Hybrid PQC+QKD Composition
Hybrid deployments combining post-quantum cryptography with quantum key distribution are moving faster than the composable security proofs that should justify them. This direction is currently in reading mode: building the quantum information and composable-security foundations the problem requires.
Telecom operators and national programs are already fielding hybrid systems that combine post-quantum key establishment with quantum key distribution, on the intuition that two independent mechanisms are safer than one. The intuition is reasonable. The proofs that would make it precise — composable statements about what the combined system guarantees, against what adversary, under what network assumptions — lag the deployments.
This direction is honestly labelled: it is in reading mode. Before it can produce anything load-bearing it has to build the prerequisites — quantum information theory, the composable-security frameworks (Universal Composability and the Abstract/Constructive Cryptography line), and the existing QKD security proofs in their own terms.
Current reading
- The composable-security framework literature, read against concrete QKD protocols rather than abstractly.
- What “hybrid” is actually claimed to buy, and under which adversary model each claim holds.
Progress here will show up first in the reading log, not as finished writing. Reading in public is the point.
Publications in this direction
- Reading Notes: Composability and the Hybrid Argument
Notes-in-progress on what composable security frameworks actually promise, read with hybrid PQC+QKD deployments in mind.