Design issues for hybrid key exchange in TLS 1.3

Key schedule for concatenate-then-combine.


Hybrid key exchange refers to using multiple key exchange algorithms simultaneously and combining the result with the goal of providing security even if all but one of the component algorithms is broken, and is motivated by transition to post-quantum cryptography. This document categorizes various design considerations for using hybrid key exchange in the Transport Layer Security (TLS) protocol version 1.3 and outlines two concrete instantiations for consideration.

Keywords: key exchange, Transport Layer Security (TLS), post-quantum cryptography


Douglas Stebila, Scott Fluhrer, Shay Gueron. Design issues for hybrid key exchange in TLS 1.3. Internet-Draft. Internet Engineering Task Force, July 2019. © IETF Trust and the authors.