KEMTLS: Post-quantum TLS without signatures

The Transport Layer Security (TLS) protocol, used to secure most internet connections, may need an update due to the imminent threat of quantum computers. A recent experiment by Cloudflare and Google integrated two post-quantum key exchanges into TLS stacks and Chrome Canary clients to evaluate their performance and feasibility. However, replacing both key exchange and signature with post-quantum primitives seems infeasible due to the larger size of public keys, signatures, and key exchange material compared to traditional Diffie-Hellman, RSA, or elliptic curves. A proposed solution is KEMTLS, which replaces the handshake signature by a post-quantum KEM key exchange while achieving the same goals as TLS 1.3 (authentication, confidentiality, and integrity). Cloudflare has implemented the full KEMTLS handshake in Golang's TLS 1.3 suite to show that TLS can be completely post-quantum safe.