Photo by Rock Staar on Unsplash

Post Quantum and Non-Post Quantum Key Exchange: ECC and Kyber Working in Harmony

And, so, like it or not, our existing key exchange methods will eventually be deprecated with the rise of quantum computers. In most cases we use elliptic curve methods for key exchange, and which has replaced the Diffie Hellman method. The two main methods are ECDH (using P-256 and secp256k1) and X.25519 (using Curve 25519). After a relatively long competition, NIST has defined that Kyber is progressing to a standard for key exchange.

But, what can you do now? Well, it’s unlikely we will be switching of ECDH/X.25519 key exchange any time soon. One way is to support both Kyber and ECDH/X.25519 in a key exchange session — this is known as a hybrid method.

For our existing ECC methods, the key sizes are:

Type      Public key size (B)   Secret key size (B)  Ciphertext size (B)
------------------------------------------------------------------------ 
P256_HKDF_SHA256       65                 32                   65
P384_HKDF_SHA384       97                 48                   97
P521_HKDF_SHA512      133                 66                  133
X25519_HKDF_SHA256     32                 32                   32
X448_HKDF_SHA512       56                 56                   56