,CCS’20) is a promising design for a quantum-safe TLS handshake protocol. Focused on the web setting, wherein clients learn …
felix-gunther
Invited Lecture: TLS and Post-Quantum (Applied Cryptography, Radboud University)
Invited lecture about TLS, its history and making TLS post quantum. I also discuss KEMTLS.
Implementing and Measuring KEMTLS
KEMTLS (CCS 2020) is a novel alternative to the Transport Layer Security (TLS) handshake that integrates post-quantum algorithms. It uses a key encapsulation mechanism (KEM) for …
Sofía Celi
Verifying Post Quantum Signatures in 8kB of RAM
In this paper, we study implementations of post-quantum signature schemes on resource-constrained devices. We focus on verification of signatures and cover NIST PQC round-3 …
ruben-gonzalez
KEMTLS: securing TLS connections from quantum adversaries
Talk about KEMTLS on Cloudflare TV
Post-Quantum TLS without handshake signatures at RWC 2021
Talk about Post-Quantum TLS without Handshake Signatures at RWC 2021 (virtual).
Post-Quantum TLS without handshake signatures
Conference talk about Post-Quantum TLS without Handshake Signatures at ACM CCS (virtual).
Post-Quantum TLS without handshake signatures
Talk about Post-Quantum TLS without Handshake Signatures at the Lorentz Workshop (virtual)