Post-quantum key exchange for sovereign messaging infrastructure

The brief

Sector: Government communications. Regulatory context: National cryptographic standards, NIST SP 800-208 alignment. Need: migrate a sovereign messaging platform's key-exchange mechanism from classical ECDH to a NIST-approved PQC scheme without breaking backward compatibility during the transition period.

Workstream decomposition

• WS-1: Algorithm selection. Evaluate ML-KEM (Kyber) vs. HQC for the platform's message-size and latency constraints.
• WS-2: Hybrid transition design. Architect a hybrid ECDH+ML-KEM key exchange that maintains interoperability with legacy endpoints during rollout.
• WS-3: Performance validation. Benchmark the hybrid scheme under production-representative load conditions.

Method highlight

ML-KEM was selected over HQC based on ciphertext size (1088 bytes vs. ~4608 bytes), which was critical for the platform's message-size budget. The hybrid design uses a combiner function that XORs the ML-KEM and ECDH shared secrets through HKDF, ensuring that even if one primitive is compromised, the resulting key remains secure.

Deliverable shape

• Reference implementation of the hybrid key-exchange protocol
• Performance benchmarks across three hardware targets
• Migration roadmap with per-endpoint rollout plan
• Research dossier: 28 source rows, including 4 A-tier (our own benchmarks)

Outcomes

The hybrid scheme added less than 3ms to handshake latency. The client approved the migration roadmap for phased deployment starting Q1 2026.