Paper 2021/1019

Implementing and Measuring KEMTLS

Sofía Celi, Armando Faz-Hernández, Nick Sullivan, Goutam Tamvada, Luke Valenta, Thom Wiggers, Bas Westerbaan, and Christopher A. Wood


KEMTLS is a novel alternative to the Transport Layer Security (TLS) handshake that integrates post-quantum algorithms. It uses key encapsulation mechanisms (KEMs) for both confidentiality and authentication, achieving post-quantum security while obviating the need for expensive post-quantum signatures. The original KEMTLS paper presents a security analysis, Rust implementation, and benchmarks over emulated networks. In this work, we provide full Go implementations of KEMTLS and other post-quantum handshake alternatives, describe their integration into a distributed system, and provide performance evaluations over real network conditions. We compare the standard (nonquantum-resistant) TLS 1.3 handshake with three alternatives: one that uses post-quantum signatures in combination with post-quantum KEMs (PQTLS), one that uses KEMTLS, and one that is a reduced round trip version of KEMTLS (KEMTLS-PDK). In addition to the performance evaluations, we discuss how the design of these protocols impacts TLS from an implementation and configuration perspective.

Available format(s)
Publication info
Published elsewhere. Minor revision.Latincrypt2021
Post-Quantum CryptographyKEMTLSTransport Layer SecurityCryptographic Engineering
Contact author(s)
sceli @ cloudflare com
cherenkov @ riseup net
2021-08-06: received
Short URL
Creative Commons Attribution


      author = {Sofía Celi and Armando Faz-Hernández and Nick Sullivan and Goutam Tamvada and Luke Valenta and Thom Wiggers and Bas Westerbaan and Christopher A.  Wood},
      title = {Implementing and Measuring KEMTLS},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1019},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.