{"id":1121,"date":"2023-12-04T14:43:25","date_gmt":"2023-12-04T13:43:25","guid":{"rendered":"http:\/\/10.0.1.197\/?p=1121"},"modified":"2024-04-22T18:37:37","modified_gmt":"2024-04-22T16:37:37","slug":"a-fips-140-3-compliant-hybrid-kem-algorithm","status":"publish","type":"post","link":"http:\/\/192.168.0.78\/a-fips-140-3-compliant-hybrid-kem-algorithm\/","title":{"rendered":"A FIPS 140-3 compliant hybrid KEM algorithm"},"content":{"rendered":"\n

Hybrid KEM – Kyber & X25519<\/strong><\/p>\n\n\n\n

In addition to the sole use of Kyber KEM, a hybrid mechanism using X25519 can be devised that acts as a drop-in replacement for Kyber KEM. In this case, a PQC algorithm is merged with a classic key establishment algorithm. The basis is the enhancement of the Kyber KEM encapsulation and decapsulation algorithms as follows.<\/p>\n\n\n\n

When using the hybrid KEX algorithm<\/a>, instead of the sole KEM encapsulation and decapsulation operations, the hybrid variants that are outlined in the subsequent subsections are used. In addition, the Kyber KEX data along with the X25519 data is exchanged in the same manner as outlined for the standalone Kyber KEX. Thus, the KEX operation is not re-iterated here.<\/p>\n\n\n\n

The presented algorithm ensures that even if one algorithm is compromised, the resulting shared secret is still cryptographically strong and compliant with the strength of the uncompromised algorithm. However, it is to be noted that Kyber may have a cryptographic strength of up to 256 bits when using Kyber 1024. On the other hand, the cryptographic strength of X25519 is significantly lower – between 80 and 128 bits – depending on the analysis approach.<\/p>\n\n\n\n

Hybrid KEM Key Generation<\/strong>

As part of the hybrid KEM key generation, the following steps are performed:<\/p>\n\n\n\n

    \n
  1. Generation of the Kyber key pair yielding the Kyber pk_kyber and sk_kyber.<\/li>\n\n\n\n
  2. Generation of the X25519 key pair yielding the X25519 pk_x25519 and sk_x25519.<\/li>\n<\/ol>\n\n\n\n

    Both public keys and both secret keys are maintained together so that every time the hybrid KEM requires a public key, the Kyber and X25519 public keys are provided. The same applies to the secret keys.

    Thus the following holds:<\/p>\n\n\n\n