惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Security Archives - TechRepublic
Security Archives - TechRepublic
Project Zero
Project Zero
K
Kaspersky official blog
G
Google Developers Blog
T
Threat Research - Cisco Blogs
T
The Blog of Author Tim Ferriss
Cyberwarzone
Cyberwarzone
Y
Y Combinator Blog
Recorded Future
Recorded Future
Blog — PlanetScale
Blog — PlanetScale
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Cisco Talos Blog
Cisco Talos Blog
Latest news
Latest news
Microsoft Security Blog
Microsoft Security Blog
H
Help Net Security
S
Schneier on Security
P
Palo Alto Networks Blog
H
Hacker News: Front Page
N
News and Events Feed by Topic
N
Netflix TechBlog - Medium
博客园 - Franky
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
SecWiki News
SecWiki News
Cloudbric
Cloudbric
TaoSecurity Blog
TaoSecurity Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
The Hacker News
The Hacker News
C
Check Point Blog
L
LangChain Blog
腾讯CDC
小众软件
小众软件
T
Tenable Blog
Google DeepMind News
Google DeepMind News
GbyAI
GbyAI
L
LINUX DO - 最新话题
A
About on SuperTechFans
Google Online Security Blog
Google Online Security Blog
C
Cisco Blogs
Recent Announcements
Recent Announcements
Hacker News: Ask HN
Hacker News: Ask HN
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Vercel News
Vercel News
雷峰网
雷峰网
美团技术团队
D
DataBreaches.Net
Martin Fowler
Martin Fowler
Help Net Security
Help Net Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
F
Full Disclosure
博客园_首页

