Kris Kwiatkowski

Kris Kwiatkowski

Senior Cryptography Engineer

PQShield, LTD

Biography

Kris Kwiatkowski is a Cryptography Engineer who focuses on problems at the intersection of cryptographic research and the implementation. Currently, at PQShield, he is responsible for implementation of post-quantum cryptographic primitives and helping organizations migrate from classical to post-quantum cryptosystems. With a career spanning over 15 years, Kris worked on a variety of topics related to cryptography, communication and software security from small embedded systems to large, distributed backend systems.

Interests

  • Cryptographic Implementations
  • Post-Quantum cryptography
  • System Security
  • High performance computing
  • Software Engineering

Education

  • MSc in Pure Mathematics, 2006

    Poznan University of Technology, Poznań, Poland

  • Computer System Architecture & Design, 2007

    AGH University of Science and Technology, Kraków, Poland

Skills

C/C++

Golang

Cryptography

Parallel execution (SIMD)

Trusted Execution Environment

Linux

Experience

 
 
 
 
 

Senior Cryptography Engineer

PQShield

Dec 2019 – Present Oxford/Remote, UK

Working as a Cryptography Engineer responsible for software implementation of cryptographic primitives.

  • Supporting research by providing implementation of cryptographic schemes related to the usage of post-quantum cryptography in MLS protocol. Work has been accepted by two main cryptologic conferences - Asiacrypt2020 and PKC2021.
  • As a developer and team leader, I’ve successfully implemented of quantum-resistant VPN for the first customer of the company (Bosch) on theirs ARMv8-based embedded platform.
 
 
 
 
 

Cryptography Engineer

Cloudflare

Feb 2018 – Dec 2019 London, UK

Working as a Cryptography Engineer in Cloudflare’s Technology Research team. Most of the activities were around implementing improvements to the TLS stack as well as the implementation of Proof of Concepts in the area of post-quantum cryptography (isogeny based).

  • Together with Google I’ve implemented and put into production an update to TLS stack enabling post-quantum key exchange (SIKE). Results from this experimentation can be found at the company’s website
  • I’ve co-authored Golang cryptographic library called CIRCL (github).
 
 
 
 
 

Security Validation Engineer

Trustonic

Jun 2015 – Jan 2018 Sophia-Antipolis, FR & Cambridge, UK

I was part of the team working on an implementation of the Trusted Execution Environment (TEE) based on ARM TrustZone technology. My responsibility was the implementation of cryptographic components and security validation of various parts of the system.

  • Provided implementation of cryptographic API. This work was a part of the bigger project with a goal to implement TEE compliant with the GlobalPlatform specification (certificate).
  • Provided Trusted Execution Environment (TEE) based system authentication for Android devices (Gatekeeper). This work has is deployed on millions of Android devices (i.e. Samsung).
 
 
 
 
 

Freelancer

Among Bytes

Jun 2015 – Present Cambridge, UK
I provide various services in the area of software engineering.
 
 
 
 
 

Software Engineer

Amadeus

Jun 2008 – May 2015 Sophia-Antipolis, France

Responsible for maintaining and implementing various functionalities in the Amadeus core system security and communication framework (C++ based). Focusing mainly on security and stability of TLS connections, performance optimization, improvements to failure resilience of high-availability components.

  • PCI DSS certification - provided modifications to TLS connections to align usage of cryptographic algorithms with the PCI requirements.
  • Improved performance in a backend performing low-latency operations by modifying memory allocation strategy. Overall CPU consumption was reduced by ~20%, which reduced running costs as the backend was composed of a few hundred processes distributed over a server farm.
 
 
 
 
 

Project Manager

Tieto

Feb 2007 – May 2008 Wrocław, Poland
Managing teams developing PC software tools for Nokia/Symbian based mobile phones. Products were used in Nokia’s customer care centres for device reparation as well as end-users for firmware update. I’ve built a team of 20 developers and testers located in Poland, the Czech Republic and China working on multiple software projects for Nokia.
 
 
 
 
 

Software Engineer

BenQ

Dec 2005 – Feb 2007 Wrocław, Poland
C/C++ software developer. Member of a team that was developing diagnostic and recovery toolset for embedded, Qualcomm based mobile phone platform. Those tools were used for the design of the mobile phone platform by the BenQ/Siemens research centres.

