Hybrid PQC + Classical Cryptography
This guide explains Qpher's hybrid cryptographic modes, which combine a post-quantum algorithm with a battle-tested classical algorithm in a single operation. Hybrid mode provides defense-in-depth: your data stays protected even if one algorithm is compromised.
Hybrid algorithms (X-Wing and Composite-ML-DSA) are available on Pro and Enterprise plans. If you are on a Free, Starter, or Growth plan, your requests will use the PQC-only defaults (Kyber768 and Dilithium3).
Why Hybrid?
PQC algorithms like Kyber768 and Dilithium3 are rigorously standardized by NIST, but they are relatively new compared to classical algorithms like X25519 and ECDSA that have decades of real-world testing. Hybrid mode ensures that:
- If a breakthrough in lattice cryptanalysis weakens the PQC component, the classical component maintains security.
- If a quantum computer breaks the classical component, the PQC component maintains security.
- Security holds as long as at least one of the two algorithms remains secure.
This is the same approach adopted by AWS, Google Cloud, and Cloudflare in their production deployments.
Supported Hybrid Algorithms
| Algorithm | Components | Operation | Standard |
|---|---|---|---|
| X-Wing | X25519 + ML-KEM-768 (Kyber768) | Encrypt / Decrypt | IETF draft |
| Composite-ML-DSA | ECDSA P-256 + ML-DSA-65 (Dilithium3) | Sign / Verify | IETF draft |
Prerequisites
- A Qpher account on a Pro or Enterprise plan
- An active API key
- For encryption: An active X-Wing key pair (generated via the Key Management API with
algorithm: "X-Wing") - For signatures: An active Composite-ML-DSA key pair (generated with
algorithm: "Composite-ML-DSA")
Step 1: Generate a Hybrid Key Pair
Before using hybrid algorithms, you need to generate the appropriate key pair.
curl -X POST https://api.qpher.ai/api/v1/kms/keys/generate \
-H "Content-Type: application/json" \
-H "x-api-key: qph_your_key_here" \
-d '{"algorithm": "X-Wing"}'To generate a Composite-ML-DSA key pair, use "algorithm": "Composite-ML-DSA" instead.
Step 2: Encrypt with X-Wing
To use hybrid encryption, add "algorithm": "X-Wing" to your encrypt request. Everything else stays the same as standard Kyber768 encryption.
curl -X POST https://api.qpher.ai/api/v1/kem/encrypt \
-H "Content-Type: application/json" \
-H "x-api-key: qph_your_key_here" \
-d '{
"plaintext": "SGVsbG8sIFdvcmxkIQ==",
"key_version": 1,
"algorithm": "X-Wing"
}'Step 3: Decrypt with X-Wing
When decrypting data that was encrypted with X-Wing, include "algorithm": "X-Wing" in the decrypt request.
curl -X POST https://api.qpher.ai/api/v1/kem/decrypt \
-H "Content-Type: application/json" \
-H "x-api-key: qph_your_key_here" \
-d '{
"ciphertext": "base64-encoded-xwing-ciphertext...",
"key_version": 1,
"algorithm": "X-Wing"
}'Step 4: Sign with Composite-ML-DSA
To use hybrid signatures, add "algorithm": "Composite-ML-DSA" to your sign request.
curl -X POST https://api.qpher.ai/api/v1/signature/sign \
-H "Content-Type: application/json" \
-H "x-api-key: qph_your_key_here" \
-d '{
"message": "SGVsbG8sIFdvcmxkIQ==",
"key_version": 1,
"algorithm": "Composite-ML-DSA"
}'Step 5: Verify with Composite-ML-DSA
When verifying a Composite-ML-DSA signature, include "algorithm": "Composite-ML-DSA" in the verify request.
curl -X POST https://api.qpher.ai/api/v1/signature/verify \
-H "Content-Type: application/json" \
-H "x-api-key: qph_your_key_here" \
-d '{
"message": "SGVsbG8sIFdvcmxkIQ==",
"signature": "base64-encoded-composite-signature...",
"key_version": 1,
"algorithm": "Composite-ML-DSA"
}'PQC-Only vs. Hybrid Comparison
| PQC-Only (default) | Hybrid (Pro/Enterprise) | |
|---|---|---|
| KEM Algorithm | ML-KEM-768 (Kyber768) | X-Wing: X25519 + ML-KEM-768 |
| Signature Algorithm | ML-DSA-65 (Dilithium3) | Composite-ML-DSA: ECDSA P-256 + ML-DSA-65 |
| Plans | All plans | Pro and Enterprise |
| API Parameter | Default (omit algorithm) | "algorithm": "X-Wing" or "Composite-ML-DSA" |
| Security Model | Quantum-resistant only | Quantum-resistant + classical |
| Use Case | Standard PQC protection | Defense-in-depth for high-security requirements |
| Key Generation | "algorithm": "Kyber768" or "Dilithium3" | "algorithm": "X-Wing" or "Composite-ML-DSA" |
Use hybrid mode when your compliance or security requirements demand defense-in-depth. PQC-only mode is the recommended long-term default for most applications, as PQC algorithms accumulate more real-world deployment history. Hybrid mode adds a safety net during this transition period.
Key Management for Hybrid Keys
Hybrid keys follow the same lifecycle as PQC-only keys (active, retired, archived) and the same versioning rules:
- Encrypt/Sign: Requires an
activehybrid key - Decrypt/Verify: Works with
activeorretiredhybrid keys - Rotation: Use
POST /api/v1/kms/keys/rotatewith the hybrid algorithm name
Hybrid keys are separate from PQC-only keys. An X-Wing key pair cannot be used for standard Kyber768 operations, and vice versa. You must generate dedicated key pairs for each algorithm you use.
Error Handling
Hybrid operations return the same error codes as PQC-only operations, plus:
| HTTP Status | Error Code | Cause | Resolution |
|---|---|---|---|
| 403 | ERR_FORBIDDEN_001 | Hybrid algorithms require Pro or Enterprise plan | Upgrade your plan |
| 404 | ERR_KEM_003 / ERR_SIG_003 | No key found for the specified hybrid algorithm | Generate an X-Wing or Composite-ML-DSA key pair first |
| 400 | ERR_INVALID_001 | Algorithm mismatch (e.g., X-Wing ciphertext with Kyber768 key) | Use the same algorithm for encrypt and decrypt |
Related Guides
- Encrypt Data -- Encrypt with Kyber768 or X-Wing
- Sign Documents -- Sign with Dilithium3 or Composite-ML-DSA
- Key Management -- Generate and manage hybrid key pairs
- Security Architecture -- Technical details of hybrid implementation