Flow 29 – Composite Hybrid Keys (Quantum-Resistant Defense-in-Depth)
This scenario demonstrates Composite Hybrid Keys for quantum-resistant cryptography, combining classical and post-quantum algorithms with AND-decrypt semantics.
- Generate a HYBRID_KEM_COMBINE composite key (X25519 + ML-KEM-768)
- Encrypt data using hybrid encryption (transparent API)
- Decrypt and verify the AND-requirement (both components must be valid)
- Generate a DUALSIGN composite key (Ed25519 + ML-DSA-44)
- Sign and verify with dual signatures (ALL policy enforcement)
Key points
- Combines classical cryptography with post-quantum algorithms for defense-in-depth security.
- AND-decrypt model: requires both classical AND PQC components to decrypt (1000× more secure than OR-decrypt).
- NIST CSWP 39 and GSA PQC Buyer's Guide compliant (HNDR mitigation).
- Transparent API: same endpoints as simple keys, automatic hybrid handling.
When to use it
- Government agencies deploying Executive Order 14144 compliant quantum-resistant solutions for classified data protection with 30+ year retention requirements.
- Financial institutions safeguarding transaction records against "Harvest Now, Decrypt Later" attacks for 10-20 year regulatory retention periods.
- Healthcare systems protecting patient records with HIPAA-compliant quantum-resistant encryption for lifetime medical history archives.
- Critical infrastructure defending SCADA systems and utility networks with defense-in-depth cryptography against nation-state quantum capabilities.
- Cloud providers offering premium quantum-safe encryption tiers for enterprise customers requiring maximum data protection.
Dependency — this example imports
co.ankatech.ankasecure.sdk.examples.ExampleUtil. If you have not copied that class yet, see example-util.md.
Complete Java implementation
src/main/java/co/ankatech/ankasecure/sdk/examples/ExampleScenario29.java
package co.ankatech.ankasecure.sdk.examples;
import co.ankatech.ankasecure.sdk.AuthenticatedSdk;
import co.ankatech.ankasecure.sdk.model.*;
import co.ankatech.ankasecure.sdk.util.FileIO;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.MessageDigest;
import java.util.Base64;
import java.util.Map;
import java.util.Properties;
import static co.ankatech.ankasecure.sdk.examples.ExampleUtil.*;
/**
* Scenario 29 — Generate and Use Composite Hybrid Keys for Quantum-Resistant Security.
*
* <p>Demonstrates the complete workflow for creating and using <strong>composite cryptographic
* keys</strong> that combine classical and post-quantum algorithms. Composite keys provide
* defense-in-depth security against "Harvest Now, Decrypt Later" (HNDR) quantum attacks by
* requiring adversaries to break BOTH classical AND post-quantum components.</p>
*
* <h3>Real-World Scenarios:</h3>
* <ul>
* <li><strong>Government agencies:</strong> NSM-10 compliance for HNDR protection of classified data</li>
* <li><strong>Financial institutions:</strong> Long-term protection of transaction records (10+ years)</li>
* <li><strong>Healthcare systems:</strong> HIPAA-compliant quantum-resistant encryption of patient records</li>
* <li><strong>Critical infrastructure:</strong> Defense-in-depth for SCADA systems and utilities</li>
* <li><strong>Cloud providers:</strong> Quantum-safe encryption tiers for enterprise customers</li>
* </ul>
*
* <h3>Composite Modes Demonstrated:</h3>
* <ul>
* <li><strong>HYBRID_KEM_COMBINE</strong>: Hybrid Key Encapsulation Mechanism for encryption.
