A Hybrid ECC–Falcon Secure Handshake Protocol for Post-Quantum Authentication and Forward Secrecy

Dhamyaa Al-kerboly; Omar

doi:10.71229/3mj7ne58

Authors

Dhamyaa Z. Fatah Al-Kerboly Computer Science Department, College of Computer Science and Information Technology, University of Anbar, Anbar, Iraq.
Omar A. Dawood Electronic Computer Center, Computer Science Department, College of Computer Science and Information Technology, University of Anbar, Anbar, Iraq,

DOI:

https://doi.org/10.71229/3mj7ne58

Keywords:

Post-Quantum Cryptography (PQC) , Elliptic-Curve Cryptography (ECC), Fast-Fourier Lattice-based Compact Signatures over NTRU(Falcon), Digital Signature, Hybrid Cryptosystem

Abstract

.

Quantum computing technology is developing at a pace that threatens classic public-key ciphers, including those based on integer factorization and elliptic-curve discrete logarithms. In response, it has been proposed to work towards a hybrid model that can be used in the short term and that is based on the combination of classical Elliptic-Curve Cryptography (ECC) and Post-Quantum Cryptographic (PQC) primitives, increasing security where classically secure key exchanges are used and found to be secure against quantum attacks. The proposed protocol combines ephemeral ECDH key exchange with Falcon-512 digital signatures to provide authenticated session establishment with forward secrecy. This work extends upon these results and assesses as well as justifies the construction of hybrid ECC-Lattice protocols, specifically ECC + Falcon, for quantum-safe authentication and authenticated key establishment. The results highlight that hybrid architecture provides a balanced trade-off between performance, interoperability, and robustness against quantum transition period, positioning them as an essential pathway in the global migration toward quantum-safe cryptography. The protocol was implemented and evaluated under controlled network conditions using 2000 protocol executions. Experimental results demonstrated an average handshake latency of 41.61 ms, a throughput of 24.03 handshakes per second, and a total communication overhead of 1434 bytes per handshake. The results indicate that the proposed Hybrid ECC–Falcon protocol achieves efficient authenticated key establishment while maintaining moderate communication costs. By combining ECDH-based forward secrecy with Falcon-512 post-quantum authentication, the protocol provides a practical solution for secure communications during the post-quantum transition period, particularly in post-quantum transition environments.

References

[1] Baseri Y, Chouhan V, Ghorbani A, Chow A. Evaluation framework for quantum security risk assessment: A comprehensive strategy for quantum-safe transition. Comput Secur 2025;150. https://doi.org/10.1016/j.cose.2024.104272.

[2] Kinyua CG. The Impact of Quantum Computing on Cryptographic Systems: Urgency of Quantum-Resistant Algorithms and Practical Applications in Cryptography. European Journal of Information Technologies and Computer Science 2025;5. https://doi.org/10.24018/ejcompute.2025.5.1.146.

[3] Bernstein DJ, Niederhagen R, Hülsing A, Rijneveld J, Kölbl S, Schwabe P. The SpHiNCS+ signature framework. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery; 2019, p. 2129–46. https://doi.org/10.1145/3319535.3363229.

[4] Rubio Garcia C, Cano Aguilera A, Stan C, Jose Vegas Olmos J, Rommel S, Tafur Monroy I. Enhanced Network Security Protocols for the Quantum Era: Combining Classical and Post-Quantum Cryptography, and Quantum Key Distribution. IEEE Journal on Selected Areas in Communications 2025;43:2765–81. https://doi.org/10.1109/JSAC.2025.3568011.

[5] Gupta A, Adhikari RS, Rani A, Ai X, Malaney R. Combined Quantum and Post-Quantum Security Performance Under Finite Keys 2025.

[6] Fernandez-Carames TM. From Pre-Quantum to Post-Quantum IoT Security: A Survey on Quantum-Resistant Cryptosystems for the Internet of Things. IEEE Internet Things J 2020;7:6457–80. https://doi.org/10.1109/JIOT.2019.2958788.

[7] Giron AA. UNIVERSIDADE FEDERAL DE SANTA CATARINA CENTRO TECNOLÓGICO PROGRAMA DE PÓS-GRADUAÇÃO EM CIÊNCIA DA COMPUTAÇÃO Hybrid Post-Quantum Cryptography in Network Protocols. 2023.

[8] Rubio García C, Rommel S, Takarabt S, Vegas Olmos JJ, Guilley S, Nguyen P, Tafur Monroy I. Quantum-resistant Transport Layer Security. Comput Commun 2024;213:345–58. https://doi.org/10.1016/j.comcom.2023.11.010.

[9] Cherkaoui Dekkaki K, Tasic I, Cano MD. Exploring Post-Quantum Cryptography: Review and Directions for the Transition Process. Technologies (Basel) 2024;12. https://doi.org/10.3390/technologies12120241.

[10] Egbuagha O, Ikwunna E. Post-Quantum Cryptography in Practice: A Literature Review of Protocol-Level Transitions and Readiness. n.d.

[11] Wang Y, Shahril Ismail E. A Review on the Advances, Applications, and Future Prospects of Post-Quantum Cryptography in Blockchain and IoT. IEEE Access 2025;13:112962–77. https://doi.org/10.1109/ACCESS.2025.3584473.

