In [9]:
from cryptography.hazmat.primitives.asymmetric import x25519

# Generate private keys for Alice and Bob
alice_private_key = x25519.X25519PrivateKey.generate()
bob_private_key = x25519.X25519PrivateKey.generate()

# Generate public keys for Alice and Bob
alice_public_key = alice_private_key.public_key()
bob_public_key = bob_private_key.public_key()

# Exchange public keys and compute shared secrets
alice_shared_key = alice_private_key.exchange(bob_public_key)
bob_shared_key = bob_private_key.exchange(alice_public_key)

# Verify that the shared keys are equal
assert alice_shared_key == bob_shared_key

print("Shared secret established successfully.")

Shared secret established successfully.


x25519 is a Diffie-Hellman (DH) key exchange algorithm based on the Curve25519 using elliptic-curve cryptography.

In [10]:
from cryptography.hazmat.primitives.asymmetric import x25519
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
from cryptography.hazmat.primitives import hashes
import oqs

# Classical X25519 Key Exchange
alice_private_key = x25519.X25519PrivateKey.generate()
bob_private_key = x25519.X25519PrivateKey.generate()

alice_public_key = alice_private_key.public_key()
bob_public_key = bob_private_key.public_key()

alice_shared_classical = alice_private_key.exchange(bob_public_key)
bob_shared_classical = bob_private_key.exchange(alice_public_key)

# Post-Quantum Key Exchange using Kyber
# Alice generates a key pair and gets her public key
alice_kem = oqs.KeyEncapsulation("Kyber1024")
alice_public_pq = alice_kem.generate_keypair()

# Alice signs her post-quantum public key
alice_sig = oqs.Signature("Dilithium5")
alice_public_sig = alice_sig.generate_keypair()
signature = alice_sig.sign(alice_public_pq)

# Alice sends alice_public_pq, alice_public_sig, and signature to Bob

# Bob verifies Alice's signature
bob_sig = oqs.Signature("Dilithium5")
if bob_sig.verify(alice_public_pq, signature, alice_public_sig):
    print("Alice's public key is authentic.")
else:
    print("Failed to verify Alice's public key.")

# Bob encapsulates a secret to Alice's public key
bob_kem = oqs.KeyEncapsulation("Kyber1024")
ciphertext, bob_shared_pq = bob_kem.encap_secret(alice_public_pq)

# Alice decapsulates the ciphertext to get the shared secret
alice_shared_pq = alice_kem.decap_secret(ciphertext)

# Verify that the PQ shared secrets are equal
assert alice_shared_pq == bob_shared_pq

# Combine the shared secrets
combined_secret = alice_shared_classical + alice_shared_pq

# Derive the final shared key using HKDF
derived_key = HKDF(
    algorithm=hashes.SHA256(),
    length=32,
    salt=None,
    info=b'hybrid key exchange',
).derive(combined_secret)

# Both Alice and Bob now share 'derived_key'
print("Hybrid shared secret established successfully.")

Alice's public key is authentic.
Hybrid shared secret established successfully.
