We present KEMTLS, an alternative to the TLS 1.3 handshake that uses key-encapsulation
mechanisms (KEMs) instead of signatures for server authentication. Among existing post …

The first edition of this book was published in 2003. Inevitably, certain parts of the book
became outdated quickly. At the same time new developments have continued apace …

The key exchange protocol that establishes initial shared secrets in the handshake of the
Signal end-to-end encrypted messaging protocol has several important characteristics:(1) it …

An unresolved problem in research on authenticated key exchange (AKE) in the public-key
setting is to construct a secure protocol against advanced attacks such as key compromise …

Non-interactive key exchange (NIKE) is a fundamental but much-overlooked cryptographic
primitive. It appears as a major contribution in the ground-breaking paper of Diffie and …

Kyber is a key-encapsulation mechanism (KEM) that was recently selected by NIST in its
PQC standardization process; it is also the only scheme to be selected in the context of …

We provide the first mechanized post-quantum sound security protocol proofs. We achieve
this by developing PQ-BC, a computational first-order logic that is sound with respect to …

We show that it is possible to achieve perfect forward secrecy in two-message key exchange
(KE) protocols that satisfy even stronger security properties than provided by the extended …

This paper investigates anonymity of all NIST PQC Round 3 KEMs: Classic McEliece, Kyber,
NTRU, Saber, BIKE, FrodoKEM, HQC, NTRU Prime (Streamlined NTRU Prime and NTRU …

We present a symbolic framework, based on a modular operational semantics, for
formalizing different notions of compromise relevant for the design and analysis of …