Kris Kwiatkowski

Kris Kwiatkowski

Senior Cryptography Engineer

PQShield, LTD


Kris Kwiatkowski is a Cryptography Engineer who focuses on problems at the intersection of cryptographic research and the implementation. Currently, at PQShield, he is responsible for implementation of post-quantum cryptographic primitives and helping organizations migrate from classical to post-quantum cryptosystems. With a career spanning over 15 years, Kris worked on a variety of topics related to cryptography, communication and software security from small embedded systems to large, distributed backend systems.


  • Cryptographic Implementations
  • Post-Quantum cryptography
  • System Security
  • High performance computing
  • Software Engineering


  • MSc in Pure Mathematics, 2006

    Poznan University of Technology, Poznań, Poland

  • Computer System Architecture & Design, 2007

    AGH University of Science and Technology, Kraków, Poland





Parallel execution (SIMD)

Trusted Execution Environment




Senior Cryptography Engineer


Dec 2019 – Present Oxford/Remote, UK

Working as a Cryptography Engineer responsible for software implementation of cryptographic primitives.

  • Supporting research by providing implementation of cryptographic schemes related to the usage of post-quantum cryptography in MLS protocol. Work has been accepted by two main cryptologic conferences - Asiacrypt2020 and PKC2021.
  • As a developer and team leader, I’ve successfully implemented of quantum-resistant VPN for the first customer of the company (Bosch) on theirs ARMv8-based embedded platform.

Cryptography Engineer


Feb 2018 – Dec 2019 London, UK

Working as a Cryptography Engineer in Cloudflare’s Technology Research team. Most of the activities were around implementing improvements to the TLS stack as well as the implementation of Proof of Concepts in the area of post-quantum cryptography (isogeny based).

  • Together with Google I’ve implemented and put into production an update to TLS stack enabling post-quantum key exchange (SIKE). Results from this experimentation can be found at the company’s website
  • I’ve co-authored Golang cryptographic library called CIRCL (github).

Security Validation Engineer


Jun 2015 – Jan 2018 Sophia-Antipolis, FR & Cambridge, UK

I was part of the team working on an implementation of the Trusted Execution Environment (TEE) based on ARM TrustZone technology. My responsibility was the implementation of cryptographic components and security validation of various parts of the system.

  • Provided implementation of cryptographic API. This work was a part of the bigger project with a goal to implement TEE compliant with the GlobalPlatform specification (certificate).
  • Provided Trusted Execution Environment (TEE) based system authentication for Android devices (Gatekeeper). This work has is deployed on millions of Android devices (i.e. Samsung).


Among Bytes

Jun 2015 – Present Cambridge, UK
I provide various services in the area of software engineering.

Software Engineer


Jun 2008 – May 2015 Sophia-Antipolis, France

Responsible for maintaining and implementing various functionalities in the Amadeus core system security and communication framework (C++ based). Focusing mainly on security and stability of TLS connections, performance optimization, improvements to failure resilience of high-availability components.

  • PCI DSS certification - provided modifications to TLS connections to align usage of cryptographic algorithms with the PCI requirements.
  • Improved performance in a backend performing low-latency operations by modifying memory allocation strategy. Overall CPU consumption was reduced by ~20%, which reduced running costs as the backend was composed of a few hundred processes distributed over a server farm.

Project Manager


Feb 2007 – May 2008 Wrocław, Poland
Managing teams developing PC software tools for Nokia/Symbian based mobile phones. Products were used in Nokia’s customer care centres for device reparation as well as end-users for firmware update. I’ve built a team of 20 developers and testers located in Poland, the Czech Republic and China working on multiple software projects for Nokia.

Software Engineer


Dec 2005 – Feb 2007 Wrocław, Poland
C/C++ software developer. Member of a team that was developing diagnostic and recovery toolset for embedded, Qualcomm based mobile phone platform. Those tools were used for the design of the mobile phone platform by the BenQ/Siemens research centres.



Implementation of OpenSSL ENGINE for OpenVPN with key storage secured by ARM TrustZone


CIRCL is a collection of cryptographic primitives written in Go.

Recent & Upcoming Talks



See certificate

Algorithms Design and Analysis I

See certificate

Hardware/Software Interfaces

See certificate