This repository accompanies
- Peter Schwabe, Douglas Stebila and Thom Wiggers. More efficient KEMTLS with pre-distributed public keys. ESORICS 2021.
- Peter Schwabe, Douglas Stebila and Thom Wiggers. Post-quantum TLS without handshake signatures. ACM CCS 2020.
- Peter Schwabe, Douglas Stebila and Thom Wiggers. More efficient KEMTLS with pre-distributed public keys. IACR Cryptology ePrint Archive, Report 2021/779. Updated online version. March 2022.
- Peter Schwabe, Douglas Stebila and Thom Wiggers. Post-quantum TLS without handshake signatures. IACR Cryptology ePrint Archive, Report 2020/534. Updated online version. March 2022.
- Fabio Campos, Jorge Chavez-Saab, Jesús-Javier Chi-Domínguez, Michael Meyer, Krijn Reijnders, Francisco Rodríguez-Henríquez, Peter Schwabe, Thom Wiggers. Optimizations and Practicality of High-Security CSIDH. IACR Cryptology ePrint Archive, Report 2023/793. October 2023.
- Thom Wiggers. Post-Quantum TLS. PhD thesis, January 2024.
@inproceedings{CCS:SchSteWig20,
author = {Schwabe, Peter and Stebila, Douglas and Wiggers, Thom},
title = {Post-Quantum {TLS} Without Handshake Signatures},
year = {2020},
isbn = {9781450370899},
publisher = {Association for Computing Machinery},
address = {New York, {NY}, {USA}},
url = {https://thomwiggers.nl/publication/kemtls/},
doi = {10.1145/3372297.3423350},
booktitle = {Proceedings of the 2020 {ACM} {SIGSAC} Conference on Computer and Communications Security},
pages = {1461–1480},
numpages = {20},
keywords = {transport layer security, key-encapsulation mechanism, {NIST PQC}, post-quantum cryptography},
location = {Virtual Event, {USA}},
series = {{CCS '20}}
}
@misc{EPRINT:SchSteWig20,
author = {Peter Schwabe and Douglas Stebila and Thom Wiggers},
title = {Post-quantum {TLS} without handshake signatures},
year = 2022,
month = mar,
note = {full online version},
url = {https://ia.cr/2020/534},
}
@inproceedings{ESORICS:SchSteWig21,
title = {More efficient post-quantum {KEMTLS} with pre-distributed public keys},
author = {Peter Schwabe and Douglas Stebila and Thom Wiggers},
year = 2021,
month = sep,
url = {https://thomwiggers.nl/publication/kemtlspdk/},
editor = {Bertino, Elisa and Shulman, Haya and Waidner, Michael},
booktitle = {Computer Security -- ESORICS 2021},
series = {Lecture Notes in Computer Science},
publisher = {Springer International Publishing},
address = {Cham},
pages = {3--22},
isbn = {978-3-030-88418-5},
doi = {10.1007/978-3-030-88418-5_1},
}
@misc{EPRINT:SchSteWig21,
author = {Peter Schwabe and Douglas Stebila and Thom Wiggers},
title = {More efficient post-quantum {KEMTLS} with pre-distributed public keys},
howpublished = {Cryptology ePrint Archive, Paper 2021/779},
year = {2022},
month = mar,
note = {full online version},
url = {https://eprint.iacr.org/2021/779}
}
@misc{EPRINT:CCCMRRSW23,
author = {Fabio Campos and Jorge Chavez-Saab and Jesús-Javier Chi-Domínguez and Michael Meyer and Krijn Reijnders and Francisco Rodríguez-Henríquez and Peter Schwabe and Thom Wiggers},
title = {Optimizations and Practicality of High-Security {CSIDH}},
howpublished = {Cryptology ePrint Archive, Paper 2023/793},
year = {2023},
url = {https://eprint.iacr.org/2023/793}
}
@phdthesis{RU:Wiggers24,
title = {Post-Quantum {TLS}},
author = {Thom Wiggers},
date = {2024-01-09},
school = {Radboud University},
address = {Nijmegen, The Netherlands},
url = {https://thomwiggers.nl/publication/thesis/}
}
The below are all git submodules.
If you want to make a fork of this repository, you will need to also fork the relevant submodules and update your .gitmodules.
See also the notes below.
rustls: modified Rustls TLS stack to implement KEMTLS and post-quantum versions of "normal" TLS 1.3measuring: The scripts to measure the abovering: Modified version of Ring to allow for longer DER-encoded strings than typically expected from TLS instances.webpki: Modified version of WebPKI to work with PQ and KEM public keys in certificatesmk-cert: Utility scripts to create post-quantum PKI for pqtls and KEMTLS.
oqs-rs: Rust wrapper aroundliboqs. Contains additional implementations of schemes (notably AVX2 implementations).mk-cert/xmss-rs: Rust wrapper around the XMSS reference code, with our custom parameter set (src/settings.rs) and utilities for keygen and signing.
- MAKE SURE TO CLONE WITH ALL SUBMODULES. There are submodules within submodules, so clone with
--recurse-submodules. - If you want to make a fork of this repository, you will need to also fork the relevant submodules and update your
.gitmodules. - The Dockerfile serves as an example of how everything can be compiled and how test setups can be created.
It is used by the
./measuring/script/create-experimental-setup.shscript, which serves as an example of its use. - The
mk-certsfolder contains a python script,encoder.py, that can be used to create the required PKI. RSA certificates and X25519 certificates are available in subfolders. The certificates assume that the server hostname isservername, so put this in your/etc/hosts. Alternatively, override it using the environment variables in the file (which is also how you set which algorithms are used). - Experimenting with
rustlscan be done directly; use therustls-miosubfolders and runcargo run --example tlsserver -- --helporcargo run --example tlsclient -- --help. - The measurement setup is handled in the
measuring/folder. See the./run_experiment.shscript. - Processing of results is done by the
./scripts/process.pyfolder. It expects adatafolder as produced by./scripts/experiment.py. - Downloading archived results can be done through the scripts in
measuring/archived-results/