**Traditional Algorithm**:-
An asymmetric cryptographic algorithm based on integer factorisation, finite field discrete logarithms or elliptic curve discrete logarithms. **Post-Quantum Algorithm**:-
An asymmetric cryptographic algorithm that is believed to be secure against quantum computers as well as classical computers. **Component Algorithm**:-
Each cryptographic algorithm that forms part of a cryptographic scheme. **Single-Algorithm Scheme**:-
A cryptographic scheme with one component algorithm. A single-algorithm scheme could use either a traditional algorithm or a post-quantum algorithm. **Multi-Algorithm Scheme**:-
A cryptographic scheme with more than one component algorithm. **Post-Quantum Traditional (PQT) Hybrid Scheme**:-
A cryptographic scheme that uses two or more component algorithms where at least one is a post-quantum algorithm and at least one is a traditional algorithm. **PQT Hybrid Key Encapsulation Mechanism**:-
A Key Encapsulation Mechanism (KEM) that uses two or more component algorithms where at least one is a post-quantum algorithm and at least one is a traditional algorithm. **PQT Hybrid Public Key Encryption**:-
A Public Key Encryption (PKE) scheme that uses two or more component algorithms where at least one is a post-quantum algorithm and at least one is a traditional algorithm. **PQT Hybrid Digital Signature**:-
A digital signature scheme that uses two or more component algorithms where at least one is a post-quantum algorithm and at least one is a traditional algorithm. PQT Hybrid KEMs, PQT Hybrid PKE, and PQT Hybrid Digital Signatures are all examples of PQT Hybrid schemes. **PQT Hybrid Combiner**:-
A method that takes two or more component algorithms and combines them to form a PQT Hybrid scheme.

**Hybrid Confidentiality**:-
The property that confidentiality is achieved provided that at least one component algorithm remains secure.

**Hybrid Authentication**:-
The property that authentication is achieved provided that at least one component algorithm remains secure.

**Cryptographic Element**:-
Any data (private or public) that is an input or output value for a cryptographic algorithm or a function making up a cryptographic algorithm. Types of cryptographic elements include public keys, private keys, plaintexts, ciphertexts, shared secrets, and signature values. **Component Cryptographic Element**:-
A cryptographic element of a component algorithm in a multi-algorithm scheme. **Composite Cryptographic Element**:-
A cryptographic element that incorporates multiple component cryptographic elements of the same type in a multi-algorithm scheme. For example, a composite cryptographic public key is made up of two component public keys. **Cryptographic Element Combiner**:-
A method that takes two or more component cryptographic elements of the same type and combines them to form a composite cryptographic element. A cryptographic element combiner could be concatenation, such as where two component public keys are concatenated to form a composite public key as in , or something more involved such as the dualPRF defined in .

**PQT Hybrid Protocol**:-
A protocol that incorporates one or more PQT Hybrid schemes. A PQT Hybrid protocol that provides hybrid confidentiality may use a PQT Hybrid KEM, PQT Hybrid PKE, or a different combination of primitives. A PQT Hybrid protocol that provides hybrid authentication may use a PQT Hybrid Digital Signature or could alternatively use a PQT Hybrid KEM or PQT Hybrid PKE to prove possession of long-term component private keys. PQT Hybrid protocols that offer both confidentiality and authentication do not necessarily offer both hybrid confidentiality and hybrid authentication. For example, provides hybrid confidentiality but does not address hybrid authentication. Therefore, if the design in is used with X.509 certificates as defined in only authentication with a single algorithm is achieved. **Composite PQT Hybrid Protocol**:-
A protocol that incorporates one or more PQT Hybrid schemes in such a way that the protocol fields and message flow are the same as those in a version of the protocol that uses single-algorithm schemes. In a composite PQT Hybrid protocol, changes are primarily made to the formats of the cryptographic elements, while the protocol fields and message flow remain largely unchanged. In implementations most changes are likely to be made to the cryptographic libraries, with minimal changes to the protocol libraries. **Non-composite PQT Hybrid Protocol**:-
A protocol that incorporates one or more PQT Hybrid schemes in such a way that the formats of the component cryptographic elements are the same as when they are used as part of single-algorithm schemes. In a non-composite PQT Hybrid protocol, changes are primarily made to the protocol fields, the message flow, or both, while changes to cryptographic elements are minimised. In implementations, most changes are likely to be made to the protocol libraries, with minimal changes to the cryptographic libraries.

**PQT Hybrid Certificate**:-
A digital certificate that contains public keys for two or more component algorithms where at least one is a traditional algorithm, and at least one is a post-quantum algorithm. A PQT Hybrid certificate could be used to facilitate a PQT Hybrid authentication protocol. However, a PQT Hybrid authentication protocol does not need to use a PQT Hybrid certificate; separate certificates could be used for individual component algorithms. The component public keys in a PQT Hybrid certificate could be included as a composite public key or as individual component public keys. The use of a PQT Hybrid certificate does not necessarily achieve hybrid authentication of the identity of the sender; this is determined by properties of the chain of trust. For example, an end-entity certificate that contains a composite public key as defined in but which is signed using a single-algorithm digital signature scheme could be used to provide hybrid authentication of the source of a message, but would not achieve hybrid authentication of the identity of the sender.