{"id":21107546,"url":"https://github.com/thomwiggers/kemtls-experiment","last_synced_at":"2025-07-08T16:31:43.131Z","repository":{"id":39993893,"uuid":"257853234","full_name":"thomwiggers/kemtls-experiment","owner":"thomwiggers","description":"Experimental implementation of KEMTLS in Rustls","archived":false,"fork":false,"pushed_at":"2023-11-16T13:34:03.000Z","size":231,"stargazers_count":21,"open_issues_count":1,"forks_count":10,"subscribers_count":5,"default_branch":"thesis","last_synced_at":"2023-11-17T11:45:03.299Z","etag":null,"topics":["cryptography","kemtls","post-quantum","post-quantum-tls","rustls","tls"],"latest_commit_sha":null,"homepage":"https://wggrs.nl/p/kemtls/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thomwiggers.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":"CITATION.bib","codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2020-04-22T09:26:17.000Z","updated_at":"2023-11-17T11:45:03.299Z","dependencies_parsed_at":"2023-11-16T11:41:14.028Z","dependency_job_id":"2b2d6e89-ae3e-4e5c-aed2-510e05d9564a","html_url":"https://github.com/thomwiggers/kemtls-experiment","commit_stats":null,"previous_names":[],"tags_count":2,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomwiggers%2Fkemtls-experiment","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomwiggers%2Fkemtls-experiment/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomwiggers%2Fkemtls-experiment/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thomwiggers%2Fkemtls-experiment/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thomwiggers","download_url":"https://codeload.github.com/thomwiggers/kemtls-experiment/tar.gz/refs/heads/thesis","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225449670,"owners_count":17476095,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","kemtls","post-quantum","post-quantum-tls","rustls","tls"],"created_at":"2024-11-20T00:40:40.745Z","updated_at":"2024-11-20T00:40:41.326Z","avatar_url":"https://github.com/thomwiggers.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Post-Quantum TLS without handshake signatures\n\nThis repository accompanies\n\n* Peter Schwabe, Douglas Stebila and Thom Wiggers. **More efficient KEMTLS with pre-distributed public keys.** ESORICS 2021.\n* Peter Schwabe, Douglas Stebila and Thom Wiggers. **Post-quantum TLS without handshake signatures.** ACM CCS 2020.\n* Peter Schwabe, Douglas Stebila and Thom Wiggers. **More efficient KEMTLS with pre-distributed public keys.** IACR Cryptology ePrint Archive, Report 2021/779. Updated online version. March 2022.\n* Peter Schwabe, Douglas Stebila and Thom Wiggers. **Post-quantum TLS without handshake signatures.** IACR Cryptology ePrint Archive, Report 2020/534. Updated online version. March 2022.\n* Fabio Campos, Jorge Chavez-Saab, Jesús-Javier Chi-Domínguez, Michael Meyer, Krijn Reijnders, Francisco Rodríguez-Henríquez, Peter Schwabe, Thom Wiggers. **Optimizations and Practicality of High-Security CSIDH.** IACR Cryptology ePrint Archive, Report 2023/793. October 2023.\n* Thom Wiggers. **Post-Quantum TLS**. PhD thesis, January 2024.\n\n```bibtex\n@inproceedings{CCS:SchSteWig20,\n  author = {Schwabe, Peter and Stebila, Douglas and Wiggers, Thom},\n  title = {Post-Quantum {TLS} Without Handshake Signatures},\n  year = {2020},\n  isbn = {9781450370899},\n  publisher = {Association for Computing Machinery},\n  address = {New York, {NY}, {USA}},\n  url = {https://thomwiggers.nl/publication/kemtls/},\n  doi = {10.1145/3372297.3423350},\n  booktitle = {Proceedings of the 2020 {ACM} {SIGSAC} Conference on Computer and Communications Security},\n  pages = {1461–1480},\n  numpages = {20},\n  keywords = {transport layer security, key-encapsulation mechanism, {NIST PQC}, post-quantum cryptography},\n  location = {Virtual Event, {USA}},\n  series = {{CCS '20}}\n}\n\n@misc{EPRINT:SchSteWig20,\n  author = {Peter Schwabe and Douglas Stebila and Thom Wiggers},\n  title = {Post-quantum {TLS} without handshake signatures},\n  year = 2022,\n  month = mar,\n  note = {full online version},\n  url = {https://ia.cr/2020/534},\n}\n\n@inproceedings{ESORICS:SchSteWig21,\n  title = {More efficient post-quantum {KEMTLS} with pre-distributed public keys},\n  author = {Peter Schwabe and Douglas Stebila and Thom Wiggers},\n  year = 2021,\n  month = sep,\n  url = {https://thomwiggers.nl/publication/kemtlspdk/},\n  editor = {Bertino, Elisa and Shulman, Haya and Waidner, Michael},\n  booktitle = {Computer Security -- ESORICS 2021},\n  series = {Lecture Notes in Computer Science},\n  publisher = {Springer International Publishing},\n  address = {Cham},\n  pages = {3--22},\n  isbn = {978-3-030-88418-5},\n  doi = {10.1007/978-3-030-88418-5_1},\n}\n\n@misc{EPRINT:SchSteWig21,\n      author = {Peter Schwabe and Douglas Stebila and Thom Wiggers},\n      title = {More efficient post-quantum {KEMTLS} with pre-distributed public keys},\n      howpublished = {Cryptology ePrint Archive, Paper 2021/779},\n      year = {2022},\n      month = mar,\n      note = {full online version},\n      url = {https://eprint.iacr.org/2021/779}\n}\n\n@misc{EPRINT:CCCMRRSW23,\n      author = {Fabio Campos and Jorge Chavez-Saab and Jesús-Javier Chi-Domínguez and Michael Meyer and Krijn Reijnders and Francisco Rodríguez-Henríquez and Peter Schwabe and Thom Wiggers},\n      title = {Optimizations and Practicality of High-Security {CSIDH}},\n      howpublished = {Cryptology ePrint Archive, Paper 2023/793},\n      year = {2023},\n      url = {https://eprint.iacr.org/2023/793}\n}\n\n@phdthesis{RU:Wiggers24,\n    title = {Post-Quantum {TLS}},\n    author = {Thom Wiggers},\n    date = {2024-01-09},\n    school = {Radboud University},\n    address = {Nijmegen, The Netherlands},\n    url = {https://thomwiggers.nl/publication/thesis/}\n}\n\n```\n\n## Overview of this repository\n\nThe below are all [git submodules](https://git-scm.com/book/en/v2/Git-Tools-Submodules).\nIf you want to make a fork of this repository, you will need to also fork the relevant submodules and update your `.gitmodules`.\nSee also the notes below.\n\n### Main folders\n\n* ``rustls``: modified Rustls TLS stack to implement KEMTLS and post-quantum versions of \"normal\" TLS 1.3\n* ``measuring``: The scripts to measure the above\n* ``ring``: Modified version of Ring to allow for longer DER-encoded strings than typically expected from TLS instances.\n* ``webpki``: Modified version of WebPKI to work with PQ and KEM public keys in certificates\n* ``mk-cert``: Utility scripts to create post-quantum PKI for pqtls and KEMTLS.\n\n### Supporting repositories\n\n* [``oqs-rs``][]: Rust wrapper around ``liboqs``. Contains additional implementations of schemes (notably AVX2 implementations).\n* ``mk-cert/xmss-rs``: Rust wrapper around the XMSS reference code, with our custom parameter set (``src/settings.rs``) and utilities for keygen and signing.\n\n[``oqs-rs``]: https://github.com/open-quantum-safe/liboqs-rust\n\n## Working with this repository\n\n* **MAKE SURE TO CLONE WITH __ALL__ SUBMODULES**. There are submodules _within_ submodules, so clone with ``--recurse-submodules``.\n* If you want to make a fork of this repository, you will need to also fork the relevant submodules and update your `.gitmodules`.\n* The Dockerfile serves as an example of how everything can be compiled and how test setups can be created.\n   It is used by the ``./measuring/script/create-experimental-setup.sh`` script, which serves as an example of its use.\n* The `mk-certs` folder contains a python script, `encoder.py`, that can be used to create the required PKI.\n   RSA certificates and X25519 certificates are available in subfolders.\n   The certificates assume that the server hostname is ``servername``, so put this in your `/etc/hosts`.\n   Alternatively, override it using the environment variables in the file (which is also how you set which algorithms are used).\n* Experimenting with ``rustls`` can be done directly; use the ``rustls-mio`` subfolders\n   and run ``cargo run --example tlsserver -- --help`` or ``cargo run --example tlsclient -- --help``.\n* The measurement setup is handled in the `measuring/` folder. See the `./run_experiment.sh` script.\n* Processing of results is done by the `./scripts/process.py` folder. It expects a `data` folder as produced by `./scripts/experiment.py`.\n* Downloading archived results can be done through the scripts in ``measuring/archived-results/``\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthomwiggers%2Fkemtls-experiment","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthomwiggers%2Fkemtls-experiment","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthomwiggers%2Fkemtls-experiment/lists"}