Publications

Recent efforts to transition secure messaging to post-quantum standards, like Apple’s PQ3 and Signal’s updated Triple Ratchet, have introduced complex design trade-offs due to the high communication overhead of post-quantum cryptography. This paper introduces a pragmatic metric and experimental framework to compare these protocols, revealing that no "optimal" protocol exists when balancing security against real-world bandwidth constraints. Additionally, the authors propose a new optimization called "opportunistic sending" and a building block termed "sparse continuous key agreement" to improve protocol efficiency.

This special episode of Shielded brings together experts from cryptography, security architecture, and risk to explain what comes next. The conversation clarifies that security can no longer rely on fixed algorithms or one-time upgrades.

This paper enhances subversion-resilient Authenticated Key Exchange (AKE) by using "Reverse Firewalls" to protect protocols against tampered implementations. Key contributions include Flexible Security Framework - a new definition that focuses on restoring specific security properties (authentication and key security) across various levels of compromise, Post-Quantum Readiness: the introduction of re-randomizable Key Encapsulation Mechanisms (KEMs), with implementations based on both Diffie-Hellman and Kyber, and Formal Verification - rigorous validation of the protocol using both traditional computational proofs and the CryptoVerif formal prover.

In this episode of Shielded Jo Lintzen speaks with Sofia Celi, Senior Cryptography and Security Researcher at Brave, co-author of the MAYO signature scheme, and co-chair of an IETF working group driving global PQC standards.

In this episode of Shielded, Jo Lintzen speaks with Kevin Reifsteck, Director for Critical Infrastructure Protection at Microsoft, about how governments and global enterprises can turn quantum-safe readiness from policy into practice.

The document describes how PQShield's PQCryptoLib-SDK integrates with Nexus Certificate Manager (CM), Nexus's PKI platform, to create a post-quantum ready certificate management and VPN solution.

In this episode of Shielded, Jo Lintzen speaks with Kevin Reifsteck, Director for Critical Infrastructure Protection at Microsoft, about how governments and global enterprises can turn quantum-safe readiness from policy into practice.

Our CSO Ben Packman speaking at Web Summit, Lisbon November 12:05-12:25 on – "Quantum crossroads: Opportunity and risk in the next computing era."

How can you prove a private conversation ever happened? In modern secure messaging, the goal is "deniability"—ensuring no one can cryptographically prove you sent a message. This vital privacy feature is core to protocols like Signal's X3DH, but achieving it in a fully post-quantum world has been a major roadblock. A promising path forward involves 'split-KEMs' (a method for establishing secret keys), but previous approaches were too inefficient to be adopted. Our latest research, Sparrow-KEM, solves this efficiency problem. It makes this approach a viable way to upgrade the Signal protocol, making it fully resistant to quantum attackers. The results represent a significant leap forward...

Hardware defines trust. If its cryptography fails, no amount of software protection can recover it. In this episode of Shielded, Jo Lintzen speaks with Thalia Laing, Principal Cryptographer at HP.

In this episode of Shielded, Jo Lintzen speaks with Dr. Richard Searle, Chief AI Officer at Fortanix, about how confidential computing and a software-first model accelerate the shift to post-quantum cryptography.

PQShield and Quantinuum have developed a joint solution, combining Quantum Origin’s mathematically-proven Quantum Random Number Generation (QRNG) with PQShield’s FIPS-140-3-validated post-quantum cryptographic library.