Reading Notes: Composability and the Hybrid Argument
Notes-in-progress on what composable security frameworks actually promise, read with hybrid PQC+QKD deployments in mind.
Working notes, kept deliberately unfinished. The aim is not a verdict but an accurate map of what the composable-security literature claims, so that the Hybrid PQC+QKD direction can later say something precise rather than something hopeful.
What “composable” is buying
The recurring promise is closure under composition: a protocol proven secure in the framework stays secure when run alongside arbitrary other protocols, and when used as a sub-routine inside a larger one. That is exactly the property a hybrid construction needs, because a hybrid is by definition a composition.
The whole appeal of a composable proof is that it lets you reason about the pieces and trust the combination. The open question for hybrids is whether the standard simulation-based statements actually cover the combination of a computational PQC assumption with an information-theoretic QKD guarantee.
Open threads
- Reconcile the adversary models: QKD proofs are typically information-theoretic; PQC proofs are computational. What does the combined statement quantify over?
- Pin down where the network/authentication assumptions of each half are stated, and whether they are compatible.
These threads will be tracked, source by source, in the reading log.