Combining Elliptic Curve Diffie-Hellman (ECDH) with Kyber (ML-KEM) lattice-based encryption to create a quantum-resistant secure file transfer. An attacker must break both ECDH and Kyber simultaneously — providing security against classical and quantum adversaries.
Classical computers can't break Kyber's Module-LWE. Quantum computers can't efficiently break Kyber. If one algorithm falls, the other stands. That's the power of hybrid cryptography.
Elliptic Curve Diffie-Hellman over a finite field, using scalar multiplication and point addition/doubling. The shared secret is derived from the x-coordinate. Provides 128-bit classical security.
Kyber (ML-KEM) β a Module-LWE based KEM over Rq = Zq[X]/(X256+1), q = 7681. Uses NTT for fast polynomial multiplication and binomial noise Bη. NIST standard (FIPS 203).
Combine both shared secrets via SHA-256: K = SHA-256(KECDH ‖ KKyber). Safe even if either algorithm is broken.
Encrypt any file or message with AES-256 using the hybrid key. Download the .hpqc file. Decrypt on the other side.
Alice and Bob run both ECDH (classical) and Kyber (post-quantum) key agreements simultaneously. Each produces an independent shared secret.
Learn ECDH →The two secrets are combined: K = SHA-256(KECDH ‖ KKyber). This 256-bit key is cryptographically tied to both algorithms.
The hybrid key encrypts your file using
Kyber is based on the Module Learning With Errors (Module-LWE) problem over the ring Rq = Zq[X]/(X256+1), q = 7681. Imagine you receive a matrix A and a vector b. You are told that b ≈ A·s for some secret s, but with a tiny random error added. Finding s — even knowing A and b — is believed to be computationally hard for both classical and quantum computers.
Kyber's Module-LWE operates over polynomial rings with noise sampled from the centered binomial distribution Bη. This structure makes the system computationally hard even for quantum algorithms.
A is a public k×k matrix of polynomials. s is a small secret polynomial vector.
Add a small error e from the centered binomial distribution Bη. This is the Module-LWE sample.
Finding s from A and b is the Module-LWE hard problem. Even quantum computers can't do it efficiently.
The hybrid approach ensures your data is safe today and tomorrow, regardless of which algorithm might eventually be weakened.
A sufficiently powerful quantum computer running Shor's algorithm can solve the Elliptic Curve Discrete Logarithm Problem (ECDLP), breaking ECDH.
Kyber remains secure. The hybrid key is still protected.
If a future mathematical breakthrough weakened Kyber's Module-LWE, quantum or classical, ECDH would still hold.
ECDH remains secure. The hybrid key is still protected.
Since K = SHA-256(KECDH ‖ KKyber), recovering the key requires breaking both ECDH and Kyber simultaneously. This provides security against both classical and quantum adversaries. The probability of success is negligible under current cryptanalytic knowledge.
The interactive demo lets you encrypt a real file using hybrid post-quantum cryptography — right in your browser, with no installation required.