Paper 2022/414

PQ-HPKE: Post-Quantum Hybrid Public Key Encryption

Mila Anastasova, Florida Atlantic University, USA
Panos Kampanakis, AWS, USA
Jake Massimo, AWS, USA

Public key cryptography is used to asymmetrically establish keys, authenticate or encrypt data between communicating parties at a relatively high performance cost. To reduce computational overhead, modern network protocols combine asymmetric primitives for key establishment and authentication with symmetric ones. Similarly, Hybrid Public Key Encryption, a relatively new scheme, uses public key cryptography for key derivation and symmetric key cryptography for data encryption. In this paper, we present the first quantum-resistant implementation of HPKE to address concerns that quantum computers bring to asymmetric algorithms. We propose PQ-only and PQ-hybrid HPKE variants and analyze their performance for two post-quantum key encapsulation mechanisms and various plaintext sizes. We compare these variants with RSA and classical HPKE and show that the additional post-quantum overhead is amortized over the plaintext size. Our PQ-hybrid variant with a lattice-based KEM shows an overhead of 52% for 1KB of encrypted data which is reduced to 17% for 1MB of plaintext. We report 1.83, 1.78, and 2.15 x10^6 clock cycles needed for encrypting 1MB of message based on classical, PQ-only, and PQ-hybrid HPKE respectively, where we note that the cost of introducing quantum-resistance to HPKE is relatively low.

Note: Rephrased text from various references and fixed inaccuracy about CCA2 proof in reference [15] in Section IV-C.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. ICMC 2022
Post-Quantum Hybrid Public Key Encryption Post-Quantum Hybrid Public Key Encryption Hybrid HPKE
Contact author(s)
kpanos @ amazon com
2022-11-05: revised
2022-04-04: received
See all versions
Short URL
Creative Commons Attribution


      author = {Mila Anastasova and Panos Kampanakis and Jake Massimo},
      title = {PQ-HPKE: Post-Quantum Hybrid Public Key Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2022/414},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.