Papers
Topics
Authors
Recent
Search
2000 character limit reached

CHSH-Augmented Kyber Scheme

Updated 22 November 2025
  • The paper demonstrates a hybrid post-quantum KEM that integrates a CHSH Bell test with CRYSTALS-Kyber to enforce IND-CCA security via dual reductions.
  • It interleaves classical lattice-based operations with quantum CHSH measurements on EPR pairs to certify non-locality and provide information-theoretic guarantees.
  • The scheme achieves composability, forward secrecy, and minimal latency, with tunable quantum resources (e.g., m = 512 EPR pairs) for practical deployment.

The CHSH-augmented Kyber scheme is a hybrid post-quantum key encapsulation mechanism (KEM) that unifies lattice-based cryptography with device-independent quantum non-locality certification. It integrates a Clauser–Horne–Shimony–Holt (CHSH) Bell-inequality test into the CRYSTALS-Kyber KEM workflow, thereby coupling computational hardness (Module-LWE) with information-theoretic quantum guarantees. By interleaving a non-locality test based on EPR pairs within the encapsulation/decapsulation routines, this protocol offers provable dual-hardness: any adversary that breaks the scheme’s IND-CCA security must either solve a Module-LWE instance or a QMA-complete 2-local Hamiltonian problem, under the standard complexity assumption QMA ⊄ NP (Cherkaoui et al., 15 Nov 2025).

1. Hybrid Protocol Structure and Workflow

The CHSH-augmented Kyber protocol interleaves the classical operations of CRYSTALS-Kyber with a quantum sub-protocol testing non-locality via the CHSH game. The process can be summarized in the following sequence:

  • Setup: Both parties agree on Kyber public parameters (e.g., modulus qq, dimensions nn,kk, error parameter η\eta), the number of EPR pairs mm, and a CHSH score threshold S0S_0 where 2<S0<222 < S_0 < 2\sqrt{2}.
  • Key Generation: One party runs classical Kyber KeyGen to obtain (pk,sk)(\mathrm{pk}, \mathrm{sk}).
  • Encapsulation + CHSH: The encapsulation party generates a Kyber ciphertext and key via the FO transform, prepares mm EPR pairs, distributes halves, and both parties conduct CHSH measurements (randomly chosen measurement bases, with result and basis exchange to compute correlations). If the empirical CHSH score S≥S0S \geq S_0, the key is accepted; otherwise, the protocol aborts.
  • Decapsulation + CHSH: The recipient recovers the Kyber key via classical decapsulation and repeats the CHSH measurement and scoring. The session key is output only if both classical and quantum checks succeed.

The session key is derived as nn0, where nn1 is the Kyber-derived key, nn2 the empirical CHSH score, and nn3 a hash or KDF.

2. Quantum Procedures and CHSH Test Implementation

The non-locality test integrates nn4 pairs of maximally entangled two-qubit EPR states nn5, distributed between the parties. For each pair nn6:

  • Each party independently chooses a random basis (nn7 for Alice, nn8 for Bob).
    • Alice: nn9 measures in kk0; kk1 in kk2.
    • Bob: kk3 measures in kk4; kk5 in kk6.
  • Outcomes kk7 are recorded.
  • Each pair yields correlation kk8.
  • The CHSH score is computed as kk9, with η\eta0.

Quantum theory predicts that η\eta1 (Tsirelson bound), exceeding the classical local hidden-variable bound η\eta2. The observed empirical η\eta3 provides an information-theoretic certificate of non-locality, verifiable within rigorous statistical bounds (error controlled by η\eta4 and Hoeffding’s inequality).

3. Dual-Hardness Security Reductions

The security of the CHSH-augmented Kyber KEM is established via two orthogonal reductions:

  • Classical Branch: Under the Module-LWE assumption, an adversary breaking the IND-CCA game for Kyber can be reduced to solving Module-LWE with comparable advantage. The FO transform and Markov key evolution guarantee indistinguishability up to negligible error, provided protocol parameters maintain cumulative noise below η\eta5 (Cherkaoui et al., 15 Nov 2025).
  • Quantum Branch: Observation of a CHSH violation η\eta6 is mapped to finding a low-energy state for the 2-local Hamiltonian η\eta7, where η\eta8. Deciding the spectral gap under promise is QMA-complete; thus, a successful quantum adversary must solve a QMA-complete instance.

Any adversary breaking IND-CCA security must either solve Module-LWE (widely believed to be hard for PPT) or a QMA-complete local Hamiltonian problem (hard for classical algorithms under QMA ⊄ NP).

4. Fujisaki–Okamoto Transform Integration

The scheme embeds CHSH verification within the FO transform to maintain IND-CCA security. The encapsulation algorithm FO-CHSH-Encaps samples random η\eta9, computes the Kyber encapsulation mm0, executes the CHSH sub-protocol to obtain mm1, and outputs mm2 if mm3. Decapsulation mirrors this, aborting on decryption failure or mm4.

Including mm5 in the KDF ensures that only parties able to conduct genuine CHSH tests derive the session key, and FO security proofs extend with only an additional negligible term accounting for the CHSH game’s soundness.

5. Performance Metrics and Resource Analysis

Resource requirements for the scheme are as follows:

Resource Classical Kyber CHSH-Augmented Kyber
Quantum comms per session 0 mm6 qubits
CHSH metadata 0 mm7 bits
Gate count 0 mm8 total
Circuit depth 0 mm9
Latency overhead 0 S0S_005%

Selection of S0S_01 is protocol-tunable; S0S_02 aligns quantum resource usage with Kyber-512. There is an additional quantum round for EPR distribution and measurement but this phase is fully pipelineable. The paper estimates latency overhead below 5% on practical photonic or superconducting hardware (Cherkaoui et al., 15 Nov 2025).

6. Composability, Forward Secrecy, and Security Properties

The CHSH test is modeled as an ideal functionality S0S_03, ensuring that key agreement is realized as a standard authenticated key exchange (S0S_04) in the hybrid (S0S_05) model. When implemented as part of a universal composition (UC)-secure protocol, the scheme maintains full composability—even when embedded in higher-level cryptographic applications—by virtue of its dual-hardness and independence of session keys.

Each session employs fresh Kyber key pairs and EPR pairs, and the key derivation includes a non-leaked, freshly measured CHSH outcome S0S_06, thereby ensuring forward secrecy. Exposure of long-term secrets or session state in one interaction does not compromise future (or past) keys; the Markov key evolution further prevents chaining of secret key compromise across sessions.

7. Scope and Significance

The CHSH-augmented Kyber scheme establishes a rigorous, composable, and forward-secure approach to post-quantum key exchange that is provably secure against both classical and quantum adversaries, conditioned on Module-LWE and QMA-complete problem hardness. By directly certifying quantum correlations in the key agreement workflow, it materially enhances the assurance offered by purely computational schemes, and presents a unified protocol that remains compatible with current NIST PQC standards while advancing the integration of quantum information-theoretic primitives into practical cryptography (Cherkaoui et al., 15 Nov 2025).

Definition Search Book Streamline Icon: https://streamlinehq.com
References (1)

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to CHSH-Augmented Kyber Scheme.