Publications

This Brief explains how PQShield PQMicroLib-Core enables a pure-software, OTA-deployable transition to Post-Quantum Secure Boot. PQShield’s ultra-small cryptographic library, PQMicroLib-Core is specifically designed to add quantum resilience to early boot and ROM stages. Read more.

This Brief explains how PQShield delivers a standards-based drop-in PQC TLS stack built on PQMicroLib-Core (PQC algorithms), PSA Crypto APIs (portable and interoperable abstraction) and MbedTLS (TLS protocol layer and certificate management). Read more.

This Brief explains how PQShield delivers DPA-protected solutions to defend long-lived PQC secrets against physical attacks. PQMicroLib-Core Edge Grade is designed for exposed, embedded environments. Read more.

In this episode of Shielded, Jo Lintzen speaks with two experts at Mobile World Conference in Barcelona. Amidst the buzz of the industry being in one place, they discuss the security landscape in the AI era.

In this episode of Shielded we speak with Stefan Kölbl, an information security engineer at Google, about what it actually takes to migrate cryptography across complex global systems at scale.

This is paper is concerned with the theoretical basis of lattice-based cryptography, clarifying how “easy” distinguishing attacks relate to “hard” search attacks used in security proofs.

In this episode of Shielded, Jo speaks to Darren Bender, a US litigation attorney and Chief Litigation Officer in the post-quantum cryptography sector.

In this paper, we present a simpler, more efficient way to create a secure, quantum-resistant shared "vault" (a threshold KEM) without using overly complex or slow mathematical tools. It's achieved by combining established cryptographic frameworks with a new, proven mathematical assumption called Coset-Hint-MLWE. The result is a highly secure system that is easier to implement and more practical for real-world use than previous versions.

Recent efforts to transition secure messaging to post-quantum standards, like Apple’s PQ3 and Signal’s updated Triple Ratchet, have introduced complex design trade-offs due to the high communication overhead of post-quantum cryptography. This paper introduces a pragmatic metric and experimental framework to compare these protocols, revealing that no "optimal" protocol exists when balancing security against real-world bandwidth constraints. Additionally, the authors propose a new optimization called "opportunistic sending" and a building block termed "sparse continuous key agreement" to improve protocol efficiency.

This special episode of Shielded brings together experts from cryptography, security architecture, and risk to explain what comes next. The conversation clarifies that security can no longer rely on fixed algorithms or one-time upgrades.

This paper enhances subversion-resilient Authenticated Key Exchange (AKE) by using "Reverse Firewalls" to protect protocols against tampered implementations. Key contributions include Flexible Security Framework - a new definition that focuses on restoring specific security properties (authentication and key security) across various levels of compromise, Post-Quantum Readiness: the introduction of re-randomizable Key Encapsulation Mechanisms (KEMs), with implementations based on both Diffie-Hellman and Kyber, and Formal Verification - rigorous validation of the protocol using both traditional computational proofs and the CryptoVerif formal prover.