How to send encrypted public key to the server in Mutually Authenticated Key Exchange?

[TheRebelOfBabylon]

In examples/ake.rs we have this

  // Alice initiates key exchange with bob
  let client_send = alice.client_init(&bob_keys.public, &mut rng);

  // Bob receives the request and authenticates Alice, sends 
  // encapsulated shared secret back
  let server_send = bob.server_receive(
    client_send, &alice_keys.public, &bob_keys.secret, &mut rng
  )?;

To me, this assumes Alice sends an encrypted blob (client_send) and her public key (clear text) to Bob in order for Bob to do server_receive. But what if Alice is privacy-conscious and only wants to send her public key if its encrypted? Is this possible using the current tools in this crate?

[mberry]

To only send the public key and not perform authentication:

let (ciphertext, shared_secret_bob) = encapsulate(&alice_keys.public, &mut rng)?; 
let shared_secret_alice = decapsulate(&ciphertext, &alice_keys.secret)?;
assert_eq!(shared_secret_alice, shared_secret_bob);

Not sure what you mean by an encrypted public key. You can encapsulate the public key again with another method like x25519 to make a hybrid system but that's not in the scope of this crate. Note that this still involves sending a public key.

[mberry]

If there is any more questions feel free to raise another issue

[bingmatv]

encapsulate the public key again with another method like x25519

This seems to be false positive, since quantum computers can easily break ECC, it's possible to do man-in-the-middle attack which swaps Kyber public key. Since quantum computers can easily break ECC, I suggest using post-quantum PKE to encrypt Kyber public key, just use Kyber again when sending the public key or use another post-quantum cipher.