To address the threat quantum computing poses to classical public-key cryptography, this paper proposes a tightly integrated two-layer security architecture combining quantum key distribution (QKD) and NIST-standardized post-quantum cryptography (PQC). Methodologically: (1) it constructs a hybrid key exchange mechanism integrating BB84/E91 QKD with ML-KEM; and (2) it designs a digital signature scheme unifying ML-DSA/SLH-DSA with quantum-channel authentication. The key contribution lies in the first realization of synergistic security across physical and mathematical layers—leveraging quantum uncertainty at the physical layer and lattice- or hash-based hardness assumptions at the mathematical layer. Entropy analysis and independent-and-identically-distributed (IID) statistical tests confirm that generated keys exhibit high entropy and strong statistical randomness. Experimental evaluation demonstrates that the architecture maintains provable resistance against quantum attacks while significantly enhancing system robustness and achieving an effective trade-off between computational overhead and communication cost.

Since the security of post-quantum cryptography (PQC) algorithms is based on the hardness of mathematical problems, while the security of quantum key distribution (QKD) relies on the fundamental principles of quantum physics, each approach possesses distinct advantages and limitations that can complement one another. Consequently, recent studies have proposed hybrid schemes that combine QKD and PQC to establish a dual-layered security model. In response to this trend, this study proposes hybrid schemes that integrate QKD with the National Institute of Standards and Technology (NIST) standardized PQC algorithms. These hybrid schemes include two core components: a hybrid QKD-PQC key exchange protocol and a hybrid QKD-PQC digital signature scheme. For the hybrid key exchange protocol, this study combines Module-Lattice-based Key Encapsulation Mechanisms (ML-KEM) with QKD protocols, specifically BB84 and E91, to construct a secure key exchange protocol. In the design of the hybrid digital signature scheme, this study utilizes Module-Lattice-based Digital Signature Algorithms (ML-DSA) and Stateless Hash-based Digital Signature Algorithms (SLH-DSA) to generate signature reconstruction values. These values are verified using confirmation codes transmitted via the BB84 and E91 protocols. The proposed hybrid key exchange protocol is evaluated by examining the shared secret key it produces, particularly with respect to entropy and whether the output is independent and identically distributed (IID). Furthermore, the computation time and message lengths of the proposed hybrid schemes are evaluated.