Publications

0

Peer-Reviewed
Papers

0

Further NIST PQC
Submissions

0

NIST PQC Standards
Co-Authored

0

Patents in
Process

0

Mature Products
Developed

0

Best Paper
Awards

SPOTLIGHT PUBLICATION | 27/03/2025

Episode 2: The Quantum-Safe Playbook: How Signal Protected Billions with a Lean Team

Quantum risk is a business risk—and Signal Messenger isn’t waiting for quantum computers to arrive. In this episode of Shielded: The Last Line of Cyber Defense, Johannes Lintzen welcomes Rolfe Schmidt, Research Engineer at Signal Messenger, to explore how one of the world's most privacy-focused messaging platforms implemented post-quantum cryptography—even with a lean team.

Formal Verification – why does it matter for PQC?

Formal verification has become increasingly important in the realm of cryptographic primitives, which serve as the foundational elements of secure communication systems. As cryptographic algorithms underpin the confidentiality, integrity, and authenticity of digital information, any flaw in their implementation can lead to catastrophic security breaches.

Episode 1: Inside Cloudflare’s Post-Quantum Journey: Bas Westerbaan on Real-World Implementation

Is your organization truly prepared for the post-quantum era? In the premier episode of Shielded: The Last Line of Cyber Defense, host Johannes Lintzen is joined by Bas Westerbaan, Research Engineer at Cloudflare, to discuss why organizations must act now on post-quantum cryptography, how to navigate the two-phase migration process, and how to overcome key management, compliance, and performance challenges.

Filter by:

WrapQ: Side-Channel Secure Key Management for Post-quantum Cryptography

In this work, we study key handling techniques used in real-life secure Kyber and Dilithium hardware. We describe WrapQ, a masking-friendly key-wrapping mechanism designed for lattice cryptography.

Bingo: Adaptivity and Asynchrony in Verifiable Secret Sharing and Distributed Key Generation

We present Bingo, an adaptively secure and optimally resilient packed asynchronous verifiable secret sharing (PAVSS) protocol.

Fully Adaptive Schnorr Threshold Signatures

We prove adaptive security of a simple three-round threshold Schnorr signature scheme, which we call Sparkle+.

Snowblind: A Threshold Blind Signature in Pairing-Free Groups

Both threshold and blind signatures have, individually, received a considerable amount of attention. However little is known about their combination.

CSI-Otter: Isogeny-Based (Partially) Blind Signatures from the Class Group Action with a Twist

In this paper, we construct the first provably-secure isogeny-based (partially) blind signature scheme.

Finding Short Integer Solutions When the Modulus Is Small

We present cryptanalysis of the inhomogenous short integer solution problem for anomalously small moduli q by exploiting the geometry of BKZ reduced bases of q-ary lattices.

TLS → Post-Quantum TLS: Inspecting the TLS landscape for PQC adoption on Android

We need to better understand the constraints and requirements of TLS usage by Android apps in order to make an informed decision for migration to the post-quantum world.

High-Order Masking of Lattice Signatures in Quasilinear Time

We design a lattice-based signature scheme specifically for side-channel resistance and optimize the masked efficiency as a function of the number of shares.

Cryptography Modernization Part 1: Where is your Cryptography?

A plain english guide to help you get ready to comply with the new cryptography standards.

Signature for Objects: Formalizing How to Authenticate Physical Data and More

This paper proposes a new concept called signatures for objects to guarantee the integrity of objects cryptographically.

A Key-Recovery Attack Against Mitaka in the t-Probing Model

We uncover a flaw in the security proof of MITAKA, and subsequently show that it is not secure in the t-probing model.

Zero-Knowledge Arguments for Subverted RSA Groups

This work investigates zero-knowledge protocols in subverted RSA groups where the prover can choose the modulus and where the verifier does not know the group order.