← Week 3: Hybrid Schemes and TLS

Day 21: Challenge — Hybrid TLS Connection in Rust

Phase 3 · July 28, 2026 · Week 3 Review

← Week 3: Hybrid Schemes and TLS

Agenda (2–3 hours)

  • Review (20 min): Week 3 concepts from memory
  • Build (150 min): Complete, working hybrid TLS demo

No new reading. Wire together everything from Days 15–20.

← Week 3: Hybrid Schemes and TLS

Week 3 Concepts Check

Answer from memory:

  1. What are the two security properties that hybrid key exchange provides, and why does pure PQC alone not provide both?
  2. In X25519MLKEM768, what is included in the combined secret hash besides the two shared secrets?
  3. What is the approximate key_share size for X25519MLKEM768 vs X25519? Why does this matter?
  4. What is a composite certificate and how does it differ from dual-cert delivery?
  5. Why are HSMs the critical bottleneck for PQC CA key migration?
  6. Which cipher suite should you use for TLS bulk encryption to maintain post-quantum security with no algorithm change?
← Week 3: Hybrid Schemes and TLS

Challenge Assignment: pqc-demo Full Demo Binary

Build pqc-demo/src/main.rs with the following subcommands:

pqc-demo kem         # ML-KEM-768 keygen + exchange, print sizes
pqc-demo dsa         # ML-DSA-65 sign + verify, print sizes
pqc-demo hybrid      # X25519 + ML-KEM-768 hybrid exchange
pqc-demo bench       # Full benchmark table (classical vs PQC)
pqc-demo tls         # Hybrid TLS connection demo

The tls subcommand is the capstone:

  1. Generates a test cert chain (using rcgen from toy-pki)
  2. Starts a TLS server with aws-lc-rs provider
  3. Connects a client with X25519MLKEM768 only
  4. Sends "hello PQC world", receives it echoed
  5. Prints confirmation that hybrid key exchange was used
← Week 3: Hybrid Schemes and TLS

Expected pqc-demo bench Output

Post-Quantum Cryptography Benchmark
====================================

Key Exchange:
  X25519 (classical):        0.8 µs keygen,  0.9 µs exchange
  ML-KEM-768 (PQC):         18.1 µs keygen, 26.3 µs total
  X25519+ML-KEM-768 (hybrid):             ~27.2 µs total

Digital Signatures:
  ECDSA P-256 (classical):  43.2 µs sign,  130.1 µs verify
  ML-DSA-65 (PQC):         312.4 µs sign,  198.6 µs verify

Sizes:
  X25519 key share:          64 bytes
  ML-KEM-768 key share:    2272 bytes (35.5× larger)
  X25519+ML-KEM-768:       2336 bytes (36.5× larger)

  ECDSA P-256 certificate: ~1.0 KB
  ML-DSA-65 certificate:   ~3.5 KB (3.5× larger)
← Week 3: Hybrid Schemes and TLS

Stretch: Connect to a Real Hybrid Server

# cloudflare.com supports X25519Kyber768
# Use openssl with oqs-provider OR chrome and observe in Wireshark

# With tshark (if capture works):
tshark -i any -f "port 443 and host cloudflare.com" \
  -Y "tls.handshake.type == 2" \
  -T fields -e tls.handshake.extensions_key_share_selected_group
# Should show 0x6399 (X25519Kyber768) or 0x11EC (X25519MLKEM768)
← Week 3: Hybrid Schemes and TLS

Resources

  • Your Phase 3 code from Days 10–20
  • rustls-aws-lc-rs CryptoProvider
  • rcgen from toy-pki for test cert generation
  • clap for CLI dispatch (same pattern as toy-pki)