Existing hybrid authenticated key exchange (HAKE) protocols rely on digital signatures in post-quantum settings, incurring high computational overhead and latency during large-scale connection establishment. This work proposes Muckle#, an efficient quantum-safe HAKE protocol that pioneers the integration of post-quantum key encapsulation mechanisms (KEMs) into the HAKE framework to achieve implicit authentication—eliminating the need for traditional signatures. Muckle# combines hybrid key derivation with a TLS-style authentication mechanism and provides a rigorous formal security proof in the Universal Composability (UC) framework. Compared to prior schemes, it significantly reduces both computational and communication costs, supports seamless integration of classical, post-quantum, and quantum key distribution (QKD) key materials, and is backward-compatible with Muckle+ while constituting a non-trivial upgrade. Experimental evaluation demonstrates Muckle#’s superior scalability and low-latency performance in large-scale quantum-safe networks.

Authenticated Key Exchange (AKE) between any two entities is one of the most important security protocols available for securing our digital networks and infrastructures. In PQCrypto 2023, Bruckner, Ramacher and Striecks proposed a novel hybrid AKE (HAKE) protocol, dubbed Muckle+, that is particularly useful in large quantum-safe networks consisting of a large number of nodes. Their protocol is hybrid in the sense that it allows key material from conventional and post-quantum primitives, as well as from quantum key distribution, to be incorporated into a single end-to-end shared key. To achieve the desired authentication properties, Muckle+ utilizes post-quantum digital signatures. However, available instantiations of such signatures schemes are not yet efficient enough compared to their post-quantum key-encapsulation mechanism (KEM) counterparts, particularly in large networks with potentially several connections in a short period of time. To mitigate this gap, we propose Muckle# that pushes the efficiency boundaries of currently known HAKE constructions. Muckle# uses post-quantum key-encapsulating mechanisms for implicit authentication inspired by recent works done in the area of Transport Layer Security (TLS) protocols, particularly, in KEMTLS (CCS'20). We port those ideas to the HAKE framework and develop novel proof techniques on the way. Due to our novel KEM-based approach, the resulting protocol has a slightly different message flow compared to prior work that we carefully align with the HAKE framework and which makes our changes to the Muckle+ non-trivial.