Paper 2020/1364

Security of Hybrid Key Encapsulation

Matthew Campagna and Adam Petcher


In a hybrid key encapsulation construction, multiple independent key encapsulation mechanisms are combined in a way that ensures the resulting key is secure according to the strongest mechanism. Such constructions can combine mechanisms that are secure in different settings and achieve the combined security of all mechanisms. For example classical and post-quantum mechanisms can be combined in order to secure communication against current threats as well as future quantum adversaries. This paper contains proofs of security for two hybrid key encapsulation mechanisms along with the relevant security definitions. Practical interpretation of these results is also provided in order to guide the use of these mechanisms in applications and standards.

Available format(s)
Public-key cryptography
Publication info
Preprint. MINOR revision.
key encapsulationquantum cryptography
Contact author(s)
campagna @ amazon com
apetcher @ amazon com
2021-01-14: last of 4 revisions
2020-11-02: received
See all versions
Short URL
Creative Commons Attribution


      author = {Matthew Campagna and Adam Petcher},
      title = {Security of Hybrid Key Encapsulation},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1364},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.