Abstract

Quantum computing is developing fast, and it threatens to break classical public-key cryptography that currently secures the internet communications (quantum computers enable the “Harvest Now, Decrypt Later” attack, where encrypted data captured today could be decrypted by future quantum computers). To address this problem, hybrid TLS 1.3 protocols combine classical algorithms with post-quantum key encapsulation mechanisms (KEM), providing security during this critical transition period before quantum computers become practical. However, this hybrid approach introduces new complexity and potential vulnerabilities that existing security analysis tools cannot adequately assess, as they lack support for post-quantum extensions and hybrid configurations.
In light of these limitations in current tooling and the growing complexity of hybrid TLS, the present work builds upon the initial groundwork produced in POC I (Projeto Orientado em Computação (Guided Project in Computing)). The exploratory research conducted in POC I established the theoretical foundation through literature review and validated hybrid handshake functionality through experimental testing, this work (POC II) addresses two critical gaps identified in the first phase: (1) the lack of automated tools for analyzing post-quantum components in hybrid TLS handshakes, and (2) deepen the understanding of downgrade attack vulnerabilities targeting these hybrid configurations during the transition period. To study these problems, this work developed a TLS parser for automated analysis of hybrid configurations and analyzed specifications for downgrade
attack scenarios.
The developed parser successfully identifies post quantum groups (ML-KEM-512/768/1024) in real TLS handshakes. Additionally, theoretical specifications for two downgrade attack scenarios targeting hybrid TLS were analyzed: post-quantum component removal, and algorithm weakening. These specifications document potential vulnerabilities that were based on the study of the RFC 8556 protocol documentation and historical precedents including FREAK and Logjam attacks, that exploited similar downgrade vulnerabilities in classical TLS implementations. Therefore, this work contributes both for a functional analysis tool enabling automated offline assessment of hybrid TLS configurations and educational documentation of security challenges that requires attention during the post-quantum cryptographic transition.