Cryptology ePrint Archive

Improved Dual Attack and Trapdoor Sampling via Quantum Rejection Sampling Verifying Consensus Protocols from LLM-assisted TLA$^+$: A Case Study of Byzantine Reliable Broadcast ThriftyMPC: Reducing the Cost of Large-Scale MPC in the Cloud Asynchronous Lagrange-Based Threshold FHE with Smaller Modulus Overhead Breaking ACDGV MinRank Gabidulin encryption schemes over matrix codes Explicit cost analysis of Toom-4 multiplication for incomplete NTT in lattice-based cryptography Security Analysis on a Blockchain-based Public-Key Authenticated Searchable Encryption Scheme Icy-DVRF: A Distributed Verifiable Random Function based on FROST signatures Frobenius-UOV: A Very Efficient Multivariate Public Key Signature Scheme Revisiting Linear Subspace Trails in Poseidon A New Multiscalar Multiplication Method Resistant to Timing Attacks Device Binding for Anonymous Credentials on Legacy Phones Beyond Quadratic: Unlocking Pseudorandomness with Quartic Character Multi-leveled and ISA/IEC 62443-aware Certificate Transparency to Protect the PKI Service Supply Chain of Operational Technology rBFT: a Revamped Two-Stage BFT from Delegated Committee Delving Deep into Security Guarantees against Integral Distinguishers with Applications to PRESENT, TWINE and LBLOCK On the Communication Complexity of Sleepy Consensus Enhancing Blockchain Proof of Stake with Active Weighted Signatures: The ADAPT Framework Threshold FHE with Short Decryption Shares without a Semi-trusted Server Efficient Bootstrapping in Fully Homomorphic Encryption for Matrix Arithmetic YsPIR: HE-Based Single-Server Private Information Retrieval with Low Communication Cost and High Throughput Black-box validation of Falcon key generation under numerical instability Tight Lattice-Based Signatures without Trapdoors from Search LWE Formalizing Blockchain PQC Signature Transition: How to Outpace Quantum Adversaries Optimized G+G Signature Storing Less in-the-Head: An Area-Efficient Hardware Architecture for SDitH-v2 SoK: Private LLM Inference using Approximate Homomorphic Encryption BitVM3: Efficient Bitcoin Bridges via Garbled Circuits Private Function Evaluation with Linear Complexity Obscura: Privacy-Preserving Protocol for the Algorand Blockchain Using LSAG Ring Signatures Cryptanalysis of Definite and Indefinite Lattice Isomorphism Problems With Applications to HAWK and DEFI Formalizing and Strengthening the Security Proof of NTOR Verifiable Anomaly and Similarity Detection Using Matrix Profile in Private Time-series Privacy Coins Under Viewing Key Compromise Adaptively-Secure Flexible and Identity-Based Broadcast Encryption from Decomposed LWE MERIDIAN: A Toroid-Inspired Permutation Block Cipher for Constrained Environments Toward Practical Fair Data Exchange: Eliminating In-Circuit Public-Key Operations Fault Injection Attacks Against zkSTARKs Beyond Binary: crosscorrelation of Cubic, Quartic and Quintic Character Sequences A Post-Quantum Accountable Sanitizable Signature Scheme Based on Unbalanced Oil and Vinegar Better Usability: Leakage-Resistant AEADs from Single-length Blockciphers TieredOMap: Skewness-Aware Oblivious Map Non-Adaptive Programmable PRFs and Applications to Stacked Garbling Mosaic: Practical Malicious Security for Garbled Circuits on Bitcoin Efficient Bootstrapping of Matrices in FHE Formal Verification, Integration and Physical Evaluation of Prime-Field Masking on Silicon New Techniques for Communication-Efficient Secure Comparison Protocols Verifying Provenance of Digital Media: Security Analysis of C2PA and its Implementation EQuADiSE: Efficient Quantum-safe Adaptive Distributed Symmetric-key Encryption Panther: Robust Hybrid KEM Combiners via Structural Splicing Cobra: All-in-one for full-fledged defense — a hybrid nested KEM SCOUT-CT: Sound Constant-Time Outcome with Uncertainty Tracking using multi-taint analysis Cryptanalysis of the Sharafi–Daghigh digital signature scheme Improved Garbled RAM via Garbled Merge GlitchSnipe: Toward Localized Voltage Fault Attacks MCU: An Efficient and Scalable Nonlinear Function Evaluation in MPC without Preprocessing Divide-and-Pair: Faster subgroup membership testing for elliptic curves Related-Key Multi-Pair Neural Distinguishers: Analysis and Applications to Lightweight Block Ciphers MDSS-STAR: Private Heavy-Hitters through Multi-Dealer Secret Sharing How to Authenticate a Non-Deterministic Computation Quick Draw Queries: Lightweight Searchable Public-key Ciphertexts with Hidden Structures via Non-Interactive Key Exchange Boolean Arithmetic over $\mathbb{F}_2$ from Group Commutators Open Problems in List Decoding and Correlated Agreement An Efficient Identity-Based Blind Signature Scheme from SM9 Tighter Bounds for the Oblivious Bit-Fixing Inner Product Extractor on Biased Seeds Counting and recovering the quadratic relations of a vectorial function Perils of Parallelism: Transaction Fee Mechanisms under Execution Uncertainty RoKoko: Lattice-based Succinct Arguments, a Committed Refinement Aggregator-Based Voting using proof of Partition HARE: Compact HQC via Distance-Informed Erasure Decoding A Maliciously-Secure Post-Quantum OPRF from Crypto Dark Matter Byzantine Consensus in the Partially Authenticated Setting Post-Quantum Anonymous Signatures from the Lattice Isomorphism Group Action Issuer-Hiding for BBS Anonymous Credentials via Randomizable Keys Relaxed Modular PCS from Arbitrary PCS and Applications to SNARKs for Integers Cross-Algorithm Deep Learning-based Non-Profiled Side-Channel Attacks Exploiting Symmetric Leakage Key Recovery Attacks on UOV Using $p^\ell$-truncated Polynomial Rings Reducing the Number of Qubits in Quantum Discrete Logarithms on Elliptic Curves PhantomCrypt: Second-Order Deniable Encryption with Post-Quantum Security When Trying to Catch Cheaters Breaks the MPC: Breaking and Fixing Delayed Consistency Checks in Trident, Fantastic Four, SWIFT, and Quad (Full Version) On the Use of Atkin and Weber Modular Polynomials in Isogeny Proofs of Knowledge Private IP Address Inference in NAT Networks via Off-Path TCP Control-Plane Attack Minimizing Mempool Dependency in PoW Mining on Blockchain: A Paradigm Shift with Compressed Block Representation for Enhanced Scalability, Decentralization and Security. Beyond-Birthday-Bound Security with HCTR2: Cascaded Construction and Tweak-based Key Derivation From Matrix to Polynomial NTRU FHE: Enabling Amortized Bootstrapping via Sparse Keys Adaptive NIKE for Unbounded Parties Hyperion: Private Token Sampling with Homomorphic Encryption TSS-PV: Traceable Secret Sharing with Public Verifiability A Graph-Theoretic Framework for Randomness Optimization in First-Order Masked Circuits Auntie: Unobservable Contracts from Zerocash and Trusted Execution Environments Fast Batch Matrix Multiplication in Ciphertexts On the $\gamma$-Spreadness of Average-Case to Worst-Case Transformations On the Regularity of the Generalized Birthday Problem The Pipes Model for Latency and Throughput Analysis Permutation-Based Hash from Non-Idealized Assumptions: Adding Feed-Forward to Sponge Secret-Key PIR from Random Linear Codes K-Linkable Ring Signatures and Applications in Generalized Voting Dynamic zk-SNARKs (with applications to sparse zk-SNARKs and IVC) ProxCode: Efficient Proximity Searchable Encryption from Error Correcting Codes DLFA: Deep Learning based Fault Analysis against Block Ciphers
Operationalising Post‑Quantum TLS: Automated Configuration Profiling and Hybrid PQC Deployment in Financial Infrastructure
Harish Balaji, Digital Trust Centre, Nanyang Technological Unive · 2026-05-15 · via Cryptology ePrint Archive

