Informatica

We propose an authenticated key establishment protocol involving $n\geqslant 2$ parties, assuming that some—possibly all—network nodes have the potential to implement quantum key distribution (in pairs), while others only have access to standard technology. The protocol allows for the cooperative construction of a shared secret key from partial keys established by quantum and post-quantum solutions, which in turn can be implemented by different building blocks. We give a formal security analysis of our proposal using a hybrid security model simultaneously capturing quantum and classical actions and capabilities.