Alice initiates the protocol by generating the key pair and retrieving initial QKD material:
- Generates KEM keypair
qkd_kem_key_new() - Initializes QKD context as initiator via
init_qkd_context(true) - Retrieves QKD key identifier:
- ETSI 004: Calls
OPEN_CONNECT()to establish session and gets key ID - ETSI 014: Calls
GET_KEY()to obtain both key and key ID
- ETSI 004: Calls
- Transmits both public key and QKD key ID to Bob
Bob performs encapsulation upon receiving Alice's public key and QKD key ID:
- Calls
oqs_qkd_kem_encaps() - Initializes QKD context as responder via
init_qkd_context(false) - For ETSI 004:
- Establishes session with
OPEN_CONNECT() - Retrieves QKD key using
GET_KEY(key_id)
- Establishes session with
- For ETSI 014:
- Retrieves QKD key using
GET_KEY_WITH_IDS()
- Retrieves QKD key using
- Performs PQ encapsulation via
oqs_qs_kem_encaps_keyslot()
Alice performs decapsulation upon receiving Bob's ciphertext:
- Calls
oqs_qkd_kem_decaps() - For ETSI 004: Retrieves QKD key using
GET_KEY(key_id) - Recovers PQ shared secret via
oqs_qs_kem_decaps_keyslot()