Kyber is a Key Encapsulation Mechanism based on lattice problems, which was the first to be standardized by the National Institute of Standards and Technology (NIST) in 2023. Kyber-AKE is a weak forward-secure authenticated key exchange (AKE) constructed by the designers of Kyber, which derives session keys in two rounds using three IND-CCA secure key encapsulation mechanisms. This paper introduces Kyber-PFS-AKE. In Kyber-PFS-AKE, only IND-CPA secure public key encryption is used, and decryption errors in IND-CPA secure public key encryption are handled through the re-encryption technique in the FO transformation, thereby simplifying the design of post-quantum Kyber-AKE.
We rigorously prove that certain operations in the Kyber-AKE protocol are redundant, and after removing these redundancies, the protocol becomes simpler and more efficient. We prove the session key indistinguishability and perfect forward security of Kyber-PFS-AKE in the eCK-PFS-PSK model. Kyber-PFS-AKE is implemented using Kyber768.PKE with 165-bit quantum security. Experimental results show that, compared to Kyber-AKE, the initiator's computation time in Kyber-PFS-AKE is reduced by 38%, and the responder's computation time is reduced by 30%.