Paper 2026/959

Operationalising Post‑Quantum TLS: Automated Configuration Profiling and Hybrid PQC Deployment in Financial Infrastructure

Aarav Varshney, College of Computing and Data Science, Nanyang Technological University, Singapore, PQStation, Singapore

Prasanna Ravi, College of Computing and Data Science, Nanyang Technological University, Singapore, PQStation, Singapore

Sripal Jain, OCBC Bank, Singapore

Robin Foe, OCBC Bank, Singapore

Jorden Seet, OCBC Bank, Singapore

Huaxiong Wang, Digital Trust Centre, Nanyang Technological University, Singapore

Kwok-Yan Lam, Digital Trust Centre, Nanyang Technological University, Singapore

Anupam Chattopadhyay, College of Computing and Data Science, Nanyang Technological University, Singapore

Abstract

Organisations are upgrading their cryptographic infrastructure to become quantum‑safe before large‑scale quantum computers materialise. Post‑quantum cryptography (PQC) standards now exist for key‑exchange and digital signatures, but the urgent question for adopters is how to operationalise PQC in complex environments with confidence. In banking, Transport Layer Security (TLS), for example, protects data‑in‑transit across public‑facing channels and internal services, and is terminated at many heterogeneous endpoints (web servers, API gateways, load balancers, reverse proxies), each a potential quantum‑vulnerable component and migration target. We argue that the bottleneck is operational rather than algorithmic: hybrid key exchanges such as X25519‑ML‑KEM‑768 are already available in mainstream libraries, but security teams lack precise visibility into TLS configurations and repeatable methods for enabling PQC‑compatible settings across a heterogeneous estate. This paper presents a configuration‑parsing methodology that automatically extracts and normalises TLS cryptographic posture across dominant enterprise web‑server stacks, producing a unified, provenance‑traced cryptographic inventory as a foundation for migration and compliance. We demonstrate the approach on 8,443 real‑world Nginx configurations from public repositories and in a proof‑of‑concept deployment at a financial institution, where ML‑KEM‑512 and X25519‑ML‑KEM‑768 are onboarded at TLS termination points (web server and API gateway) securing an internal application, with zero application‑layer changes and manageable performance overhead.

BibTeX

@misc{cryptoeprint:2026/959,
      author = {Harish Balaji and Aarav Varshney and Prasanna Ravi and Sripal Jain and Robin Foe and Jorden Seet and Huaxiong Wang and Kwok-Yan Lam and Anupam Chattopadhyay},
      title = {Operationalising Post‑Quantum {TLS}: Automated Configuration Profiling and Hybrid {PQC} Deployment in Financial Infrastructure},
      howpublished = {Cryptology {ePrint} Archive, Paper 2026/959},
      year = {2026},
      url = {https://eprint.iacr.org/2026/959}
}