Standardizing KEMTLS
Post-quantum TLS without handshake signatures
KEMTLS is a recent academic proposal for an alternative way of adding authentication to the Transport Layer Security (TLS) protocol. The project is motivated by the need to migrate public key cryptography to new algorithms that resist attacks by quantum computers. Compared to traditional cryptography, post-quantum signature schemes generally have larger public keys and/or signatures, and need more computational effort. KEMTLS, published at the ACM Computer and Communications Security Conference in 2020, replaces signature-based authentication for web servers with a post-quantum key exchange (called a KEM) in a way that saves communication and computation.
In this project we aim to prepare KEMTLS for standardization by the Internet Engineering Task Force (IETF). To that end we will implement KEMTLS in a few different open source TLS software libraries and demonstrate the viability and interoperability of these implementations. This software will assist later implementers of KEMTLS by allowing to validate their implementations against our reference. We will also investigate optimizations for using KEMTLS in specialized environments like IoT, and will investigate issues involving certification of KEM keys.
- The project's own website: https://kemtls.org
Run by Max Planck Institute for Security and Privacy
This project was funded through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 957073.
