Hybrid key exchange
Each message derives keys from both classical X25519 ECDH and post-quantum ML-KEM-768 encapsulation.
Forward secrecy
Ephemeral keys per message mean compromising long-term keys does not reveal past classical secrets.
Authenticated
Every message is signed with Ed25519 and ML-DSA-65 identity keys, verified by the recipient.