Hybrid Keys in Practice: Combining Classical, Quantum and Post-Quantum Cryptography

Currently, with the threat of quantum computer attacks, the idea of combining several same-type primitives has reemerged. This is also the case for cryptographic keys where a hybrid quantum key exchange combination allows for preserving the security guarantees of pre-quantum schemes and achieving quantum resistance of post-quantum schemes. In this article, we present a concrete 3-key combiner system implemented on a Field Programmable Gate Arrays (FPGA) platform. Our system involves a pre-quantum Key EXchange scheme (KEX), a post-quantum key encapsulation mechanism, and a Quantum Key Distribution (QKD) algorithm. The proposed 3-key combiner is proven to be secure in the quantum standard model and it is INDistinguishable under a Chosen-Ciphertext Attack (IND-CCA). Our combiner can run in small FPGA platforms due to its relatively low resources usage. In particular, the key combiner without QKD is able to output up to 1 624 keys per second and the key combiner with QKD is able to output up to 9.2 keys per second.


I. INTRODUCTION
The idea of combining several same-type primitives, so that the resulting scheme is secure as long as one of the components remains secure, goes back to Even and Goldreich [1].With the threat of quantum computer attacks, this concept has reemerged.Classical cryptographic methods, based on the hardness of mathematical assumptions such as Integer Factorization (IF) problem, Discrete Logarithm Problem (EC), and Elliptic Curve (EC)DLP, have long provided the foundation for securing communication and information.With the advent of quantum computers, the run of quantum-based algorithms could be used to break traditional public-key cryptography schemes.For instance, Shor's algorithm [2] allows attackers to solve DLP and IF problem and, therefore, breaks the most commonly used cryptographic protocols such as RSA, Diffie-Hellman scheme, and EC Digital Signature Algorithm (DSA), that are based on the aforementioned mathematical assumptions.Hybrid schemes permit mitigating the risk of The associate editor coordinating the review of this manuscript and approving it for publication was Cong Pu .quantum attacks and preserving common security guarantees by combining classically secure and quantum-resistant schemes.For instance, the National Cybersecurity Agency of France (ANSSI) [3] considers the role of hybridization in the cryptographic security crucial and mandatory for the next phases.An efficient way to achieve hybridization involves a scheme combiner where parallelization of the combined schemes can be provided.In this way, the slower Key EXchange (KEX) or Key Exchange Mechanism (KEM) scheme bounds the key generation speed.The combiners are designed to be fast and achieve an equal level of security to the involved schemes.Reinforcing this idea, the Federal Office for Information Security -Germany (BSI) report [4] suggests not using post-quantum cryptography in isolation, as it has not been equally well studied.At the same time, the report emphasizes the need to switch to quantum-safe schemes by combining post-and pre-quantum schemes.In fact, the usage of new algorithms can be a long and difficult process, where backward compatibility has to be maintained without introducing the risk of downgrade attacks [5].Moreover, there is uncertainty about the hardness of post-quantum assumption where new (even classical) attacks may show them to be vulnerable and, furthermore, the parameters choices not yet reliable [6].Therefore, we are in a situation where there is a demand to protect assets from quantum computer threats, but not sufficient confidence in the security of post-quantum schemes.A hybrid approach facilitates the smooth transition to Post-Quantum (PQ) cryptography, retaining the time-tested trust on pre-quantum algorithms while incorporating the quantum resistance of PQ schemes [7].
Recently, several ways to combine either KEX protocols or KEMs into a secure hybrid system have been proposed [5], [7], [8], [9], [10].A study from the European Network and Information Security Agency (ENISA) [11] suggests deploying post-quantum cryptography as an extra layer to pre-quantum cryptography.This is in accordance with Agence nationale de la sécurité des systèmes d'information (ANSSI) and the Federal Office for Information Security (BSI) specifications of hibridization.Specifically, ENISA proposes that the selected pre-and post-quantum scheme output keys are combined to generate the encryption key used, for example, as input in the AES-256-GCM scheme.It is important to notice that the Elliptic-Curve Diffie-Hellman (ECDH) is considered a candidate for the pre-quantum scheme whereas the Kyber scheme is one of the possible postquantum KEMs.Furthermore, the first Internet Engineering Task Force (IETF) drafts have appeared that define and discuss hybrid approaches in various protocols, e.g., hybrid approach terminology, 1 hybrid key exchange methods in Transport Layer Security (TLS) 1.3 2 [12], and a combiner function for hybrid key encapsulation mechanisms. 3 It is worth noting that Quantum Key Distribution (QKD) promises information-theoretic security [13], whereas classical and post-quantum schemes security is based on the intractability of selected computationally hard problems.This means that QKD can provide long-term security and that does not impose limits on the adversary's computational power [14].Therefore, since they are based on different principles, QKD and post-quantum cryptography can be viewed as complementary methods that can be both deployed [4].Accordingly, a hybrid system involving prequantum, post-quantum, and quantum schemes guarantees a smooth transaction to PQ cryptography, where QKD and post-quantum complement each other to strengthen the system.Nevertheless, it is essential to consider limitations of QKD, such as its limited range and associated costs..

