Hi TLS-wg and PQUIP-rg,
Recently, I have computed the sizes and measured the performance of
post-quantum TLS (both PQ key exchange and post-quantum authentication). In
these experiments, I have examined combinations of Kyber, Dilithium,
Falcon, SPHINCS+-(sf), HQC, and XMSS. The experiments include
On Sunday, 25 June 2023 19:45:53 CEST, Soni L. wrote:
Pure-python forbids using the cryptography package. Only python
code and the python stdlib are allowed. The fact that TLS uses
AES at all means it might be possible to trick the python ssl
module to do arbitrary AES, with some effort.
At t
Hi Thom,
I infer - though it is not explicit - that this experiment is based on the
assumption that KEM-TLS is used, rather than a simpler integration. Can you
comment on what you see as the relative impact of that difference?
On Mon, Jun 26, 2023, at 21:48, Thom Wiggers wrote:
> Hi TLS-wg and
Hi Martin,
I’m not the author of the note but, as far as I understand, it is not at all
about KEMTLS. The experiments use NIST submitted PQC KEM algorithms for the key
exchange and NIST submitted Signature algorithms for authentication. Not sure
if I would call this a “simpler integration” (as
