Existing QKD–post-quantum AKE integration schemes suffer from improper handling of QKD key identifiers, rendering them vulnerable to dependency-key attacks that compromise overall security. Method: This work introduces the first formal cryptographic modeling of QKD as an ETSI-compliant oracle and extends the CK+ model to rigorously define and analyze dependency-key attacks, enabling provably secure analysis of QKD–KEM hybrid protocols. Contribution/Results: We propose the first hybrid AKE protocol achieving both information-theoretic security (from QKD) and post-quantum security (from lattice-based KEM), featuring a triple-KEM handshake structure. The protocol retains forward secrecy and mutual authentication even under unilateral compromise—i.e., when either QKD or the post-quantum KEM fails. Our framework unifies quantum communication and post-quantum cryptography, rectifying a critical security flaw and establishing both a theoretical foundation and a practical protocol paradigm for high-assurance quantum-safe networks.

Authenticated Key Exchange (AKE) establishes shared ('symmetric') cryptographic keys which are essential for secure online communication. AKE protocols can be constructed from public-key cryptography like Key Encapsulation Mechanisms (KEMs). Another approach is to use Quantum Key Distribution (QKD) to establish a symmetric key, which uses quantum communication. Combining post-quantum AKE and QKD appropriately may provide security against quantum attacks even if only one of the two approaches turns out to be secure. We provide an extensive review of existing security analyses for combined AKE and their formal security models, and identify some gaps in their treatment of QKD key IDs. In particular, improper handling of QKD key IDs leads to Dependent-Key attacks on AKE. As our main conceptual contribution, we model QKD as an oracle that closely resembles the standard ETSI 014 QKD interface. We demonstrate the usability of our QKD oracle for cryptographic security analyses by integrating it into a prominent security model for AKE, called CK+ model, thereby obtaining a security model for combined AKE that catches Dependent-Key attacks. In this model, we formally prove security of a new protocol that combines QKD with a triple-KEM handshake. This is the first provably secure hybrid protocol that maintains information-theoretic security of QKD.