A. CONTRIBUTION
Seeking to contribute to the knowledge gaps, we will focus on both a quantum-secure theoretically-proven combination of keys and its practical deployment.Specifically, we seek to answer the following Research Questions (RQ): RQ1) How securely and effectively can be combined 3 different key 1 https://datatracker.ietf.org/doc/draft-driscoll-pqt-hybrid-terminology/ 2 https://datatracker.ietf.org/doc/draft-ietf-tls-hybrid-design/ 3 https://datatracker.ietf.org/doc/draft-ounsworth-cfrg-kem-combiners/establishment methods to get a hybrid key?RQ2) How can a 3-key combiner be implemented in practice and how many hardware resources will be required at FPGA? Specifically, we present a 3-key combiner system involving a pre-quantum KEX, a post-post quantum KEM, and a Quantum Key Distribution (QKD) algorithm.In particular, our work provides the following contributions: 1) Extensive analysis of existing KEX and KEM combiners.Our scheme requires combining 1 KEM and 2 KEXs.Therefore, we sought solutions in both domains and surveyed several works that provide theoretical and practical designs of either KEX or KEM combiners.2) Extension of the dual-PRF combiner to work with three keys as input.One of the possible KEX candidates is dual-PRF [15] which is designed to have either 2 KEM output keys [5] or 2 KEX output keys [8] as input.Our system stems from the proposed dual-PRF, taking 2 KEX keys and 1 KEM key as input.3) Security proof of our system directly derived from the dual-PRF, i.e., the proposed 3-key combiner is proven to be secure in the quantum standard model and it is indistinguishable under Chosen-Ciphertext Attack (IND-CCA).4) Concrete implementation of the proposed 3-key combiner in a Field Programmable Gate Arrays (FPGA) platform.Most of the existing combiners remain theoretically described whereas we present a concrete deployment of our 3-key combiner.Our combiner can run in small FPGA platforms due to its relatively low resource usage (i.e., 4 532 LUT and 3 363 FF).In particular, the key combiner without QKD is able to output up to 1 624 keys per second and the key combiner with QKD is able to output up to 9.2 keys per second.
Furthermore, the dual-PRF is closely related to the key schedule used in TLS 1.3 [15] allowing our system to be smoothly integrated into TLS 1.3 and increasing its applicability.Our system is designed to be agile, i.e., easy and fast replacement of cryptographic components, and accessible, i.e., the quantum component can be easily not deployed.In fact, our combiner can be switched to either use or not the QKD algorithm.This allows the FPGA platform to be deployed with and without the quantum component and makes the solution more accessible from a market point of view.Note that Points 1, 2, and 3 help to answer to RQ1, while Point 4 and the above paragraph to RQ2.
The rest of this article is organized as follows.Section II extensively reviews the state-of-the-art for KEMs and KEXs combiners.Section III discusses some preliminaries.Section IV states the motivation of our selection and the design goal, presents the basic structure of the proposed key combiner, and lists the selected parameters and the implementation practical aspects.Section V provides the security analysis of the scheme.Section VI reports the experimental results.Section VII discusses potential use cases of the proposed hybrid system and sums up some open problems and potential extensions of our key combiner.The final section contains the conclusions.

II. RELATED WORK
The possibility to combine more KEMs has been independently explored in the so-called KEM combiners.Table 1 provides an overview of the existing KEM combiners along with their main features.Note that only one article offers a concrete implementation of a proposed KEM combiner, nevertheless, no security proofs are given.Giacon et al. [9] proposed KEM combiners with the main purpose of developing generic methods that allow combining more KEMs in a way that security of any implies security of their combination.Their proposals focus on minimizing overhead with respect to the deployed KEMs and, therefore, achieving their easy adoption.The proposed solutions vary based on security requirements, i.e., whether they prioritize IND-CCA or INDistinguishability under Chosen-Plaintext Attacks (IND-CPA), and performance characteristics.In particular, their constructions combine hashing, Pseudo-Random Function (PRF), and XOR-ing of key and ciphertext pairs.A total of 6 combiners are introduced: G1) a simple hashing of the KEMs keys and ciphertexts; G2) an optimization of the previous one, namely XOR-then-PRF, involving the XOR-ing of the keys and the concatenation of the ciphertexts; G3) a BLOCK-then-PRF, where BLOCK stands for a secure block cipher, i.e., a chain of block cipher invocations is applied with inputs 0 and keys derived from the KEMs; G4) a PRF-then-XOR, where each KEM key and the concatenation of all ciphertexts pass through a PRF and the results are then XOR-ed; G5) a slight improvement of the previous one with the reduction of the ciphertext input; at last G6) a combiner based on a split-key pseudorandom function.Their combiners are proven to be secure either in the standard model or in the random oracle model, taking two IND-CCA KEM and outputing another IND-CCA KEM.In our case, we would like to combine one KEM and two KEX protocols.Note that the KEXs have not encapsulated keys and, therefore, the aforementioned combiners do not permit a straightforward combination of pre-shared keys, e.g., KEX schemes.Furthermore, within the cryptography literature, there have been several articles [5], [7], [12] exploring the coupling of pre-quantum and post-quantum cryptography through KEM combiners.Bindel et al. [5] focused on hybrid KEM combiners and authenticated key exchange.They propose a new KEM combiner, introduce new security models for KEM combiners that account for quantum-capable adversaries and, through the new definitions, analyze the security of three KEM combiners.Specifically, the analyzed methods consist of B1) an XOR-then-MAC combiner derived from XORthen-PRF proposed in [9]; B2) a dual-PRF which follows the TLS 1.3 construction proposed in [15]; and B3) a nested dual-PRF developed from [16].Accordingly, these combiners are quantum-secure if at least one of the selected KEM is quantum resistant [5].While previous works focused on the theoretical design of robust combiners, others considered the applicability and practicability these hybrid solutions.Stebila et al. [12] propose an evaluation of the applicability of the dual-PRF combiner proposed by [9].They list the scope, goals, benefits, and drawbacks that a combiner should have in the post-quantum era.In particular, the dual-PRF was chosen due to its features: 1) backward compatibility, i.e., endpoints and middle-boxes need to remain compatible with clients and servers even if they are not aware of the hybrid combiner; 2) high performance, i.e. the use of hybrid key exchange should not be prohibitive on the performance terms; 3) low latency, i.e., the use of hybrid KEXs should not significantly increase the connection latency; 4) no extra round trips in the negotiation of the KEX; and 5) minimal duplicate information in the negotiation communication.Aviram et al. [8] focuses on the practical (implementation-wise) construction of the dual-PRF combiner [12].In this work, a proven-secure method to combine KEXs is presented by deploying the dual-PRF.They also compare several key-combiners currently used in practice.Finally, Poettering and Rastikian [17] explore the use of KEMs beyond their typical application in constructing public key encryption and secure channels.Notably, they employ combiners suggested by [5] and [9], supporting the relevance of a dual-PRF combiner.
Furthermore, Azarderakhsh et al. [7] and Huguenin-Dumittan and Vaudenay [10] take another direction.In [7], the authors propose a quantum-secure combiner that couples ECDH and Supersingular Isogeny Key Encapsulation (SIKE) [18] protocols.It is important to notice that SIKE is an isogeny-based protocol and, therefore, it runs on elliptic curves as well as ECDH protocol making the merging more effective.They implemented their proposal on a FPGA platform.In [10], the authors propose a solution that does not require extra primitives such as special types of PRFs or MACs.They focus on bypassing the intermediate KEM constructions by involving much higher-level primitives, i.e.Fujisaki-Okamoto (FO) transform-like primitives, with respect to the previous proposals.However, their work is proven to be secure only in the Quantum-Random Oracle Model (Q-ROM).
On the other hand, several articles focused on providing post-quantum security proofs for existing KEX protocols, such as Signal [19] and TLS.In case of TLS, the literature includes draft standards [12], [20], theoretical articles [5], [21], [22] and industry experiments [23], [24].From the industry perspective, Google and Cloudfare jointly experimented with the integration of two post-quantum KEXs, namely isogeny-based SIKE and lattice-based HRSS, in TLS [23].However, all these works rely on the fact that the key-combiner needs to be modeled as a dual-PRF [8].
In a study conducted by Giron et al. [25], various hybrid KEX combiners are surveyed and classified on their efficiency and security.They suggest that the compared combiners have acceptable performance for important applications, making them fundamental for secure network communications.From a security perspective, they report that the PRF-based combiners are the only one proven secure in the standard model against a quantum adversary as we also mentioned.They also highlight that, conventionally, most studies use only two KEXs, emphasizing the need to explore the potential of hybrid designs involving more than two algorithms.Finally, they mention that there has been no exploration of ''PQ-PQ combiners,'' where two or more post-quantum algorithms are combined in a new scheme.This area is left as an open research problem.