[12] Aranha DF, El Housni Y, Guillevic A. A survey of elliptic curves for proof systems. Des Codes Cryptogr 2023;91:3333–78. https://doi.org/10.1007/s10623-022-01135-y.

[13] Awaludin AM, Larasati HT, Kim H. High-speed and unified ecc processor for generic weierstrass curves over gf(P) on fpga. Sensors 2021;21:1–20. https://doi.org/10.3390/s21041451.

[14] Di Matteo S, Baldanzi L, Crocetti L, Nannipieri P, Fanucci L, Saponara S. Secure elliptic curve crypto-processor for real-time iot applications. Energies (Basel) 2021;14. https://doi.org/10.3390/en14154676.

[15] AbdElHaleem SH, Abd-El-Hafiz SK, Radwan AG. A generalized framework for elliptic curves based PRNG and its utilization in image encryption. Sci Rep 2022;12. https://doi.org/10.1038/s41598-022-17045-x.

[16] Parida P, Pradhan C, Gao XZ, Roy DS, Barik RK. Image Encryption and Authentication with Elliptic Curve Cryptography and Multidimensional Chaotic Maps. IEEE Access 2021;9:76191–204. https://doi.org/10.1109/ACCESS.2021.3072075.

[17] Kumar S, Sharma D. A chaotic based image encryption scheme using elliptic curve cryptography and genetic algorithm. Artif Intell Rev 2024;57. https://doi.org/10.1007/s10462-024-10719-0.

[18] Qiu J, Aysu A. SHIFT SNARE: Uncovering Secret Keys in FALCON via Single-Trace Analysis 2025.

[19] Nguyen TT, Nguyen DD, Dao TT, Luc NQ. Implementation Efficiency of Falcon Digital Signature Scheme on Arty-7 XC7A35T Board. Electronics (Switzerland) 2025;14. https://doi.org/10.3390/electronics14224504.

[20] Fouque P-A, Hoffstein J, Kirchner P, Lyubashevsky V, Pornin T, Prest T, Ricosset T, Seiler G, Whyte W, Zhang Z. Falcon: Fast-Fourier Lattice-based Compact Signatures over NTRU Specifications v1.0. n.d.

[21] Dey K, Goyal M, Singh B, Gangopadhyay AK. An Undeniable Signature Scheme Utilizing Module Lattices 2024. https://doi.org/10.48550.

[22] Su X, Xu Y. An Efficient Cluster-Based Mutual Authentication and Key Update Protocol for Secure Internet of Vehicles in 5G Sensor Networks. Sensors 2025;25. https://doi.org/10.3390/s25010212.

[23] Dowling B, Fischlin M, Günther F, Stebila D. A Cryptographic Analysis of the TLS 1.3 Handshake Protocol. Journal of Cryptology 2021;34. https://doi.org/10.1007/s00145-021-09384-1.

[24] Liu F, Zheng Z, Gong Z, Tian K, Zhang Y, Hu Z, Li J, Xu Q. A survey on lattice-based digital signature. Cybersecurity 2024;7. https://doi.org/10.1186/s42400-023-00198-1.

[25] Brzuska C, Couteau G, Egger C, Karanko P, Meyer P. Instantiating the Hash-then-evaluate paradigm: Strengthening PRFs, PCFs, and OPRFs. Cryptography and Communications 2025;17:1325–66. https://doi.org/10.1007/s12095-025-00825-3.

[26] Chia J, Chin JJ, Yip SC. Digital signature schemes with strong existential unforgeability. F1000Res 2021;10. https://doi.org/10.12688/f1000research.72910.1.

[27] Chuah CW, Harun NZ, Hamid IRA. Key derivation function: key-hash based computational extractor and stream based pseudorandom expander. PeerJ Comput Sci 2024;10. https://doi.org/10.7717/PEERJ-CS.2249.

[28] Rubio García C, Rommel S, Takarabt S, Vegas Olmos JJ, Guilley S, Nguyen P, Tafur Monroy I. Quantum-resistant Transport Layer Security. Comput Commun 2024;213:345–58. https://doi.org/10.1016/j.comcom.2023.11.010.

[29] Giron AA, Adami Do Nascimento JP, Custódio R, Perin LP. Post-Quantum Hybrid KEMTLS Performance in Simulated and Real Network Environments. n.d.

[30] Fouque P-A, Hoffstein J, Kirchner P, Lyubashevsky V, Pornin T, Prest T, Ricosset T, Seiler G, Whyte W, Zhang Z. Falcon: Fast-Fourier Lattice-based Compact Signatures over NTRU. n.d.

[31] Popoola O, Rodrigues MA, Marchang J, Shenfield A, Ikpehai A, Popoola J. An optimized hybrid encryption framework for smart home healthcare: Ensuring data confidentiality and security. Internet of Things (Netherlands) 2024;27. https://doi.org/10.1016/j.iot.2024.101314.

[32] Diro A, Reda H, Chilamkurti N, Mahmood A, Zaman N, Nam Y. Lightweight Authenticated-Encryption Scheme for Internet of Things Based on Publish-Subscribe Communication. IEEE Access 2020;8:60539–51. https://doi.org/10.1109/ACCESS.2020.2983117.