1970-01-01

(2026-03) Hybrid KEM Constructions from Classical PKEs and Post-Quantum KEMs

• [[Biming Zhou]]
• [[Yukai Zhang]]
• [[Haodong Jiang]]
• [[Yunlei Zhao]]

2026-03-22

• #cryptography
• #paper

Abstract

The rapid progress of quantum computing threatens widely deployed public-key cryptosystems such as RSA and Diffie–Hellman, accelerating the transition toward post-quantum cryptography (PQC). During this migration, hybrid key encapsulation mechanisms (KEMs) that combine classical and post-quantum primitives are strongly recommended by standardization bodies and cybersecurity agencies. However, existing hybrid designs mainly focus on combining post-quantum KEMs with Diffie–Hellman–style constructions, while the systematic integration of standardized classical public-key encryption (PKE) schemes with post-quantum KEMs remains largely unexplored.

In this work, we introduce two generic hybrid constructions, $\mathsf{HybKEM}$ and $\mathsf{HybKEM}^{*}$, that combine a classical PKE scheme with a post-quantum KEM satisfying ciphertext second-preimage resistance (C2PRI). We prove that both constructions achieve IND-CCA security in the standard model. The refined construction $\mathsf{HybKEM}^{*}$ additionally relies on a new security notion of the classical PKE scheme, termed partial ciphertext second-preimage resistance (PC2PRI), which captures second-preimage resistance when a designated ciphertext component is fixed. This new property enables shared-key derivation from only a designated PKE ciphertext component in $\mathsf{HybKEM}^{*}$, leading to improved efficiency. Finally, we provide a systematic analysis of the PC2PRI property for several standardized classical encryption schemes, including ECIES, PSEC, and SM2.