III. PRELIMINARIES
In this section, at first, we outline the used notation.Then, we recall the definition of ϵ-regular, PRF, dual-PRF, KEM combiner and briefly review the primitives on which our protocol is based.From now on, the symbol '':'' means ''such that'', ''|x|'' is the bitlength of x and ''∥'' denotes the concatenation of two binary strings.A secure hash function is denoted as H : {0, 1} * → {0, 1} κ , where κ is a security parameter.We write x ← $ U when x is sampled uniformly at random from U .

A. PRELIMINARY DEFINITIONS
In this section, we review the definitions of ϵ-Regular function, PRF, dual-PRF, and computational extractor [8].These definitions are necessary to understand our construction and prove its security.

Definition 1 (ϵ-Regular): Let U ℓ be the uniform distribution over n bits. A function
for k chosen uniformly from the set K λ and where g λ is chosen uniformly from G λ with probability better than ϵ.More precisely, for an

The family F is a (t, ϵ)-PRF if for every size-s adversary A it holds that Adv
Definition 4 (Computational Extractor): We say that a function F : K λ → Y λ is a (t, ϵ)-computational extractor with respect to a (leakage) function g : Note that a computational extractor takes as input a random k in K λ and outputs an element y in Y λ that is computationally indistinguishable from a random element in Y λ .Moreover, the extractor is secure even in the presence of a leakage (one-way) function g, i.e., given g(k), an adversary A cannot distinguish between the output of the extractor and a random element in Y λ .

B. HASH-BASED MESSAGE AUTHENTICATION CODE
Hash-based Message Authentication Code (HMAC) [26] is a cryptographic hash-function-based PRF with where m is some message, opad is the byte-string 0 × 5C L , and ipad is the byte-string 0 × 36 L .Note that L represents the block size of H and 0 Proofs of HMAC security are given in [27] and [28].

C. KEY ENCAPSULATION MECHANISM (KEM) COMBINER
In this section, we briefly review the structure of a KEM.A KEM can be split into three algorithms K = (K .Gen, K .Enc, K .Dec), where • (pk, sk) ← K.Gen(1 κ ): on the input of the system security parameter κ, the algorithm generates a public key pk and a secret key sk.
• (k, c) ← K.Enc(pk): on the input of the public key pk, the algorithm produces a session key k and a ciphertext c.
• (k, ⊥) ← K.Dec(sk, c): on the input of the secret key sk and the ciphertext c, the algorithm outputs either a session key k or a rejection value ⊥.A KEM combiner is a mechanism specifying how a set of existing KEMs can be joined to generate a new KEM, i.e. a new session key k.Note that a KEM combiner should be at least as secure as any of its input KEMs.Normally, a parallel combination is suggested for KEM, i.e., one component per input KEM [9].This follows the IND-CCA model that is considered as a standard security notion for KEM protocols [29] and stronger than IND-CPA.

D. A PRACTICAL DUAL-PRF DESIGN
Aviram et al. [8] provides a provable-secure practical construction for a dual-PRF.Informally a dual-PRF(k, c) is a PRF where at least one input value between k and c needs to be random.Moreover, dual-PRF(k, c) is equal to dual-PRF(c, k).In order to have a dual-PRF, a combiner needs the involvement of a practical one-way function g and a computational extractor F.
Let exp be an expansion factor, and B i fixed public values, where |B i | is equal to H block size.Let x be an input value, we define Therefore, Algorithm 1 gives a way on how to compute g.Note that Algorithm 1, Line 1 is applied only if the size of K is bigger than H block size.
Moreover, a computational extractor F(K ) with respect to g can be designed as follows: where the input value K is used as a message and the salt as a key.Note that the default value of salt is set to be all zero bytes.
Algorithm 2 shows a construction of a dual-PRF (please see [8] for more details).Let K i be the output key of KEM i , exp the expansion factor for g, and salt the salt needed for HMAC, then In this section, we present the cryptographic architecture of our hybrid key establishment system.We also describe our design goals, selection of cryptographic primitives and related parameters.

