https://doi.org/10.1140/epjqt/s40507-025-00425-3
Research
Quantum-safe hybrid key exchanges with KEM-based authentication
1
Sorbonne University, CNRS, LIP6 F-75005, Paris, France
2
AIT Austrian Institute of Technology, Vienna, Austria
3
EPITA, EPITA Reserach Lab (LRE), Le Kremlin-Bicêtre, France
Received:
11
August
2025
Accepted:
30
September
2025
Published online:
10
November
2025
Authenticated Key Exchange (AKE) is a foundational cryptographic building block that plays a critical role in safeguarding digital networks and infrastructures. In PQCrypto 2023, Bruckner, Ramacher, and Striecks proposed a novel hybrid AKE (HAKE) protocol dubbed Muckle+, which is particularly useful in large quantum-safe networks consisting of a large number of nodes. The Muckle+ protocol is of a hybrid nature, in that it facilitates the incorporation of key material from conventional, post-quantum, and quantum cryptography primitives into a unified authenticated shared key.
To achieve the desired authentication properties, Muckle+ utilizes post-quantum digital signatures. However, the efficiency of available instantiations of such signature schemes is not yet comparable to that of their post-quantum key-encapsulation mechanism (KEM) counterparts, particularly in large networks with potentially several connections in a short period of time. In order to address this discrepancy, the present work proposes Muckle#, a protocol that aims to expand the existing boundaries of efficiency within the HAKE framework. Muckle# utilizes post-quantum KEMs for implicit authentication, drawing inspiration from recent advancements in the domain of Transport Layer Security (TLS) protocols, particularly in KEMTLS (CCS’20).
Our KEM-based approach results in a slightly different message flow compared to prior work and we developed novel proof techniques in the process. Moreover, we implemented a proof of concept, thereby demonstrating practicality of this alternative approach to authentication within HAKE.
Key words: Hybrid authenticated key exchange / Post-quantum cryptography / Quantum cryptography
© The Author(s) 2025
Open Access This article is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License, which permits any non-commercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if you modified the licensed material. You do not have permission under this licence to share adapted material derived from this article or parts of it. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by-nc-nd/4.0/.
