Skip to main content

Hybrid key exchange in TLS 1.3

Document Type Replaced Internet-Draft (individual)
Expired & archived
Authors Douglas Stebila , Scott Fluhrer , Shay Gueron
Last updated 2020-02-12
Replaced by draft-ietf-tls-hybrid-design
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Associated None milestone
Nov 2021
Submit "Hybrid key exchange in TLS 1.3" to the IESG
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-tls-hybrid-design
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Hybrid key exchange refers to using multiple key exchange algorithms simultaneously and combining the result with the goal of providing security even if all but one of the component algorithms is broken. It is motivated by transition to post-quantum cryptography. This document provides a construction for hybrid key exchange in the Transport Layer Security (TLS) protocol version 1.3. Discussion of this work is encouraged to happen on the TLS IETF mailing list or on the GitHub repository which contains the draft: design.


Douglas Stebila
Scott Fluhrer
Shay Gueron

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)