A. MOTIVATION FOR THE SELECTION
It is worth mentioning that the main issue with Random Oracles (ROs) is that it is very difficult to build a truly ''random'' oracle.Canetti et al. [30] proved that there exist signature and encryption schemes that are secure in the ROM, but for which any implementation of the RO, i.e., hash functions, results in insecure schemes.Therefore, being a secure hash function does not imply that this function is a RO.This leads us to move our attention to combiners that are secure in the Standard Model (SM) rather than in the RO Model (ROM).Moreover, our combiner has hybrid inputs not only in the sense that considers quantum-resistant and pre-quantum schemes but also that combines schemes with different structures, i.e., one KEM and two KEX protocols.Note that Aviram et al. [31] prove that concatenating secrets and hashing them is, in general, vulnerable to the (Authenticated Post Office Protocol) APOP attack [32].Accordingly, the Concatenate-then-Hashing (i.e.G1) in Table 1) is a secure KEM combiner, but this does not imply that is also a secure KEX combiner.
Therefore, we need to consider hybrid combiners that are proven secure for KEX protocols in the SM model.In Table 1, only three KEM combiners are proven secure in the Quantum SM (Q-SM), and, among them, the dual-PRF combiner [12] presents a construction proven secure for KEXs as inputs [8].Finally, the dual-PRF architecture directly stems from the TLS 1.3 KEX combiner, allowing it to be integrated into TLS 1.3 more smoothly and increasing its applicability.

B. DESIGN GOALS
During the creation of cryptographic architecture, we considered mainly these design goals: • Security: our approach combines classically secure and quantum-resistant schemes retaining the time-tested trust on pre-quantum primitives and mitigating the risk of quantum attacks.Moreover, we deployed only cryptographic primitives that have no known vulnerabilities and considered secure for medium-term future.
• Compliance: we considered only primitives that comply with the recommendations of renowned authorities, such as (National Institute of Standards and Technology) NIST [33], ANSSI [3], BSI [4], and National Cyber Security Center (NCSC) [34].
• High performance: primitives and their composition were chosen considering low computational and space complexity so that implementation on constrained devices is possible and practical.In particular, we were aiming at small space for the implementation on FPGAs, i.e., a solution with less than 100k LUTs and 100 FFs for all cryptographic components at the platform.
• Cryptographic flexibility (agility): cryptographic flexibility (in terms of BSI: agility) means easy and fast replacement of cryptographic components in case some weaknesses arise.In case any algorithm becomes Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
vulnerable, it must be easy to replace it without affecting the remaining components in the resulting system.

C. SELECTED PRIMITIVES
We list all necessary components of the hybrid key establishment system.Our system is composed of: • Classical Cryptography Key Source: we selected the Elliptic-Curve Diffie Hellman (ECDH) protocol [35] as it represents today's standard for classical key establishment schemes.ECDH is recommended by all major authorities, including NIST, ANSSI, BSI, and NCSC.
• Quantum Key Distribution (QKD) Key Source: the ID Quantique CLAVIS 3 QKD system [36] has been selected as the source of keys generated and agreed by quantum devices.The selection is rather pragmatic (as this QKD system is present in our lab [37]) and motivated by the fact, that ID Quantique is one of very few companies currently delivering full-fledged commercial QKD systems to customers.
• PQC Key Source: CRYSTALS-Kyber [38] was selected as the post-quantum source of keys, as this algorithm is, at the time of writing this article, the only key-establishment mechanisms approved for the standardization by NIST [33] and recommended by security agencies, including the National Security Agency (NSA) [39] in the USA.We used the Kyber.AKE version that ensures mutual authentication of communicating parties.This version requires 3x Encaps and 3x Decaps operations.Further, both parties have to use longterm pre-shared public keys (side A knows B's public key, side B knows A's public key).The Kyber.AKE version is more complex and secure than a simple non-authenticated Kyber version.
• Key Derivation Function: the current standard for hash function, the SHA-3 based on the Keccak algorithm, was selected as the fundamental construction for the key-derivation function.SHA-3 is recommended by all major authorities, including NIST, ANSSI, BSI and NCSC.
• Symmetric Block Cipher: we selected the today's de-facto standard for fast encryption of high amounts of data, the Advanced Encryption Standard (AES) algorithm.The algorithm, in its 256 bits variant, is considered quantum safe by major authorities, e.g.NSA [39].We used the algorithm in the Galois-Counter Mode (GCM) which provides both confidentiality and integrity of transferred data.
• Key Management System: the Key Management System (KMS) provides the logics for the derivation and updating of encryption and decryption keys.Its functionality is given by the requirements of relevant cryptographic components, particularly of the GCM mode of AES and its requirements on periodic key updates after a certain amount of data encrypted.

