This study addresses the empirical verification of indistinguishability under chosen-plaintext attacks (IND-CPA) in hybrid encryption systems by introducing, for the first time, a deep learning–based approach to evaluate post-quantum key encapsulation mechanisms (KEMs)—including ML-KEM, BIKE, and HQC—as well as RSA variants and their cascaded compositions with symmetric encryption. The authors formulate the IND-CPA security game as a binary classification task and develop a scalable, adaptive evaluation framework leveraging deep neural networks trained with binary cross-entropy loss. Experimental results, assessed at a significance level of α = 0.01, reveal no statistically significant distinguishability across any of the tested schemes, thereby corroborating their theoretical security guarantees and demonstrating that deep learning constitutes a practical and effective tool for empirical IND-CPA analysis.

Ensuring ciphertext indistinguishability is fundamental to cryptographic security, but empirically validating this property in real implementations and hybrid settings presents practical challenges. The transition to post-quantum cryptography (PQC), with its hybrid constructions combining classical and quantum-resistant primitives, makes empirical validation approaches increasingly valuable. By modeling IND-CPA games as binary classification tasks and training on labeled ciphertext data with BCE loss, we study deep neural network (DNN) distinguishers for ciphertext indistinguishability. We apply this methodology to PQC KEMs. We specifically test the public-key encryption (PKE) schemes used to construct examples such as ML-KEM, BIKE, and HQC. Moreover, a novel extension of this DNN modeling for empirical distinguishability testing of hybrid KEMs is presented. We implement and test this on combinations of PQC KEMs with plain RSA, RSA-OAEP, and plaintext. Finally, methodological generality is illustrated by applying the DNN IND-CPA classification framework to cascade symmetric encryption, where we test combinations of AES-CTR, AES-CBC, AES-ECB, ChaCha20, and DES-ECB. In our experiments on PQC algorithms, KEM combiners, and cascade encryption, no algorithm or combination of algorithms demonstrates a significant advantage (two-sided binomial test, significance level $α= 0.01$), consistent with theoretical guarantees that hybrids including at least one IND-CPA-secure component preserve indistinguishability, and with the absence of exploitable patterns under the considered DNN adversary model. These illustrate the potential of using deep learning as an adaptive, practical, and versatile empirical estimator for indistinguishability in more general IND-CPA settings, allowing data-driven validation of implementations and compositions and complementing the analytical security analysis.