ORIGINAL RESEARCH article
Front. Phys.
Sec. Quantum Engineering and Technology
This article is part of the Research TopicNext-Generation Security for Critical Infrastructures: Advancing Privacy, Resilience, and Post-Quantum ProtectionView all articles
Design and Implementation of an Authenticated Post-quantum Session Protocol Using ML-KEM(Kyber), ML-DSA(Dilithium), and AES-256-GCM
Provisionally accepted
- School of Computer Science and Engineering, VIT, Vellore, India
Select one of your emails
You have multiple emails registered with Frontiers:
Notify me on publication
Please enter your email address:
If you already have an account, please login
You don't have a Frontiers account ? You can register here
Session establishment,the process by which two parties authenticate each other and derive a shared secret key,forms the foundation for secure digital communication. Quantum computers threaten this foundation by breaking classical public-key primitives, such as RSA and elliptic-curve Diffie–Hellman, thereby enabling harvest-now–decrypt-later (HNDL) attacks that endanger long-term confidentiality. This paper presents the design, implementation, and evaluation of an authenticated, quantum-resistant session protocol that replaces these vulnerable mechanisms with their post-quantum counterparts. The proposed protocol integrates ML–KEM–1024 (FIPS 203; CRYSTALS, Kyber) for ephemeral key exchange, ML–DSA-65 (FIPS 204; CRYSTALS, Dilithium) for endpoint authentication, and AES–256–GCM for symmetric protection. A transcript-bound HKDF–SHA3-256 key schedule and a 96-bit GCM nonce construction with conservative rekey limits are used to ensure forward secrecy, downgrade resistance, and message integrity.A Python/C prototype (PQClean ML–KEM–1024 with PyCryptodome AES–256–GCM) was benchmarked over 1,000 iterations on commodity hardware. The results show that sub-millisecond cryptographic overhead ML–KEM–1024 matches the performance of X25519 while vastly outperforming RSA–3072 in secure session establishment, and symmetric encryption remains cost-effective. Nonces are unique 96-bit values, never reused across directions or beyond 232 records, following NIST SP 800–38D; when nonce-misuse resistance is required, AES–256–GCM–SIV (RFC 8452) is supported as a drop-in alternative. Empirical tests under both local and WAN-emulated (≈40 ms RTT) network conditions confirm that the additional post-quantum cost maintains the handshake cryptographic latency in the 0.50– 0.70 ms, demonstrating that fully authenticated, forward-secure, quantum-resistant session negotiation is practical for real-world deployments.
Keywords: post-quantum cryptography (PQC), ML-KEM (Kyber, FIPS 203), ML-DSA (Dilithium, FIPS 204), AES-256-GCM, Authenticated Quantum-Resistant Key Exchange, Harvest-Now-Decrypt-Later (HNDL)
Received: 13 Oct 2025; Accepted: 17 Nov 2025.
Copyright: © 2025 S P and Akinlemi. This is an open-access article distributed under the terms of the Creative Commons Attribution License (CC BY). The use, distribution or reproduction in other forums is permitted, provided the original author(s) or licensor are credited and that the original publication in this journal is cited, in accordance with accepted academic practice. No use, distribution or reproduction is permitted which does not comply with these terms.
* Correspondence: Meenakshi S P, spmeenakshi@vit.ac.in
Disclaimer: All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors and the reviewers. Any product that may be evaluated in this article or claim that may be made by its manufacturer is not guaranteed or endorsed by the publisher.