D. CRYPTOGRAPHIC ARCHITECTURE
In our system, we need to combine a post-quantum secure KEM, namely Kyber, with two KEXs, namely ECDH and QKD.Our solution follows the architecture presented by Aviram et al. [8], where their proposal practically combines two KEXs using a dual-PRF as proposed by Bindel et al. [5].
The proposed construction needs the involvement of a practical one-way function g which is sketched in Algorithm 3. Please see Section III for more details.In our case, H is SHA3-512 that needs input in bitrate instead of blocksize.Therefore, we slightly change the g construction to work with bitrates.Let K be a session key generated by either a KEM or a KEX scheme that we want to combine and pp some public values related to K generation.
Let K 1 , K 2 , and K 3 be the session keys generated by Kyber, ECDH, and QKD schemes, respectively.Moreover, let c 1 be the Kyber ciphertext, and p 2 and p 3 the public parameters of ECDH and QKD schemes, respectively.Our construction uses c 1 , p 2 and p 3 as fixed public values for expansion function g.The exp value shown in Algorithm 1 is fixed to 3 as suggested by the authors [8].Note that the bitrate of SHA3-512 is 576 bits and therefore, we need that |pp| ≥ 3 * 676 = 1728 bits.This causes to SHA3-512 to be ''expanding'' from 512 bits to 1536.The proposed hybrid combiner, namely 3-key Combiner, is depicted in Algorithm 4. Note that our 3-key Combiner is a component of the key management system that produces the private values for AES.
In our case, we need to combine three keys.Therefore, we modified the input of HMAC (Algorithm 4, Line 5, highlighted in red) to involve results computed from each key.For instance, in order to retrieve u 2 ∥ u 3 ∥ 1 in HMAC(k 1 , u 2 ∥ u 3 ∥ 1), an attacker would need to know both K 2 and K 3 and, accordingly, break both ECDH and QKD.This technique was already proposed by Bindel et al. [5].Furthermore, for performance purposes, we changed the order of the concatenated elements in HMAC (Algorithm 4, Lines 5 and 7).For instance, 1 ∥ u 2 ∥ u 3 becomes u 2 ∥ u 3 ∥ 1.We refer to Section VI for more details.
Note that HMAC(salt, K ) is a computational extractor with respect to g, where default value salt is set to be all zero bytes.In fact, HMAC is proven to be a good extractor if the compression function underlying the hash function is a PRF and the dual of the compression function is a good extractor [8], [40].
Our 3-key Combiner can be easily switched to either use or not use the QKD algorithm.This allows the FPGA platform to be used with and without the quantum component and makes the solution more accessible from a market point of view.
In Figure 1, we illustrate the high-level cryptographic architecture of our quantum-safe encryption system designed for high-speed network interfaces.Our system architecture is deployed on both sides, labelled as Side A and Side B, utilizing programmable FPGA network cards equipped with four 100 GbE interfaces, collectively referred as the trust zone.Each FGPA card allows a pre-and a post-quantum encryption capabilities, employing high-speed encryption, ECDH and Authenticated Key Exchange (AKE)-Kyber exchange methods, and a dedicated key combiner.Note that Algorithm 4 describes the keys combination which has XOR-ing, hashing and HMAC as main primitives.The trust zone interfaces serve distinct purposes: one interface connects the internal network, managing upstream and downstream data for two logical sessions, while another interfaces with the external network (Side B in a peer-to-peer configuration).The third interface establishes a connection to the external source responsible for quantum-generated keys (a QKD-KEM system) that uses its own optical connection lines between Side A and Side B.
All key-generation blocks (ECDH, Kyber, and QKD) independently generate 256-bit keys.These keys are then fed into the 3-key combiner.The 3-key combiner combines the keys and outputs the 256 bits hybrid encryption and decryption keys.These hybrid keys, along with the randomly generated 32-bit salt, serves as inputs for the AES encrypted and decrypted blocks.These blocks, emplying AES in the GCM mode, are used to encrypt (resp.decrypt) traffic on the LAN (resp.WAN) interfaces.Note that the 32-bit salt values are also generated by the 3-key combiner.

