Kris Kwiatkowski

Kris Kwiatkowski

Senior Cryptography Engineer

PQShield, LTD

Biography

Kris Kwiatkowski is a Cryptography Engineer who focuses on problems at the intersection of cryptographic research, implementation and deployment. Currently, at PQShield, he is focusing on the implementation of post-quantum cryptographic primitives and helping organizations migrate from classical post-quantum cryptosystems. Prior to joining PQShield, he worked as Cryptography Engineer at Cloudflare where he was responsible for real-world deployment and measurements of post-quantum key exchange in TLS. With a career spanning over 15 years, Kris worked on a variety of topics related to cryptography and software security from small embedded TEEs to large, distributed backend systems.

Interests

  • Cryptographic Implementations
  • Post-Quantum cryptography
  • System Security
  • High performance computing
  • Software Engineering

Education

  • MSc in Pure Mathematics, 2006

    Poznan University of Technology, Poznań, Poland

  • Computer System Architecture & Design, 2007

    AGH University of Science and Technology, Kraków, Poland

Skills

C/C++

Golang

Cryptography

Parallel execution (SIMD)

Trusted Execution Environment

Linux

Experience

 
 
 
 
 

Senior Cryptography Engineer

PQShield

Dec 2019 – Present Oxford/Remote, UK

Working as a Cryptography Engineer responsible for software implementation of cryptographic primitives.

  • Supporting research by providing implementation of cryptographic schemes related to the usage of post-quantum cryptography in MLS protocol. Work has been accepted by two main cryptologic conferences - Asiacrypt2020 and PKC2021.
  • Implementation of Post-Quantum cryptography in the IKEv2-based VPN software running on ARMv8 embedded platform. I’ve been responsible for the cryptographic implementation of lattice-based cryptographic scheme (Frodo) as well as technical leading of a 3-person scheme. This project has been successfully implemented for the first customer of the company (Bosch).
 
 
 
 
 

Cryptography Engineer

Cloudflare

Feb 2018 – Dec 2019 London, UK

Working as a Cryptography Engineer in Cloudflare’s Technology Research team. Most of the activities were around implementing improvements to the TLS stack as well as the implementation of Proof of Concepts in the area of post-quantum cryptography (isogeny based).

  • Together with Google I’ve implemented and put into production an experiment enabling post-quantum key exchange (SIKE) in TLSv1.3. The experiment has been enabled on the entire Cloudflare CDN edge network as well as in Google’s Chrome web browser. Results from this work were presented during NIST PQC Standardization Workshop. Results from this experimentation can be found at the company’s website
  • I’ve co-authored Golang cryptographic library called CIRCL (github).
 
 
 
 
 

Security Validation Engineer

Trustonic

Jun 2015 – Jan 2018 Sophia-Antipolis, FR & Cambridge, UK

I was part of the team working on an implementation of the Trusted Execution Environment (TEE) based on ARM TrustZone technology. My responsibility was the implementation of cryptographic components and security validation of various parts of the system.

  • Provided implementation of cryptographic API. This work was a part of the bigger project with a goal to implement TEE compliant with the GlobalPlatform specification (certificate).
  • Provided Trusted Execution Environment (TEE) based system authentication for Android devices (Gatekeeper). This work has is deployed on millions of Android devices (i.e. Samsung).
 
 
 
 
 

Freelancer

Among Bytes

Jun 2015 – Present Cambridge, UK
I provide various services in the area of software engineering.
 
 
 
 
 

Software Engineer

Amadeus

Jun 2008 – May 2015 Sophia-Antipolis, France

Responsible for maintaining and implementing various functionalities in the Amadeus core system security and communication framework (C++ based). Focusing mainly on security and stability of TLS connections, performance optimization, improvements to failure resilience of high-availability components.

  • PCI DSS certification - provided modifications to TLS connections to align usage of cryptographic algorithms with the PCI requirements.
  • Improved performance in a backend performing low-latency operations by modifying memory allocation strategy. Overall CPU consumption was reduced by ~20%, which reduced running costs as the backend was composed of a few hundred processes distributed over a server farm.
 
 
 
 
 

Project Manager

Tieto

Feb 2007 – May 2008 Wrocław, Poland
Managing teams developing PC software tools for Nokia/Symbian based mobile phones. Products were used in Nokia’s customer care centres for device reparation as well as end-users for firmware update. I’ve built a team of 20 developers and testers located in Poland, the Czech Republic and China working on multiple software projects for Nokia.
 
 
 
 
 

Software Engineer

BenQ

Dec 2005 – Feb 2007 Wrocław, Poland
C/C++ software developer. Member of a team that was developing diagnostic and recovery toolset for embedded, Qualcomm based mobile phone platform. Those tools were used for the design of the mobile phone platform by the BenQ/Siemens research centres.

Projects

OP-TEE ENGINE

Implementation of OpenSSL ENGINE for OpenVPN with key storage secured by ARM TrustZone

CIRCL

CIRCL is a collection of cryptographic primitives written in Go.

Recent & Upcoming Talks

Accomplish­ments

Cryptography

See certificate

Algorithms Design and Analysis I

See certificate

Hardware/Software Interfaces

See certificate

Contact