Projects

OP-TEE ENGINE

Implementation of OpenSSL ENGINE for OpenVPN with key storage secured by ARM TrustZone

CIRCL

CIRCL is a collection of cryptographic primitives written in Go.

Recent & Upcoming Talks

Sep 14, 2022 2:30 PM — 3:00 PM Washington D.C., USA

Cryptographic interfaces for secure IoT devices

The interfaces exposed by popular cryptographic libraries are designed for general purpose computer. Those interfaces are not always suitable for constrain devices. In those devices, the secret key is often stored in the secure storage (secure element) and access to the raw key material is restricted. Namely, the application doesn’t have access to the key, but it is allowed only to perform operations with that key. Such use case changes the design of the cryptographic interface. Cryptographic interfaces designed by the GlobalPlatform (TEE Internal Core) or ARM (PSA Cryptographic API) are known to a limited audience, working on those specific topics. The goal of this presentation is to introduce the concept of handle-based cryptographic interfaces to the broader audience. The presentation mostly focuses on the design of PSA Cryptography interface. In the final part of the presentation, we will discuss changes to the PSA Cryptography interface that will be required for upcoming PQ standards.
Slides
May 23, 2022 4:20 PM — May 23, 2020 5:00 PM Brussels, Belgium

Implementing a FIPS-Certifiable Crypto Module for Post-Quantum TLS

During presentation author discusses concept and building blocks used while building cryptographic module supporting hybrid, quantum-safe TLS v1.3 key exchange. Author provides a recepie to make the construction FIPS-certifiable, even before post-quantum KEMs are FIPS-approved.
Slides
Kris Kwiatkowski
Nov 25, 2021 6:00 PM — 7:00 PM Virtual

Report on IETF and ETSI activities around Post-Quantum systems

GlobalPlatform monitors activities around post-quantum cryptography. NIST has published the PQC Round 3 “final” candidates. Following the ANSSI presentation, PQShield will present an update on IETF and ETSI CYBER activities, especially considering TLS 1.3, hybrid modes and schemes in the NIST PQC Round 3.
PDF
Kris Kwiatkowski
Nov 25, 2021 3:00 PM — 4:00 PM Virtual

Post-Quantum cryptography for C++ developers (in Polish)

The presentation introduces cryptographic libraries and tools useful during migration to next-gen cryptographic systems, resistant to potential attacks from quantum computers. Some basic concepts behind post-quantum cryptography are introduced during that presentation. The presentation was done in the Polish language, for the Polish Association of C++ programmers.
Slides Video
S. Katsumata, F. Pinotre, T. Prest, K. Kwiatkowski
Oct 22, 2020 11:30 AM — 11:18 PM Virtual

Ciphertext Compression Techniques for Post-Quantum KEMs

In this work, we first provide a simple and efficient generic construction of mKEM that can be instantiated from versatile assumptions, including post-quantum ones. We then study these mKEM instantiations at a practical level using 8 post-quantum KEMs and show that compared to the trivial solution, our mKEM offers savings of at least one order of magnitude in the bandwidth.
PDF Slides
See all talks

Publications

An Efficient and Generic Construction for Signal's Handshake (X3DH): Post-Quantum, State Leakage Secure, and Deniable

Signal-conforming, quantum resistant AKE protocol. PKC 2021.
Keitaro Hashimoto, Shuichi Katsumata, Kris Kwiatkowski, Thomas Prest
PDF Code

Scalable Ciphertext Compression Techniques for Post-Quantum KEMs and their Applications.

General framework for constructing multi-recipient KEMs from isogeny and lattice-based quantum-safe primitives. ASIACRYPT 2020.
Shuichi Katsumata, Kris Kwiatkowski, Federico Pintore, Thomas Prest
PDF Code

Measuring TLS key exchange with post-quantum KEM

Experimenting with real-world deployment and measurements of post-quantum key exchange in TLS
Adam Langley, Dave Levin, Kris Kwiatkowski, Alan Mislove, Nick Sullivan, Luke Valenta
PDF Code

Accomplish­ments

Cryptography

University of Maryland / Coursera Jan 2012
See certificate

Cryptography I

Stanford University / Coursera Jan 2012
See certificate

Algorithms Design and Analysis I

Stanford University / Coursera Jan 2012
See certificate

Hardware/Software Interfaces

University of Washington / Coursera Jul 2011
See certificate

Proficient C++ programming

International Knowledge Measurement (IKM) Jul 2011
See certificate

Conference reviewer

Reviewing submissions

Contact