- NIST defines hybrid key establishment to be a "scheme that is a combination of two or more components that are themselves cryptographic key-establishment schemes"
; - ETSI defines hybrid key exchanges to be "constructions that combine a traditional key exchange ... with a post-quantum key exchange ... into a single key exchange"
.

**Traditional Algorithm**:-
An asymmetric cryptographic algorithm based on integer factorisation, finite field discrete logarithms or elliptic curve discrete logarithms. **Post-Quantum Algorithm**:-
An asymmetric cryptographic algorithm that is believed to be secure against attacks using quantum computers as well as classical computers. **Component Algorithm**:-
Each cryptographic algorithm that forms part of a cryptographic scheme. **Single-Algorithm Scheme**:-
A cryptographic scheme with one component algorithm. A single-algorithm scheme could use either a traditional algorithm or a post-quantum algorithm. **Multi-Algorithm Scheme**:-
A cryptographic scheme with more than one component algorithm. In a multi-algorithm scheme all component algorithms are of the same type; e.g., all are signature algorithms or all are Public Key Encryption (PKE) algorithms. Component algorithms could be all traditional, all post-quantum, or a mixture of the two. **Post-Quantum Traditional (PQ/T) Hybrid Scheme**:-
A multi-algorithm scheme where at least one component algorithm is a post-quantum algorithm and at least one is a traditional algorithm. **PQ/T Hybrid Key Encapsulation Mechanism (KEM)**:-
A multi-algorithm KEM made up of two or more component KEM algorithms where at least one is a post-quantum algorithm and at least one is a traditional algorithm. **PQ/T Hybrid Public Key Encryption (PKE)**:-
A multi-algorithm PKE scheme made up of two or more component PKE algorithms where at least one is a post-quantum algorithm and at least one is a traditional algorithm. **PQ/T Hybrid Digital Signature**:-
A multi-algorithm digital signature scheme made up of two or more component digital signature algorithms where at least one is a post-quantum algorithm and at least one is a traditional algorithm. PQ/T hybrid KEMs, PQ/T hybrid PKE, and PQ/T hybrid digital signatures are all examples of PQ/T hybrid schemes. **PQ/T Hybrid Combiner**:-
A method that takes two or more component algorithms and combines them to form a PQ/T hybrid scheme. **PQ/PQ Hybrid Scheme**:-
A multi-algorithm scheme where all components are post-quantum algorithms. The definitions for types of PQ/T hybrid schemes can adapted to define types of PQ/PQ hybrid schemes, which are multi-algorithm schemes where all component algorithms are Post-Quantum algorithms.

**Cryptographic Element**:-
Any data type (private or public) that contains an input or output value for a cryptographic algorithm or for a function making up a cryptographic algorithm. Types of cryptographic elements include public keys, private keys, plaintexts, ciphertexts, shared secrets, and signature values. **Component Cryptographic Element**:-
A cryptographic element of a component algorithm in a multi-algorithm scheme. For example, in , the client's keyshare contains two component public keys, one for a post-quantum algorithm and one for a traditional algorithm. **Composite Cryptographic Element**:-
A cryptographic element that incorporates multiple component cryptographic elements of the same type in a multi-algorithm scheme. For example, a composite cryptographic public key is made up of two component public keys. **Cryptographic Element Combiner**:-
A method that takes two or more component cryptographic elements of the same type and combines them to form a composite cryptographic element. A cryptographic element combiner could be concatenation, such as where two component public keys are concatenated to form a composite public key as in , or something more involved such as the dualPRF defined in .

**PQ/T Hybrid Protocol**:-
A protocol that uses two or more component algorithms providing the same cryptographic functionality, where at least one is a post-quantum algorithm and at least one is a traditional algorithm. For example, a PQ/T hybrid protocol providing confidentiality could use a PQ/T hybrid KEM such as in , or it could combine the output of a post-quantum KEM and a traditional KEM at the protocol level to generate a single shared secret, such as in . Similarly, a PQ/T hybrid protocol providing authentication could use a PQ/T hybrid digital signature scheme, or it could include both post-quantum and traditional single-algorithm digital signature schemes. **Composite PQ/T Hybrid Protocol**:-
A protocol that incorporates one or more PQ/T hybrid schemes in such a way that the protocol fields and message flow are the same as those in a version of the protocol that uses single-algorithm schemes. In a composite PQ/T hybrid protocol, changes are primarily made to the formats of the cryptographic elements, while the protocol fields and message flow remain largely unchanged. In implementations, most changes are likely to be made to the cryptographic libraries, with minimal changes to the protocol libraries. **Non-composite PQ/T Hybrid Protocol**:-
A protocol that incorporates multiple single-algorithm schemes of the same type, where at least one uses a post-quantum algorithm and at least one uses a traditional algorithm, in such a way that the formats of the component cryptographic elements are the same as when they are used as part of single-algorithm schemes. In a non-composite PQ/T hybrid protocol, changes are primarily made to the protocol fields, the message flow, or both, while changes to cryptographic elements are minimised. In implementations, most changes are likely to be made to the protocol libraries, with minimal changes to the cryptographic libraries.

**PQ/T Hybrid Confidentiality**:-
The property that confidentiality is achieved by a PQ/T hybrid scheme or PQ/T hybrid protocol as long as at least one component algorithm that aims to provide this property remains secure. **PQ/T Hybrid Authentication**:-
The property that authentication is achieved by a PQ/T hybrid scheme or a PQ/T hybrid protocol as long as at least one component algorithm that aims to provide this property remains secure.

**PQ/T Hybrid Interoperability**:-
The property that a PQ/T hybrid scheme or PQ/T hybrid protocol can be completed successfully provided that both parties share support for at least one component algorithm. For example, a PQ/T hybrid digital signature might achieve hybrid interoperability if the signature can be verified by either verifying the traditional or the post-quantum component, such as in the OR modes described in .

**PQ/T Hybrid Certificate**:-
A digital certificate that contains public keys for two or more component algorithms where at least one is a traditional algorithm and at least one is a post-quantum algorithm. A PQ/T hybrid certificate could be used to facilitate a PQ/T hybrid authentication protocol. However, a PQ/T hybrid authentication protocol does not need to use a PQ/T hybrid certificate; separate certificates could be used for individual component algorithms. The component public keys in a PQ/T hybrid certificate could be included as a composite public key or as individual component public keys.

**Post-Quantum Certificate**:-
A digital certificate that contains a single public key for a post-quantum digital signature algorithm. **Traditional Certificate**:-
A digital certificate that contains a single public key for a traditional digital signature algorithm. X.509 certificates as defined in could be either traditional or post-quantum certificates depending on the algorithm in the Subject Public Key Info. For example, a certificate containing a Dilithium public key, as defined in , would be a post-quantum certificate. **Post-Quantum Certificate Chain**:-
A certificate chain where each certificate includes a public key for a post-quantum algorithm and is signed using a post-quantum digital signature scheme. **Traditional Certificate Chain**:-
A certificate chain where all certificates includes a public key for a traditional algorithm and is signed using a traditional digital signature scheme. **PQ/T Hybrid Certificate Chain**:-
A certificate chain where all certificates are PQ/T hybrid certificates and each certificate is signed with two or more component algorithms where at least one is a traditional algorithm and at least one is a post-quantum algorithm.

**PQ/T Hybrid Scheme Identifier**:-
A single code point that specifies all component algorithms used in a PQ/T hybrid scheme.