Using Key Encapsulation Mechanisms for Authentication
Using Key Encapsulation Mechanisms for Authentication
In 2020, we proposed KEMTLS, an alternative for the TLS 1.3 handshake that uses implicit authentication via key encapsulation mechanisms, rather than explicit authentication using digital signatures. In the context of post-quantum cryptography, where KEMs typically have smaller communication than digital signature schemes, KEMTLS can save bandwidth, but is a substantial protocol change.
In this talk, I'll give an introduction to the KEMTLS protocol, and then discuss recent results around KEMTLS. These include: a version of KEMTLS that can take advantage of pre-distributed / out-of-band server public keys to reduce round trips in the client authentication setting; recent results on formal verification of KEMTLS using the Tamarin prover; and methods for efficiently and non-interactively proving possession of KEM keys to certificate authorities to enable a public key infrastructure for KEM public keys.
About the speaker
Associate Professor, University of Waterloo
Dr. Douglas Stebila is an Associate Professor of cryptography in the Department of Combinatorics & Optimization at the University of Waterloo. His research focuses on improving the security of Internet communications protocols and developing practical quantum-resistant cryptography. He is the leader of the Open Quantum Safe project, an open-source software project for prototyping and evaluating quantum-resistant cryptography. He holds an MSc from the University of Oxford and a PhD from the University of Waterloo.
Monash University values the privacy of every individual's personal information and is committed to the protection of that information from unauthorised use and disclosure except where permitted by law. For information about the handling of your personal information please see Data Protection and Privacy Procedure and the relevant Data Protection and Privacy Collection Statement that applies to you depending on the nature of your interaction with us.
If you have any questions about how Monash University is collecting and handling your personal information, please contact our Data Protection and Privacy Office at dataprotectionofficer@monash.edu.