Network defense platforms rely on authenticated management channels between sensors, agents, and controllers. These channels are typically secured with TLS using RSA or elliptic-curve public-key primitives that a cryptanalytically relevant quantum computer executing Shor's algorithm will break. The National Security Agency's Commercial National Security Algorithm Suite 2.0 mandates a transition to quantum-resistant cryptography for national security systems between 2030 and 2035, with hybrid classical-and-post-quantum constructions explicitly permitted during the transition. We present a hybrid attestation protocol for network management channels that combines Ed448 with ML-DSA-87 for mutual authentication and X448 with ML-KEM-1024 for session key establishment. An adversary must forge both a classical elliptic-curve signature and a lattice-based signature to impersonate a peer, and must recover both a classical elliptic-curve shared secret and a lattice-based encapsulated secret to decrypt session traffic. Authentication succeeds only when both signature verifications pass; session keys are derived from the concatenation of both shared secrets through HKDF-SHA-512. The protocol supports both trust-on-first-use key management and a PKI-backed enrollment mode under which peer public keys are authenticated by certificate chains from two parallel certificate authorities (Ed448 and ML-DSA-87). Deployments can select either mode, or a hybrid admitting both paths, allowing the protocol to fit air-gapped environments as well as deployments that require cryptographic rather than observational trust establishment. A cryptographic agility mechanism supports algorithm suite negotiation and hot-swap without device re-provisioning. We specify the protocol, analyze its security against classical and quantum adversaries, and report measured performance from a reference implementation in Python: the full handshake including mutual HELLO, hybrid key exchange, and session key derivation completes in approximately 330 milliseconds on commodity hardware using pure-Python post-quantum primitives. The protocol is one component of a larger network defense platform; a full system description appears in a companion paper.
Alexander W. Smith (Wed,) studied this question.