Key exchange

Key exchange is the process by which two parties who share no prior secret establish one over a public channel, such that an eavesdropper who sees every message still cannot compute the resulting key. The shared secret then keys symmetric encryption for the session. Nearly every secure protocol, including TLS, SSH, VPNs, and encrypted messaging, begins with a key exchange.

From Diffie-Hellman to KEMs

The classical solution is the Diffie-Hellman construction of 1976 and its elliptic-curve form ECDH, deployed today mostly as X25519 (RFC 7748). Both rest on discrete logarithms, which Shor's algorithm solves efficiently, so a large quantum computer would break every recorded classical exchange. Post-quantum designs replace the interactive exchange with a key encapsulation mechanism: one side encapsulates a fresh secret to the other side's public key. FIPS 203 standardizes ML-KEM for this role, and post-quantum TLS deployments as of early 2026 combine it with X25519 in hybrid key exchange groups. Fresh per-session exchanges are also what provide forward secrecy.

Sources

  1. RFC 7748: Elliptic Curves for Security (IETF, 2016)
  2. FIPS 203, Module-Lattice-Based Key-Encapsulation Mechanism Standard (NIST, 2024)
Cite this entry
"Key exchange." postquantum.wiki. Updated July 11, 2026. https://postquantum.wiki/key-exchange@misc{pqwiki-key-exchange, title = {Key exchange}, howpublished = {\url{https://postquantum.wiki/key-exchange}}, year = {2026}, note = {postquantum.wiki, updated 2026-07-11} }