The Signal protocol is a cryptographic messaging protocol that provides end-to-end
encryption for instant messaging in WhatsApp, Wire, and Facebook Messenger among …

We present KEMTLS, an alternative to the TLS 1.3 handshake that uses key-encapsulation
mechanisms (KEMs) instead of signatures for server authentication. Among existing post …

The TLS protocol is intended to enable secure end-to-end communication over insecure
networks, including the Internet. Unfortunately, this goal has been thwarted a number of …

TLS 1.3 is the next version of the Transport Layer Security (TLS) protocol. Its clean-slate
design is a reaction both to the increasing demand for low-latency HTTPS connections and …

The first edition of this book was published in 2003. Inevitably, certain parts of the book
became outdated quickly. At the same time new developments have continued apace …

We analyze the handshake protocol of the Transport Layer Security (TLS) protocol, version
1.3. We address both the full TLS 1.3 handshake (the one round-trip time mode, with …

A standard requirement for a signature scheme is that it is existentially unforgeable under
chosen message attacks (EUF-CMA), alongside other properties of interest such as strong …

TLS 1.3, the newest version of the Transport Layer Security (TLS) protocol, provides strong
authentication and confidentiality guarantees that have been comprehensively analyzed in a …

We consider the theoretically sound selection of cryptographic parameters, such as the size
of algebraic groups or RSA keys, for TLS 1.3 in practice. While prior works gave security …

DNS-over-HTTPS (DoH) is one major effort to protect DNS confidentiality and integrity,
which has been deployed by most of the popular browsers. However, we found this effort …