Kris Kwiatkowski is a Cryptography Engineer who focuses on problems at the intersection of cryptographic research, implementation and deployment. Currently, at PQShield, he is focusing on the implementation of post-quantum cryptographic primitives and helping organizations migrate from classical post-quantum cryptosystems. Prior to joining PQShield, he worked as Cryptography Engineer at Cloudflare where he was responsible for real-world deployment and measurements of post-quantum key exchange in TLS. With a career spanning over 15 years, Kris worked on a variety of topics related to cryptography and software security from small embedded TEEs to large, distributed backend systems.
MSc in Pure Mathematics, 2006
Poznan University of Technology, Poznań, Poland
Computer System Architecture & Design, 2007
AGH University of Science and Technology, Kraków, Poland
Working as a Cryptography Engineer responsible for software implementation of cryptographic primitives.
Working as a Cryptography Engineer in Cloudflare’s Technology Research team. Most of the activities were around implementing improvements to the TLS stack as well as the implementation of Proof of Concepts in the area of post-quantum cryptography (isogeny based).
I was part of the team working on an implementation of the Trusted Execution Environment (TEE) based on ARM TrustZone technology. My responsibility was the implementation of cryptographic components and security validation of various parts of the system.
Responsible for maintaining and implementing various functionalities in the Amadeus core system security and communication framework (C++ based). Focusing mainly on security and stability of TLS connections, performance optimization, improvements to failure resilience of high-availability components.
In this work, we first provide a simple and efficient generic construction of mKEM that can be instantiated from versatile assumptions, including post-quantum ones. We then study these mKEM instantiations at a practical level using 8 post-quantum KEMs and show that compared to the trivial solution, our mKEM offers savings of at least one order of magnitude in the bandwidth.
Recently Cloudflare announced a wide-scale post-quantum experiment that was conducted in cooperation with Google. We focused on using post-quantum key exchange algorithms by real clients for the TLS session establishment over real networks. Our goal was to find most suitable quantum-resistant key exchange algorithm to be used on the Internet as well as understand difficulties related to deployment of post-quantum cryptography.
We implemented post-quantum key exchange in the BoringSSL. The implementation into Google’s Chrome Canary web browser and Cloudflare’s edge servers and was used by real users on real network. This enabled us to perform measurements on real-world use cases, both on server and client side. We collected, analyzed data and studied the results. In this invited talk will discuss the outcomes of the experiment.
Helping in submissions review