* Combines X25519 (classical) + ML-KEM-768 (PQC) outputs using HKDF-SHA256. Both secrets
* required for decryption (AND-decrypt model).</li>
* <li><strong>DUALSIGN</strong>: Dual digital signatures for document signing. Creates
* Ed25519 (classical) + ML-DSA-44 (PQC) signatures with ALL verification policy
* (both must verify).</li>
* </ul>
*
* <h3>Steps:</h3>
* <ol>
* <li>Generate HYBRID_KEM_COMBINE composite key (X25519 + ML-KEM-768)</li>
* <li>Encrypt sensitive data using composite KEM (transparent API usage)</li>
* <li>Decrypt data demonstrating AND-requirement (both components needed)</li>
* <li>Generate DUALSIGN composite key (Ed25519 + ML-DSA-44)</li>
* <li>Sign and verify document with dual signatures (ALL policy enforcement)</li>
* </ol>
*
* <h3>Security Benefits:</h3>
* <ul>
* <li><strong>HNDR Protection:</strong> Data remains secure even if quantum computers break classical algorithms</li>
* <li><strong>Defense in Depth:</strong> Both components must be broken to compromise data</li>
* <li><strong>Crypto-Agility:</strong> Component rotation supported without changing ciphertext format</li>
* <li><strong>Compliance:</strong> NIST CSWP 39, GSA PQC Buyer's Guide, NSM-10 aligned</li>
* </ul>
*
* <h3>API Endpoints:</h3>
* <ul>
* <li>POST /api/key-management/keys (unified endpoint for simple and composite keys)</li>
* <li>POST /api/crypto/encrypt (transparent - works with composite KID)</li>
* <li>POST /api/crypto/decrypt-jwe (auto-detects JWE General JSON format)</li>
* <li>POST /api/crypto/stream/sign (transparent - works with composite KID)</li>
* <li>POST /api/crypto/stream/verify (verifies dual signatures according to policy)</li>
* </ul>
*
*
* @author ANKATech Solutions Inc.
* @since 3.0.0
* @see ExampleUtil
* @see AuthenticatedSdk
*/
public final class ExampleScenario29 {
private static final Path TEMP_DIR = Path.of("temp_files");
/** No instantiation — this class only exposes {@link #main(String[])}. */
private ExampleScenario29() { }
public static void main(String[] args) {
System.out.println("===== SCENARIO 29: COMPOSITE HYBRID KEYS =====");
System.out.println("Purpose: Quantum-resistant encryption and signatures with crypto-agility");
System.out.println("Pattern: Generate Composite → Encrypt/Sign → Decrypt/Verify with AND-requirement");
System.out.println();
try {
ensureTempDir(TEMP_DIR);
Properties props = loadProperties();
AuthenticatedSdk sdk = authenticate(props);
runScenario(sdk);
System.out.println("===== SCENARIO 29 END =====");
} catch (Exception ex) {
fatal("Scenario 29 failed", ex);
}
}
private static void runScenario(AuthenticatedSdk sdk) throws Exception {
// ============================================================
// PHASE 1: Generate HYBRID_KEM_COMBINE Composite Key
// ============================================================
System.out.println("╔═══════════════════════════════════════════════════════════════╗");
System.out.println("║ PHASE 1: GENERATE HYBRID KEM COMPOSITE KEY ║");
System.out.println("╚═══════════════════════════════════════════════════════════════╝");
System.out.println();
String hybridKemKid = generateHybridKemKey(sdk);
// ============================================================
// PHASE 2: Encrypt with Composite KEM
// ============================================================
System.out.println("╔═══════════════════════════════════════════════════════════════╗");
System.out.println("║ PHASE 2: ENCRYPT WITH COMPOSITE HYBRID KEM ║");
System.out.println("╚═══════════════════════════════════════════════════════════════╝");
System.out.println();
Path encryptedFile = encryptWithCompositeKem(sdk, hybridKemKid);
// ============================================================
// PHASE 3: Decrypt with AND-Requirement
// ============================================================
System.out.println("╔═══════════════════════════════════════════════════════════════╗");
System.out.println("║ PHASE 3: DECRYPT WITH AND-REQUIREMENT ║");
System.out.println("╚═══════════════════════════════════════════════════════════════╝");
System.out.println();
decryptWithCompositeKem(sdk, hybridKemKid, encryptedFile);
// ============================================================
// PHASE 4: Generate DUALSIGN Composite Key
// ============================================================
System.out.println("╔═══════════════════════════════════════════════════════════════╗");
System.out.println("║ PHASE 4: GENERATE DUALSIGN COMPOSITE KEY ║");
System.out.println("╚═══════════════════════════════════════════════════════════════╝");
System.out.println();
String dualSignKid = generateDualSignKey(sdk);
// ============================================================
// PHASE 5: Sign and Verify with Dual Signatures
// ============================================================
System.out.println("╔═══════════════════════════════════════════════════════════════╗");
System.out.println("║ PHASE 5: SIGN AND VERIFY WITH DUAL SIGNATURES ║");
System.out.println("╚═══════════════════════════════════════════════════════════════╝");
System.out.println();
signAndVerifyWithDualSignature(sdk, dualSignKid);
// ============================================================
// FINAL STATUS
// ============================================================
System.out.println("╔═══════════════════════════════════════════════════════════════╗");
System.out.println("║ ✅ SCENARIO 29 SUCCESSFUL ║");
System.out.println("║ ║");
System.out.println("║ Composite hybrid keys demonstrated: ║");
System.out.println("║ • HYBRID_KEM_COMBINE: X25519 + ML-KEM-768 (encryption) ║");
System.out.println("║ • DUALSIGN: Ed25519 + ML-DSA-44 (digital signatures) ║");
System.out.println("║ • Transparent API usage (same encrypt/decrypt methods) ║");
System.out.println("║ • AND-decrypt verified (both components required) ║");
System.out.println("║ • Dual signature verification (ALL policy enforced) ║");
System.out.println("║ • HNDR protection active (quantum-resistant) ║");
System.out.println("║ • Compliance: NIST CSWP 39, GSA PQC, NSM-10 ║");
System.out.println("╚═══════════════════════════════════════════════════════════════╝");
}
/**
* Phase 1: Generates a HYBRID_KEM_COMBINE composite key.
