Schedule

The anticipated duration of each of the three main steps is indicated in the chart below, broken down into 3-months periods. We pursue the design and analysis phase on the protocol level concurrently with the analysis and development  of protection measures on the implementation level.

• Step 1 focuses on basic design decisions in the security model (Part A), making sure these decisions are compatible with the needs of property identification and expression for runtime verification. At the same time, in Part B we make sure that that we will invoke cryptographic primitives that can meaningfully be protected against side-channel attacks.
• Step 2 works out details of a quantum-safe AGKE solution at the protocol level (Part A), which relies on Step 1-A being well underway. Some tweaking of the security model might still be needed when conducting the formal security analysis. In Part B, we are transitioning from property expression to property compilation -- starting to translate the theoretical protocol description into executable code.
• Step 3 focuses on optimizing and fine-tweaking parameter choices (Part A), and in Part B we integrate and test now comprehensive protection mechanisms (side channel countermeasures, property monitors),
  which should lead up to a complete quantum-safe solution for AGKE.