E. SELECTION OF PARAMETERS, IMPLEMENTATION ASPECTS
Our architecture is not only theoretical, it was also used in a concrete implementation of our quantum-safe encryptor on the FPGA platform.For the practical implementation, the concrete parameters for cryptographic components and key management approach had to be selected.To balance the security and speed of our implementation, we selected NIST Security Strength Category 3 [41] as the baseline.The Level 3 is suggested for standard security applications according to [42].
• Post-Quantum Cryptography: we selected KYBER-768, as it directly complies with NIST Security Level 3.
• Quantum Cryptography: we used the default QKD protocol for key distribution: the Coherent One Way (COW) protocol for establishing 256-bit keys.
• Block Cipher: we selected the highest security parameter of AES, i.e. 256-bit keys.For the 3-key Combiner system, we selected SHA3-512 as the hash function due to its security strength [21] and bitrate.We have to consider that SHA3-512 will be used as a component of g and HMAC.With this choice, function g needs that pp has a bitlength of (at least) 3 * 576 = 1728 bits.We refer to Section IV-D for more details.
Table 2 lists the input values information used in our 3-key Combiner, where c 1 , p 2 , and p 3 are the public values needed in g.Therefore, the first 1728 bits of c 1 , p 2 , and p 3 are Algorithm 3 inputs.In ECDH, Q a , Q b and Q present the communication points that SIDE A and SIDE B exchange, and the generator of the curve, respectively.Their size is 1142 bits each.Note that keyID is the value of size 256 bits transmitted with the generated key.In case of QKD, three possible solutions as input values were found: • Option 1: keyID ∥ SHAKE(certificate), where 256 bits are from keyID and the remaining 1472 bits are generated by applying SHAKE-512 to the QKD certificate that each device owns.However, certificates are static and less universal.
• Option 2: keyID ∥ SHAKE(session settings info), where the input of SHAKE changes to the information about session settings.Note that these data are unique (i.e., dynamic), and with proper length between 1500 and 1800 bits per key.However, they depend on the length of the generated key.
• Option 3: keyID ∥ SHAKE(service channel messages/''Logtail qkd'').This option has larger spaces than session settings in Option 2, and the data should be also dynamic since they contain encoded information unique for session settings.For our setting, Option 3 presents more compliant characteristics, i.e., dynamicity and right bit length.The 3-key Combiner system must be able to update encryption and decryption keys before their lifetime expires.The maximum key lifetime is given by the maximum amount of data that are encrypted using the same key and salt.For the GCM mode, 2 32 messages can be encrypted using the same key and salt [44].Considering using IP packets of length 1500 bytes as messages and the line speed of 100 Gbps, the expected key lifetime is around 500 seconds,4 a bit above 8 minutes.To have some security margin, we selected to update the encryption and decryption keys every minute.Furthermore, our system is easily adaptable either to the involvement of a quantum component or not.Therefore, depending on the user demand, we have that the 3-key Combiner uses: 1) Two-methods: Kyber + ECDH.
) Proof: This construction is equivalent to the one proposed by Aviram et al.Therefore, the proof follows straightforward from Theorem 1, [8].
□ Lemma 2: Assume that g is an injective (t, ϵ)-one way function, that F is a (t, ϵ)-computational-extractor with respect to g, that HMAC is a standard (t, ϵ)-PRF, and that H is ϵ-regular.Then, the following construction is a (t, 3ϵ)-dual-PRF.On input K 1 , K 2 , K 3 compute the following 1) ). Proof: We need to show that if K 1 is uniform at random, and K 2 and K 3 are malicious, then an adversary A is not able to distinguish the output from a uniform value.This needs to be valid also for the cases 1) K 2 uniform, and K 2 and K 3 malicious, and 2) K 3 uniform, and K 1 and K 3 malicious which follow the same proof structure.
We assume that K 1 is chosen uniformly at random and A performs queries while choosing values for K 2 and K 3 .Let ϵ 0 and ϵ i be the advantage A in the original construction, namely Construction 0, and in Construction i, respectively.
Let A be an adversary that runs in time t.For each construction the difference from the previous construction is marked in red.We bound the differences between ϵ i and ϵ i + 1 for i = 0, 1, 2, 3.
Construction 1: This follows directly from the definition of (t, ϵ)computational extractor with respect to the function g.For g, A gets as input u 1 ← g(K 1 ) and k 1 , where k 1 is either random, i.e., k 1 ← $ U , or k 1 ← F(K 1 ).Therefore, A can simulate the rest: 1) sample K 2 and Accordingly, the probability of distinguishing between Construction 0 and Construction 1 is equivalent to the probability of distinguishing in the PRF game (Definition 4), i.e., ϵ.
Construction 2: We can assume without loss of generality that A performs unique queries q 1 , . . ., q t .Since g is injective and q i ̸ = q j for all i, j = 1, . . ., t and i ̸ = j, then y 1 = g(q 1 ), . . ., y t = g(q t ) are distinct.
The claim follows from the fact that HMAC is a PRF.Note that k 1 can be input only for HMAC.Therefore, since HMAC is queried only with distinct inputs, the probability of distinguishing between Construction 1 and Construction 2 is equivalent to the probability of distinguishing in the PRF game (Definition 4).
Construction 3: This follows directly from the fact that H is ϵ-regular (Definition 1).
Therefore, the distance between Construction O and Construction 4 is Note that Construction 4 is a random oracle and, therefore, ϵ 4 is equal to 0. Accordingly, ϵ 0 ≤ 3ϵ.□ Theorem 1: Algorithm 4 is a (t, 3ϵ)-dual-PRF.
Proof: We demonstrate this theorem using Lemmas 1 and 2 that prove that both the combiners in our construction are dual-PRF with the right selection of primitives.To do so, we need to have that: • g is an injective (t, ϵ)-one way function.This is proven in Section 5.1, [8].
• H is ϵ-regular.In our case, we consider SHA3-512 which is safe to consider ϵ-regular since if it is applied to uniformly random inputs, then it outputs (very close to) hash uniformly distributed hash digests.
• HMAC is a standard (t, ϵ)-PRF.This is proven in [27].□ Note that both HMAC and g involve SHA3-512 in out system.This also allows reducing the implemented primitives.
In Bindel et al. [5], the dual-PRF is proven to be a robust KEM combiner, i.e., the resulting KEM has the security of the 23214 VOLUME 12, 2024 Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
strongest of the two input KEMs.Moreover, they show that their construction is IND-CCA secure in the post-quantum setting if HMAC is a post-quantum secure dual PRF, H is a post-quantum secure PRF, and at least one of the two KEMs is post-quantum IND-CCA secure.Note that this property holds for our system since Kyber is post-quantum IND-CCA secure.

VI. IMPLEMENTATION RESULTS
In this section, we provide the implementation details and benchmarking of our key combiner.

A. IMPLEMENTATION DETAILS
The 3-key combiner component was designed with the aim of low resource utilization and ease of incorporation with existing components for ECDH and Kyber.The architecture of the 3-Key combiner is shown in Figure 2.This component accepts three different keys, each with a size of 256 bits.For the ciphertext and public parameters, 512-bit transactions are used.To optimize resource usage, the key combiner works with 64-bit transactions internally.
Initially, the 256-bit and 512-bit transactions are split into 64-bit transactions.Since the values u 1 , u 2 , and u 3 are used multiple times, they are computed and stored using FIFO.Subsequently, k 1 is computed, and the HMAC (k 1 , u 2 ∥ u 3 ∥ 1) is calculated.This approach eliminates the need to store k 1 , as it can be directly fed from the HMAC output back to the input.The same process is repeated for k 2 and k 3 .The resulting values are XORed together and passed through the SHA3-512 hash function.The output of this hash function is used as the final key.
To reduce the resource utilization further, we use only one Keccak component, which is shared between the HMAC and the practical one-way function g, described in Algorithm 3 to serve as postfixes.This modification allows SHA3-512 to absorb a 64-bit transaction of u 1 , u 2 , and u 3 .In contrast, if we were to use these prefixes as intended, we would need to read 56 bits of u i while reserving 8 bits for the next transaction, which would lead to increased resource usage.
To accommodate variants with and without QKD support, the component was implemented with a generic parameter.This allows for easy switching between those variants based on needs.