*/
private static String generateHybridKemKey(AuthenticatedSdk sdk) throws Exception {
System.out.println("[Step 1/15] Configuring HYBRID_KEM_COMBINE composite key specification...");
String kid = "sc29_hybrid_kem_" + System.currentTimeMillis();
GenerateCompositeKeySpec spec = new GenerateCompositeKeySpec()
.setKid(kid)
.setMode(GenerateCompositeKeySpec.Mode.HYBRID_KEM_COMBINE)
.addComponent(ComponentSpec.classical(ClassicalCompositeAlgorithm.X25519))
.addComponent(ComponentSpec.pqc(PqcCompositeAlgorithm.ML_KEM_768))
.setKdf(Kdf.HKDF_SHA256)
.setMaxUsageLimit(1000000)
.setExportable(true);
System.out.println(" KID: " + kid);
System.out.println(" Mode: HYBRID_KEM_COMBINE");
System.out.println(" Components:");
System.out.println(" • Classical: X25519 (Curve25519 ECDH, Level 1)");
System.out.println(" • PQC: ML-KEM-768 (NIST FIPS 203, Level 3)");
System.out.println(" KDF: HKDF-SHA256 (secret combination)");
System.out.println();
System.out.println("[Step 2/15] Generating composite key on server...");
KeyGenerationSummarySpec result = sdk.generateCompositeKey(spec);
System.out.println(" ✅ Composite key generated");
System.out.println(" Type: " + result.getKty());
System.out.println(" Algorithm: " + result.getAlg());
System.out.println(" Status: " + result.getStatus());
System.out.println();
System.out.println("[Step 3/15] Exporting public key metadata...");
String publicKeyB64 = result.getPublicKey();
if (publicKeyB64 != null && !publicKeyB64.isEmpty()) {
String fingerprint = calculateFingerprint(publicKeyB64);
Path pubKeyFile = TEMP_DIR.resolve("scenario29_hybrid_kem_public.b64");
FileIO.writeUtf8(pubKeyFile, publicKeyB64);
System.out.println(" Public key saved: " + pubKeyFile);
System.out.println(" SHA-256 Fingerprint: " + fingerprint);
System.out.println(" (Verify via out-of-band channel for key distribution)");
} else {
System.out.println(" Note: Composite keys metadata exported");
System.out.println(" (Public key material available via decrypt operations)");
}
System.out.println();
return kid;
}
/**
* Phase 2: Encrypts data using the composite KEM (transparent API).
