Hybrid key exchange in TLS 1.3

Document Type Replaced Internet-Draft (individual)
Authors Douglas Steblia  , Scott Fluhrer  , Shay Gueron 
Last updated 2020-02-12
Replaced by draft-ietf-tls-hybrid-design
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-tls-hybrid-design
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Hybrid key exchange refers to using multiple key exchange algorithms simultaneously and combining the result with the goal of providing security even if all but one of the component algorithms is broken. It is motivated by transition to post-quantum cryptography. This document provides a construction for hybrid key exchange in the Transport Layer Security (TLS) protocol version 1.3. Discussion of this work is encouraged to happen on the TLS IETF mailing list tls@ietf.org or on the GitHub repository which contains the draft: https://github.com/dstebila/draft-stebila-tls-hybrid- design.


Douglas Steblia (dstebila@uwaterloo.ca)
Scott Fluhrer (sfluhrer@cisco.com)
Shay Gueron (shay.gueron@gmail.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)