B. IMPLEMENTATION RESULTS
The implementation results of the key combiner and its components are presented in Table 5.The implementation was performed using Vivado, targeting the FPGA Virtex Ultrascale+ (xcvu9p-flgb2104-2-i).Table 3 shows available hardware resources and specifications of the Virtex Ultra-Scale+ FPGA platform.Notably, Algorithm 4 results are presented as Key Combiner Component in Table 5.Moreover, Algorithm 3 is implemented as one primitive of Algorithm 4. Algorithm 3 functions as a hash component, and its results should correspond to those of SHA3-512, with potentially minor overhead for the final concatenation.The key combiner without QKD utilized 4471 Look-Up Tables (LUTs) and 3287 Flip-Flops (FFs), while the variant with QKD used 4532 LUTs and 3363 FFs.The increase in resource utilization with QKD is negligible.Moreover, when we use the combiner in our complete system, Vivado optimizes this difference out, leading to identical results for both variations.
Our combiner requires relatively low resources as shown in Table 5.This makes it feasible to utilize it on more constrained FPGAs, i.e., in small and medium platforms such as Artix-7.However, since we use the combiner with ECDH and Kyber schemes which require together 46464 LUTs, 59219 FFs, and 182 DSPs, a more powerful FPGA has to be deployed.We refer to [46] for a description of small, medium and large FPGA platforms.
After the implementation step, the maximum frequency reported for our key combiner without QKD was 399 MHz, whereas, for the key combiner with QKD, it was 388 MHz.The key combination process takes 1155 cycles for the variant without QKD and 2007 cycles for the variant with QKD support.Based on these values, the key combiner without QKD is able to output up to 345,454 keys per second and the key combiner with QKD is able to output up to 193,323 keys per second.In practice, these maximum key speed rates will be further reduced by the efficiency of all 3 KEX subsystems that generate the keys K 1 , K 2 , and K 3 as inputs for the key combiner.
All of these keys are computed in parallel.For K 1 , we use Kyber with both parties authenticated key exchange.On the client side, it is necessary to do key generation, key encapsulation, and 2x key decapsulation, resulting in total 21,196 clock cycles.On the server side, 2x key encapsulation and key decapsulation are needed, resulting in total 15,920 clock cycles.For K 2 , we use ECDH which requires 221,619 clock cycles.Since both run in parallel, the overall delay is determined by the slower scheme, which in this case is ECDH.For all these components combined, the reported frequency was 362 MHz.Based on this, the total delay for the key combination without QKD amounts to 222,774 cycles, which means generating 1,624 keys per second.
Table 4 shows experimentally obtained key rate results at our QKD CLAVIS 3 system deployed in various optical routes and settings.The results show how the type of the COW protocol, distance, and optical route loss (without added attenuators) can influence key rates.The longer distance and higher loss of the optical routes cause lower key rates.However, the manufacturer recommends deploying QKD systems on routes with a certain level of attenuation from 10 dB to 14 dB to prevent the malfunction of the QKD equipment.Further, the 4-state COW protocol produces slightly lower key rates than the 3-state COW protocol but 4-state COW promises higher robustness and security.Nevertheless, the efficiency and security of the COW variants are still open to research [47].Finally, more parameters can affect quantum-bit error rate (QBER) and key rates, e.g., the types of connectors, their cleanness, visibility, line manipulation, and Raman noise, see more results in [48], [49], [50], and [51].
For the 4-state COW protocol in QKD, the average speed rate is 2365 bps at lines with less line loss (ca 2 dB).As we use 256 b keys, we can generate approximately 9.2 keys per second.Note that this is significantly slower than both ECDH key exchange and the Kyber scheme.Since these protocols run in parallel, QKD gives the maximum speed for the key combiner input values generation.Nevertheless, this total speed rate is still enough for 100 Gbps lines, see our calculations in Subsection IV-E.In order to temporally increase the total key speed rate with QKD, the system can preestablish a set of K 3 keys and stores them securely in FPGA during an initial stage.
We benchmarked the whole system (i.e., ECDH, Kyber, QKD, 3-key Combiner and AES scheme) using the architecture presented in Figure 1 and we achieved the speed of 53.57Gbps reported by iPerf3.It is worth noting that this speed did not utilize the system to its maximum capacity, as its theoretical maximum is approximately 100 Gbps.The discrepancy was attributed to the limitations of the testing server's speed.
The component's correctness was extensively tested using thousands of simulation runs using outputs of Python script implementing the key combiner based on hashlib5 and hmac6 libraries.Additionally, it was utilized for key establishment in the encryption project, further validating its correctness.

VII. DISCUSSION
In this section, we present a comparison of our system with existing combiners and we discuss potential use cases of the proposed hybrid system with its benefits.Secondly, we sum up some open problems and potential future extensions of the hybrid system.

A. COMPARISON WITH STATE-OF-THE-ART SOLUTIONS
In the state-of-the-art proposals,it is crucial to differentiate between Key Exchange Mechanism (KEM) combiners, Key Exchange (KEX) combiners -whether implemented without security proof, theoretically proven secure in the Standard Model (SM), Random Oracle Model (ROM), Quantum Standard Model (Q-SM), and Quantum Random Oracle Model (Q-ROM) -or those that lack practical implementations.Notably, among these, there exists only one KEX-KEM implementation based on synergy (lacking security proofs) [7] and one KEX combiner proven secure in the SM model with a practical implementation [8].To our knowledge, our scheme is the only one combining KEXs and KEMs scheme and having both the theoretically-proven security in the Standard Model (MS) in the post-quantum setting and being practically implemented.This versatility extends to its application for combining either only KEMs, only KEXs, or both.Unlike [7], our proposal is not bound to a specific post-quantum class, being adaptable to any KEX or KEM with chosen security characteristics.
Its nature to be a 3-key combiner, integrating pre-quantum, post-quantum, and quantum schemes, ensures long-term security without limitations on the adversary's computational power, and a smooth transaction to PQ cryptography.Notably, the existing combiner considers only two dimension, i.e., pre-quantum and post-quantum.Moreover, our system provides the flexibility to utilize or bypass QKD algorithm, making it adaptable to various deployment scenarios and enhancing market accessibility.
From an efficiency perspective, our proposal aligns with the existing combiners designed to minimize overhead by employing mechanisms such as Pseudo-Random Function (PRF), dual-PRF, and XOR-ing.Notably, most existing schemes most existing schemes lack real-world implementations, leaving the choice of primitives to the reader and hindering direct comparisons.Conversely, Azarderakhsh et al. [7], 2-key (opposed to our 3-key) combiner, merging ECDH and SIKE, offers a distinct design not reliant on hash counts and XOR-ing mechanisms.This distinct approach introduces complexities that compromise a straightforward comparison with our scheme.

