An Adaptive Dual-Stack QKD-PQC Framework for Secure and Reliable Inter-Site Communication

The advent of quantum computing imposes unprecedented risks on conventional cryptosystems, necessitating novel secure communication strategies. This work presents a modular, hybrid, and adaptive protocol that integrates Quantum Key Distribution (QKD) with Post-Quantum Cryptography (PQC) to maintain continuous, Quantum-Safe Key Exchanges, even under adverse network conditions that typically hinder the state-of-the-art QKD-based methods. At its core are specialized Crypto-Machines, which incorporate QKD Nodes compliant with ETSI-14 standards and modular PQC components, thereby supporting seamless transitions among lattice-, hash-, or code-based schemes. A signed, Quantum-Resistant, HOTP-based mechanism ensures robust mutual authentication. When QKD utilization becomes infeasible—due to, for example, fiber tampering—the protocol dynamically shifts to PQC, safeguarding ongoing communications. Once a key is established, AES-256-GCM encryption provides strong data confidentiality. Simulations have been conducted with the SeQUeNCe toolkit to demonstrate the protocol’s adaptability and resilience. The results show how Crypto-Machines are able to provide QKD exchanges under favorable network conditions while also being able to fall-back to PQC-based approaches with a minimal impact on the performance. Hence, the proposed stack allows operators to maintain Quantum-Proof Key Exchanges where current state-of-the-art solutions are impaired by a low-quality network connection, and thereby offering a forward-looking security framework suited to the quantum era