Post-Quantum TLS without handshake signatures
We present an alternative to TLS 1.3, by authenticating using only Key-Encapsulation Mechanisms. This allows us to get rid of handshake signatures, as post-quantum signature …
Peter Schwabe
•
•
1 min read
Rephrasing TLS key exchange in terms of KEMs
In the RFC for TLS 1.3 (RFC8446) especially, the key exchange is defined in terms of (EC)DH key shares being exchanged. This limits us to algorithms which support non-interactive …
Using (post-quantum) KEMs in TLS 1.3
The new TLS 1.3 standard \[1\] does not yet provide any support for post-quantum algorithms. In this blog post we’ll be talking about how we could negotiate a post-quantum key …