B. USE CASES OF HYBRID KEY ESTABLISHMENT SYSTEM
The deployment of a complex hybrid key establishment system integrating three different methods based on classic cryptography, PQC, and QKD can be suitable for peer high-speed connections requiring high-security assurances such as between governmental bodies, security institutions, critical infrastructure nodes, data centers, telecommunications operators, cloud service providers, or in the financial sector.The main benefit of the proposed hybrid system is its high-security resistance against three types of attacks.Attackers have to break three different methods (i.e., preand post-quantum cryptography, and quantum cryptography).Specifically, until one of the key generation methods remains unbroken, the 3-key Combiner is IND-CCA secure.It is important to note that combinations of several proven secure cryptographic components are not necessarily secure [52].However, since our 3-key Combiner is a dual PRF, its security is theoretically proven once the combined schemes are IND-CCA secure as well [45].We refer to Section V for more details.The need to deploy three types of attacks to break the system gives obvious practical benefits such as minimizing transition risks of new PQC methods and less tested QKD systems, and protection against various attacks such as the Store Now Decrypt Later (SNDL) attacks that could leverage quantum computers in the future and be used on current data.The system is also suitable for use cases having long lifespan requirements.

C. FUTURE EXTENSIONS AND OPEN PROBLEMS
In potential future extensions, the system could be redesigned also for multiple non-peer-to-peer connections in QKD networks working with more QKD nodes that could connect to each other.Extending the system for larger QKD networks may pose challenges in terms of key management and storage.Accordingly, scaling our system for larger QKD networks may pose challenges in terms of key management and storage.A possible future work could involve re-designingthe system for non-peer-to-peer connections within QKD networks.This comprehensive redesign would address the setup phase, pre-shared value management, and key storage for multiple nodes.
Another extension could aim at the design of FPGA implementations that can be optimized to be more compact for the FPGA-based network cards having fewer hardware resources.This optimization would aim to enhance the efficiency of the system on FPGA-based platforms.
The slow distillation of the key from the QKD method is perhaps the main problem that will affect the high-speed connection efficiency.Future improvement tasks could aim at increasing the rates for establishing keys by QKD by studying the appropriate connection conditions (distances, optical connection quantity, etc.).In this case, the primary responsibility lies with QKD producers.
While QKD inherently provides unconditional security, threats such as quantum hacking and eavesdropping techniques targeting quantum communication channels should be carefully considered.Moreover, relay architectures, extending the reach of QKD-secured networks, introduce trust concerns.Mitigating vulnerabilities associated with trusted nodes involves incorporating verifiable and authenticated quantum devices.Ensuring the integrity of relay nodes is necessary for the overall security of the network.
While the proposed system offers versatility in combining classic cryptography, post-quantum cryptography, and QKD, further research can explore its adaptability to diverse cryptographic needs.This involves understanding the system's performance under different use cases and cryptographic requirements.Finally, in the rapidly evolving field of quantum computing, ensuring the long-term viability of our system is crucial.Factors such as technological advancements, emerging quantum algorithms, and evolving security standards need continuous attention.These can be solve with a continuous up-to-date analysis of current attack and security standard development, to keep the system up-to-date.

VIII. CONCLUSION
In this article, we present a concrete 3-key combiner system implemented on an FPGA platform.Our system involves a pre-quantum KEX, a post-quantum KEM, and a QKD algorithm that allows for a smooth transition to PQ cryptography.In fact, our combiner retains the time-tested trust in pre-quantum algorithms and the quantum-resistant of PQ schemes.Moreover, our architecture is an extension of the dual-PRF combiner designed to work with three keys as input.The proposed 3-key combiner has been proven to be secure in the quantum standard model and indistinguishable under a chosen-ciphertext attack.
Our system is, for instance, suitable for peer high-speed connections requiring high-security assurances such as between governmental bodies, security institutions, critical infrastructure nodes, data centers, telecommunications operators, cloud service providers, or in the financial sector.The main benefit of the proposed hybrid system is its high-security resistance against three types of attacks.Attackers have to break three different methods (i.e., pre-and post-quantum cryptography, and quantum cryptography).
It is important to note that our system is relatively independent of the KEM and KEXs involved.In fact, if one wants to achieve IND-CCA, then any KEM or KEX scheme proven to be IND-CCA is suitable.Moreover, if one of the combined schemes is also quantum-resistant, the key combiner presents the same property as our proposal.Finally, system can be easily switched to either use the QKD algorithm or not.This allows the FPGA platform to be deployed with and without the quantum component, making the solution more accessible from a market point of view.
Our combiner also runs in small FPGA platforms since it requires low resources usage (i.e., 4 532 LUTs and 3 363 FFs).In particular, the key combiner without QKD is able to output up to 1,624 keys per second and the key combiner with QKD is able to output up to 9.2 keys per second.

TABLE 3 .
Hardware specification of Virtex UltraScale+.RAM and UltraRAM are given in MB.

TABLE 4 .
Measured average key rates with various QKD parameters.

TABLE 5 .
Resource utilization and power consumption of 3-key Combiner and its components.