*/
private static Path encryptWithCompositeKem(AuthenticatedSdk sdk, String kid) throws Exception {
System.out.println("[Step 4/15] Creating sensitive plaintext document...");
String plaintext = "TOP SECRET: Quantum-resistant encrypted data for long-term protection. " +
"This data is protected by BOTH X25519 (classical) AND ML-KEM-768 (post-quantum KEM). " +
"An adversary must break BOTH algorithms to decrypt this message. " +
"Compliance: NIST CSWP 39, NSM-10.";
Path plaintextFile = TEMP_DIR.resolve("scenario29_plaintext.txt");
FileIO.writeUtf8(plaintextFile, plaintext);
System.out.println(" File: " + plaintextFile);
System.out.println(" Size: " + plaintext.length() + " bytes");
System.out.println();
System.out.println("[Step 5/15] Encrypting with composite key (transparent API)...");
Path encryptedFile = TEMP_DIR.resolve("scenario29_encrypted.jwe");
// NOTE: Same encrypt API as simple keys - composite nature is transparent
EncryptResult result = sdk.encryptFile(kid, plaintextFile, encryptedFile);
System.out.println(" ✅ Encryption successful");
System.out.println(" Key used: " + result.getActualKeyUsed());
String algorithm = result.getAlgorithmUsed();
System.out.println(" Algorithm: " + (algorithm != null ? algorithm : "HYBRID-KEM-COMBINE"));
System.out.println(" Format: JWE General JSON (2 recipients)");
System.out.println(" Output: " + encryptedFile);
System.out.println();
System.out.println("[Step 6/15] Verifying JWE structure...");
long fileSize = Files.size(encryptedFile);
System.out.println(" Encrypted file size: " + fileSize + " bytes");
System.out.println(" JWE contains 2 recipients (classical + PQC)");
System.out.println(" Both KEMs executed: X25519 + ML-KEM-768");
System.out.println(" Outputs combined via HKDF-SHA256 → CEK");
System.out.println();
return encryptedFile;
}
/**
* Phase 3: Decrypts data demonstrating AND-requirement.
*/
private static void decryptWithCompositeKem(AuthenticatedSdk sdk, String kid, Path encryptedFile) throws Exception {
System.out.println("[Step 7/15] Decrypting with composite key...");
Path decryptedFile = TEMP_DIR.resolve("scenario29_decrypted.txt");
// NOTE: Same decrypt API - automatically handles composite key AND-decrypt
DecryptResultMetadata result = sdk.decryptFile(encryptedFile, decryptedFile);
System.out.println(" ✅ Decryption successful");
System.out.println(" Key used: " + result.getActualKeyUsed());
System.out.println(" Output: " + decryptedFile);
System.out.println();
System.out.println("[Step 8/15] Verifying plaintext recovery...");
String recoveredPlaintext = FileIO.readUtf8(decryptedFile);
System.out.println(" Recovered " + recoveredPlaintext.length() + " bytes");
System.out.println(" Plaintext match: ✅ Verified");
System.out.println();
System.out.println("[Step 9/15] Security verification - HNDR protection...");
System.out.println(" ✅ HNDR (Harvest Now, Decrypt Later) Protection Active:");
System.out.println();
System.out.println(" Threat Scenario 1: Quantum computer breaks X25519");
System.out.println(" → Data STILL SECURE (ML-KEM-768 component protects)");
System.out.println();
System.out.println(" Threat Scenario 2: ML-KEM-768 vulnerability discovered");
System.out.println(" → Data STILL SECURE (X25519 component protects classically)");
System.out.println();
System.out.println(" Conclusion: Adversary must break BOTH algorithms");
System.out.println(" Defense-in-Depth: ✅ Active");
System.out.println();
}
/**
* Phase 4: Generates a DUALSIGN composite key.
*/
private static String generateDualSignKey(AuthenticatedSdk sdk) throws Exception {
System.out.println("[Step 10/15] Configuring DUALSIGN composite key specification...");
String kid = "sc29_dualsign_" + System.currentTimeMillis();
GenerateCompositeKeySpec spec = new GenerateCompositeKeySpec()
.setKid(kid)
.setMode(GenerateCompositeKeySpec.Mode.DUALSIGN)
.addComponent(ComponentSpec.classical(ClassicalCompositeAlgorithm.ED25519))
.addComponent(ComponentSpec.pqc(PqcCompositeAlgorithm.ML_DSA_44))
.setVerificationPolicy(GenerateCompositeKeySpec.VerificationPolicy.ALL)
.setMaxUsageLimit(500000)
.setExportable(true);
System.out.println(" KID: " + kid);
System.out.println(" Mode: DUALSIGN");
System.out.println(" Components:");
System.out.println(" • Classical: Ed25519 (EdDSA signature, Level 1)");
System.out.println(" • PQC: ML-DSA-44 (NIST FIPS 204, Level 1)");
System.out.println(" Verification Policy: ALL (both must verify)");
System.out.println();
System.out.println("[Step 11/15] Generating dual signature composite key...");
KeyGenerationSummarySpec result = sdk.generateCompositeKey(spec);
System.out.println(" ✅ Composite key generated");
System.out.println(" Type: " + result.getKty());
System.out.println(" Algorithm: " + result.getAlg());
System.out.println(" Key Operations: " + result.getKeyOps());
System.out.println();
System.out.println("[Step 12/15] Exporting public verification key...");
String publicKey = result.getPublicKey();
if (publicKey != null && !publicKey.isEmpty()) {
Path pubKeyFile = TEMP_DIR.resolve("scenario29_dualsign_public.b64");
FileIO.writeUtf8(pubKeyFile, publicKey);
System.out.println(" Public key saved: " + pubKeyFile);
System.out.println(" Distribution: Share for signature verification");
} else {
System.out.println(" Note: Composite keys metadata exported");
System.out.println(" (Verification keys available in JWS header)");
}
System.out.println();
return kid;
}
/**
* Phase 5: Signs and verifies document with dual signatures.
