PQ-HPKE: Post-Quantum Hybrid Public Key Encryption (Q30b)
Public key cryptography is used to asymmetrically establish keys, authenticate or encrypt data between communicating parties at a relatively high performance cost. To reduce computational overhead, modern network protocols combine asymmetric primitives for key establishment and authentication with symmetric ones. Similarly, Hybrid Public Key Encryption, a relatively new scheme, uses public key cryptography for key derivation and symmetric key cryptography for data encryption. In this paper, the speaker presents the first quantum-resistant implementation of HPKE to address concerns that quantum computers bring to asymmetric algorithms. They propose PQ-only and PQ-hybrid HPKE variants and analyze their performance for two postquantum key encapsulation mechanisms and various plaintext sizes. They compare these variants with RSA and classical HPKE and show that the additional post-quantum overhead is amortized over the plaintext size. Their PQ-hybrid variant with a lattice-based KEM shows an overhead of 52% for 1KB of encrypted data which is reduced to 17% for 1MB of plaintext. They report 1.83, 1.78, and 2.15 ×106 clock cycles needed for encrypting 1MB of message based on classical, PQ-only, and PQ-hybrid HPKE respectively, where we note that the cost of introducing quantum-resistance to HPKE is relatively low.