Experimental Integration of Quantum Key Distribution and Post‐Quantum Cryptography in a Hybrid Quantum‐Safe Cryptosystem

Abstract

AbstractQuantum key distribution (QKD) and post‐quantum cryptography (PQC) are the two counter measures against cryptographic attacks via quantum computing. While QKD offers information theoretic security but limited authentication scalability, PQC facilitates scalable authentication in high density networks but is not information theoretic secure. Therefore, an ideal quantum‐safe framework should efficiently leverage the complementarity of both techniques. However, despite growing efforts in integrating both, current realizations have focused on channel authentication, and a complete cryptosystem addressing both hybrid authentication and hybrid key exchange is yet to be demonstrated. Here, an authenticated hybrid key exchange protocol is introduced that incorporates PQC and QKD in a modular and information‐theoretic secure architecture. The quantum‐safe protocol is inherently resilient to catastrophic cryptographic failures and provides both forward and post‐compromise security. As proof‐of‐concept implementation, the cryptosystem on a QKD hardware prototype is integrated, with the QKD processing, PQC key exchange and secret state masking via physical unclonable functions (PUFs) all running on a single field programmable gate array (FPGA). This work paves the way for the deployment of versatile and modular quantum‐safe networks that exploit the complementarity of PQC and QKD.