Cryptology ePrint Archive: Report 2022/414

PQ-HPKE: Post-Quantum Hybrid Public Key Encryption

Mila Anastasova and Panos Kampanakis and Jake Massimo

Abstract: Public key cryptography is used to asymmetrically establish keys, authenticate or encrypt data between communicating parties at a relatively high performance cost. To reduce computational overhead, modern network protocols combine asymmetric primitives for key establishment and authentication with symmetric ones. Similarly, Hybrid Public Key Encryption, a relatively new scheme, uses public key cryptography for key derivation and symmetric key cryptography for data encryption. In this paper, we present the first quantum-resistant implementation of HPKE to address concerns that quantum computers bring to asymmetric algorithms. We propose PQ-only and PQ-hybrid HPKE variants and analyze their performance for two post-quantum key encapsulation mechanisms and various plaintext sizes. We compare these variants with RSA and classical HPKE and show that the additional post-quantum overhead is amortized over the plaintext size. Our PQ-hybrid variant with a lattice-based KEM shows an overhead of 52% for 1KB of encrypted data which is reduced to 17% for 1MB of plaintext. We report 1.83, 1.78, and 2.15 x10^6 clock cycles needed for encrypting 1MB of message based on classical, PQ-only, and PQ-hybrid HPKE respectively, where we note that the cost of introducing quantum-resistance to HPKE is relatively low.

Category / Keywords: public-key cryptography / Post-Quantum, Hybrid Public Key Encryption, Post-Quantum Hybrid Public Key Encryption, Hybrid HPKE

Date: received 31 Mar 2022

Contact author: kpanos at amazon com

Available format(s): PDF | BibTeX Citation

Version: 20220404:154849 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]