In this work, we first provide a simple and efficient generic construction of mKEM that can be instantiated from versatile assumptions, including post-quantum ones. We then study these mKEM instantiations at a practical level using 8 post-quantum KEMs and show that compared to the trivial solution, our mKEM offers savings of at least one order of magnitude in the bandwidth.

Recently Cloudflare announced a wide-scale post-quantum experiment that was conducted in cooperation with Google. We focused on using post-quantum key exchange algorithms by real clients for the TLS session establishment over real networks. Our goal was to find most suitable quantum-resistant key exchange algorithm to be used on the Internet as well as understand difficulties related to deployment of post-quantum cryptography.

We implemented post-quantum key exchange in the BoringSSL. The implementation into Google’s Chrome Canary web browser and Cloudflare’s edge servers and was used by real users on real network. This enabled us to perform measurements on real-world use cases, both on server and client side. We collected, analyzed data and studied the results. In this invited talk will discuss the outcomes of the experiment.