Post-quantum Cryptography and running experiments with it at Cloudflare

Because quantum cats have 7 lives

Today, I’m speaking at Cloudflare CFTV (Cloudflare TV), with my colleague Armando Faz Hernández. This is very exciting as the talks given there are always of an extremely good quality. This is happening as part of my ongoing work with Cloudflare where I have been part of many amazing projects since I started some months ago (see this tweet for an idea). The talk will be around the state of post-quantum cryptography and will be in Spanish (which is something you don’t see around at cryptography talks). But, most excitingly, we will be talking about an ongoing experiment we are running at Cloudflare: Post-quantum KEMs in TLS 1.3.

So, what is the PQ KEM TLS experiment? Basically, it is an experiment that will run on Cloudflare to gather measurements on using PQ KEMs as part of a TLS 1.3 connection. A KEM, in this case, is a Key Encapsulation Mechanism used to achieve server and/or client authentication without the usage of digital signatures. This is due to the fact that signatures in a post-quantum setting have larger sizes than the alternative KEMs. Part of the experiment is also making as few changes as possible to the TLS 1.3 handshake. As we are unable to make changes to Certificate Authorities at the moment, we will be using Delegated Credentials as an alternative. KEM TLS achieves, therefore, a TLS handshake that provides full post-quantum security. We will be presenting this work at Real World Crypto 2021.

On the talk, we will give an overview of the experiment and we will also discuss what post-quantum cryptography is and came to be.

I’ll leave some additional resources:

What is Post-Quantum Cryptography?

• Post-quantum cryptography with Tanja Lange: Barry Fitzgerald speaks with Tanja Lange.
• PQCHacks by Daniel Bernstein and Tanja Lange.
• The year in post-quantum crypto by Daniel Bernstein and Tanja Lange.

The flavors of Post-Quantum Cryptography

• Code-Based Cryptography by Tanja Lange.
• Lattice Hacks by Daniel Bernstein, Tanja Lange and Nadia Heninger.
• Lattice-based cryptography by Phong Nguyen.
• Hashed-based signatures by Andreas Hülsing.
• Isogeny-based cryptography: past, present, and future by David Jao.
• State of Art of MPKC by Jintai Ding.
• Supersingular isogeny key exchange for beginners by Craig Costello.

NIST Competition

• Round 3 Submissions.

Experiments

• Measuring TLS key exchange with post-quantum KEM by Krzysztof Kwiatkowski, Nick Sullivan, Adam Langley, Dave Levin, Alan Mislove.

PQ KEM TLS

• The paper: Post-Quantum TLS Without Handshake Signatures by Peter Schwabe, Douglas Stebila and Thom Wiggers.
• Episode at CryptographyFM: Post-Quantum TLS With KEMs Instead of Signatures! by Douglas Stebila and Thom Wiggers.