Professional experience

PQShield
Staff Cryptography Architect
Oxford, UK
Dec 2019 - present

I have created number products that offer FIPS 140-3 certified and CNSA 2.0 compliant post-quantum key exchange for protocols like TLS v1.3. I am responsible for the software implementation of cryptographic schemes, memory and performance optimizations for different CPU architectures, as well as the security hardening against side-channel attacks. I’ve also been leading small team (2 people + project manager) that created a PoC of HW/SW codesign for statefull, hash-based signatures.

Cloudflare
Cryptography Engineer
London, UK
Feb 2018 - Dec 2019

Working as a Cryptography Engineer in Cloudflare’s Technology Research team. Most of the activities were around implementing improvements to the TLS stack as well as the implementation of Proof of Concepts in the area of post-quantum cryptography (isogeny based).

Trustonic
Security Engineer
Cambridge, UK
May 2015 - Jan 2018

I was part of the team working on an implementation of the Trusted Execution Environment (TEE) based on ARM TrustZone technology. My responsibility was the implementation of cryptographic components and security validation of various parts of the system.

Amadeus
Software Engineer
Sophia-Antipolis, France
Jun 2008 – May 2015

Responsible for maintaining and implementing various functionalities in the Amadeus core system security and communication framework (C++ based). Focusing mainly on security and stability of TLS connections, performance optimization, improvements to failure resilience of high-availability components.

Tieto, BenQ
Project Manager
Wrocław, Poland
Dec 2005 – May 2008

Started as a Software Engineer and grew to a manager position. I’ve been managing teams developing PC software tools for Nokia/Symbian based mobile phones. Products were used in Nokia’s customer care centres for device reparation as well as end-users for firmware update. I’ve built a team of 20 developers and testers located in Poland, the Czech Republic and China working on multiple software projects for Nokia.

Projects

Below I have outlined the project examples that truly spark my interest and enthusiasm for collaboration.

draft-kwiatkowski-tls-ecdhe-mlkem | []
Personal effort / Volunteering

An IETF effort to standardize hybrid key agreement for TLS 1.3 that combines a post-quantum KEM with elliptic curve Diffie-Hellman (ECDHE). Standard is already deployed by major browsers (Chrome, Firefox) as well as cloud service providers (Cloudflare, Google, AWS).

PQCryptoLib | []
PQShield

I have created two products - PQCryptoLib and PQCryptoLib Embedded - that offer CNSA 2.0 compliant post-quantum key exchange for protocols like TLS v1.3. I am responsible for the software implementation of cryptographic schemes, memory and performance optimizations for different CPU architectures, as well as the security hardening against side-channel attacks. The PQCryptoLib has been certified according to FIPS 140-3, level 1 requirements, as a software module. I’ve been leading the certification effort from beginning to the very end. I’m currently working on this project as a Cryptography Architect.

CIRCL |
Cloudflare

It is a collection of cryptographic primitives written in Go. The goal of this library is to be used as a tool for experimental deployment of cryptographic algorithms targeting Post-Quantum (PQ). Project is open-source and was co-inveted with Armando Faz-Hernández.

Botan |
Among Bytes, LTD

Implementation of cryptographic algorithms in C++.

Kinibi TEE
Trustonic

I was part of the team implementing, Trustonic’s Trusted Execution Environment - Kinibi.

Publications

  • Post-quantum hybrid ECDHE-MLKEM Key Agreement for TLSv1.3 (draft-kwiatkowski-tls-ecdhe-mlkem) |
    P. Kampanakis, K. Kwiatkowski, D. Stebila, B. E. Westerbaan
  • NIST SP 1800-38C: Migration to Post-Quantum Cryptography - Quantum Readiness |
    W. Newhouse, M. Souppaya, J. Prat, R. Larrieu, R. Burns, W. Barker, J. Gray, M. Ounsworth, C. Viana, J. Gilbert, G. Scinta, C. Brown, H. Le Van Gong, P. Kampanakis, K. Kwiatkowski, E. Kim, J. Goodman, A. Hu, V. Krummel
  • An Efficient and Generic Construction for Signal’s Handshake (X3DH): Post-Quantum, State Leakage Secure, and Deniable |
    Keitaro Hashimoto, Shuichi Katsumata, Kris Kwiatkowski, Thomas Prest
  • Scalable Ciphertext Compression Techniques for Post-Quantum KEMs with Applications |
    Shuichi Katsumata, Kris Kwiatkowski, Federico Pintore, Thomas Prest
  • Measuring TLS key exchange with post-quantum KEM |
    Adam Langley, Dave Levin, Kris Kwiatkowski, Alan Mislove, Nick Sullivan, Luke Valenta
  • The TLS Post-Quantum Experiment |
    Kris Kwiatkowski, Luke Valenta
  • Towards Post-Quantum Cryptography in TLS |
    Kris Kwiatkowski

Talks

  • Post-Quantum Cryptography for IoT Edge. Implementation tradeoffs and security pitfalls || TPM.dev, Cambridge, UK | Sep, 2024
  • Cryptographic interfaces for secure IoT devices || ICMC 2022, Washington D.C., USA | Sep, 2022
  • Implementing a FIPS-Certifiable Crypto Module for Post-Quantum TLS || CryptoMod 2022, Brussels, Belgium | May, 2021
  • Report on IETF and ETSI activities around Post-Quantum systems | | GlobalPlatform, Online | Nov, 2021
  • Post-Quantum cryptography for C++ developers | | Online | Nov, 2021
  • Ciphertext Compression Techniques for Post-Quantum KEMs | | Online | Oct, 2020
  • Measuring post-quantum TLS | ICMC 2020, Virtual | Sep, 2020
  • Towards Post-Quantum Cryptography in TLS | | ECC, Ruhr-University, Germany | Dec, 2019

Volunteering

  • CHES 2025 - Member of artifact review committee
  • CHES 2024 - Member of artifact review committee | []
  • PETS 2024 - Member of artifact review committee
  • PETS 2023 - Member of artifact review committee
  • CHES 2021 - Member of artifact review committee
  • CARDIS 2020 - Additional reviewer
  • COSADE2020 Additional reviewer
  • 17th IMA International Conference on Cryptography and Coding, 2019 - Additional reviewer
  • Technical reviewer for a book Demystifying Cryptography with OpenSSL 3.0 by Alexei Khlebnikov