top of page

Dr. Matthias J. Kannwischer

Crypto Lab- Research Director

Dr. Matthias J. Kannwischer is an expert in quantum safe cryptography. He received his PhD in applied post-quantum cryptography from Radboud University (Nijmegen, The Netherlands) and was supervised by Peter Schwabe and Bo-Yin Yang. Prior to joining Chelpis Quantum Corp and QSMC, He was a post-doctoral researcher at Academia Sinica (Taipei, Taiwan) and a PhD student at the Max Planck Institute for Security and Privacy (Bochum, Germany) and Radboud University (Nijmegen, The Netherlands).

He is a co-submitter of UOV and MAYO, and a maintainer of the pqm4 post-quantum software framework.


Quantum-Safe Cryptography


Researchers at Chelpis have many years experience in cryptography implementations. Since the early days of the NIST post-quantum cryptography competition, they have been creating and maintaining open-source projects including pqm4 and PQClean with the latter being used in various other projects including liboqs and the Signal messenger. Recently, Chelpis researchers have joined the Post-Quantum Cryptography Alliance (PQCA)  - a Linux foundation project for production-grade open-source post-quantum cryptography. As a part of PQCA, Chelpis is part of the technical steering committee of the Post-Quantum Code Package (PQCP) and maintains and develops two libraries targeting 32-bit microcontrollers and 64-bit Arm CPUs (e.g., Smartphones, Arm-based servers, and Apple processors). 

UOV Signatures

While the first round of post-quantum cryptography standards are expected to be published in 2024, they do not meet the requirements of all applications. In particular, due to their large signature sizes, it may be impossible to migrate certain applications to these post-quantum signature schemes. Due to this need, NIST has initiated an additional signature competition aiming to standardize signature schemes with small signatures and fast verification. Chelpis researchers are part of the submission teams of two signature schemes sent to NIST for standardization: UOV and MAYO. These are currently being evaluated by NIST and the cryptography community. UOV was proposed in 1995 and has withstood any attempts to break it. With modern parameters selected for optimal performance, UOV achieves signatures as small as 128 bytes with public keys of 44 kilobytes. For applications that do not have to transmit the public key (often), this provides a vast advantage over 2420-byte ML-DSA signatures and 666-byte FN-DSA signatures. Furthermore, UOV outperforms ML-DSA signing and verification times on certain CPUs.

MAYO Signatures

The MAYO signature scheme was proposed in 2021 by Beullens building on the construction of UOV, but achieving much smaller public key sizes by introducing additional structure in the construction of the public map. Chelpis researchers have joined forces with Beullens and submitted MAYO to NIST for standardization. At security level one, MAYO achieves signatures of 321 bytes with public keys of 1168 bytes and is, hence, outperforming any other post-quantum signature in terms of combined public key size. It is best suited for applications that do require to transmit both public keys and signatures frequently (e.g., TLS). Compared to ML-DSA’s 2420-byte signatures and 1312-byte public keys, MAYO has significant advantages for these applications. Furthermore, MAYO is achieving faster signing and verification times than ML-DSA on certain CPUs.

Formosa: Formally-verified Open Source Cryptography

While the research on high-assurance high-speed cryptographic software has received significant attention from the research community in recent years, its practical deployment is lacking behind. For large scale deployment, we require cryptographic software libraries that come with a complete set of primitives performing at a high-speed, and providing a high level of assurance. Ideally, this software should provide formal guarantees about security and correctness. While research papers in the past have provided various artifacts that provide some pieces of formally-verified cryptographic functionality, up to today, there exists no library that provides a complete set of features that would allow them to use them as a drop-in replacement for any of the non-verified libraries. Chelpis researchers are contributing to the European-led project Formosa crypto (Formally-verified open-source amazing Cryptography) aiming at exactly this: Producing cryptographic software that comes with computer-verifiable proofs enabling much higher assurance regarding the security and correctness of the implementations.

bottom of page