On Implementing Hybrid Post-Quantum End-to-End Encryption

TL;DR

This paper demonstrates a practical implementation of a hybrid end-to-end encryption system combining classical and post-quantum cryptography, ensuring quantum resistance while maintaining efficiency in messaging applications.

Contribution

It presents an open-source, practical implementation of a hybrid encryption system using NIST-standardized post-quantum primitives integrated with classical cryptography.

Findings

Effective integration of CRYSTALS-Kyber with AES-256-GCM and SHA-256.

Achieved acceptable performance for practical messaging systems.

Provides a zero-trust architecture with client-side encryption and relay server.

Abstract

The emergence of quantum computing poses a fundamental threat to current public key cryptographic systems. This threat is necessitating a transition to quantum resistant cryptographic alternatives in all the applications. In this work, we present the implementation of a practical hybrid end-to-end encryption system that combines classical and post-quantum cryptographic primitives to achieve both security and efficiency. Our system employs CRYSTALS-Kyber, a NIST-standardized lattice-based key encapsulation mechanism, for quantum-safe key exchange, coupled with AES-256-GCM for efficient authenticated symmetric encryption and SHA-256 for deterministic key derivation. The architecture follows a zero-trust model where a relay server facilitates communication without accessing plaintext messages or cryptographic keys. All encryption and decryption operations occur exclusively at client endpoints. The system demonstrates that NIST standardized post-quantum cryptography can be effectively integrated into practical messaging systems with acceptable performance characteristics, offering protection against both classical and quantum adversaries. As our focus is on implementation rather than on novelty, we also provide an open-source implementation to facilitate reproducibility and further research in post quantum secure communication systems.