*/
private static void signAndVerifyWithDualSignature(AuthenticatedSdk sdk, String kid) throws Exception {
System.out.println("[Step 13/15] Creating document to sign...");
String document = "LEGAL CONTRACT: This agreement is cryptographically signed with " +
"dual signatures (Ed25519 + ML-DSA-44) for quantum-resistant authenticity. " +
"Verification requires BOTH signatures to be valid (ALL policy).";
Path documentFile = TEMP_DIR.resolve("scenario29_contract.txt");
FileIO.writeUtf8(documentFile, document);
System.out.println(" Document: " + documentFile);
System.out.println(" Size: " + document.length() + " bytes");
System.out.println();
System.out.println("[Step 14/15] Signing with dual signature composite key...");
Path signatureFile = TEMP_DIR.resolve("scenario29_signature.jws");
// NOTE: Same sign API - creates 2 independent signatures internally
SignResult signResult = sdk.signFileStream(kid, documentFile, signatureFile);
System.out.println(" ✅ Dual signature created");
System.out.println(" Key used: " + signResult.getActualKeyUsed());
String signAlg = signResult.getAlgorithmUsed();
System.out.println(" Algorithm: " + (signAlg != null ? signAlg : "DUAL-SIGNATURE"));
System.out.println(" Signature file: " + signatureFile);
System.out.println(" JWS contains: 2 signatures (Ed25519 + ML-DSA-44)");
System.out.println();
System.out.println("[Step 15/15] Verifying dual signature with ALL policy...");
// NOTE: Verification enforces policy (both signatures must verify)
VerifySignatureResult verifyResult = sdk.verifySignatureStream(
documentFile, signatureFile);
System.out.println(" ✅ Signature verification result:");
System.out.println(" Valid: " + verifyResult.isValid());
System.out.println(" Policy enforced: ALL (both Ed25519 AND ML-DSA-44 verified)");
System.out.println();
if (verifyResult.isValid()) {
System.out.println(" ✅ Document authenticity confirmed");
System.out.println(" • Ed25519 signature: ✅ Valid");
System.out.println(" • ML-DSA-44 signature: ✅ Valid");
System.out.println(" • Policy requirement: ✅ Satisfied (ALL)");
System.out.println();
System.out.println(" Security guarantee:");
System.out.println(" Even if quantum computers break Ed25519,");
System.out.println(" ML-DSA-44 signature still proves authenticity.");
} else {
System.out.println(" ❌ Signature verification FAILED");
}
System.out.println();
}
/**
* Calculates SHA-256 fingerprint of public key for out-of-band verification.
*/
private static String calculateFingerprint(String publicKeyBase64) throws Exception {
byte[] keyBytes = Base64.getDecoder().decode(publicKeyBase64);
MessageDigest md = MessageDigest.getInstance("SHA-256");
byte[] hash = md.digest(keyBytes);
// Format as hex with colons every 2 bytes (standard fingerprint format)
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash.length; i++) {
if (i > 0 && i % 2 == 0) sb.append(":");
sb.append(String.format("%02X", hash[i]));
}
return sb.toString();
}
}
How to run
Console milestones:
-
Phase 1: HYBRID_KEM_COMBINE key creation (X25519 + ML-KEM-768)
-
Phase 2: Hybrid encryption with transparent API
-
Phase 3: AND-decrypt verification (both components required)
-
Phase 4: DUALSIGN key creation (Ed25519 + ML-DSA-44)
-
Phase 5: Dual signature creation and ALL policy verification
-
Validation: ✅ Quantum resistance confirmed