CECPQ1 (combined elliptic Curve and Post-Quantum Cryptography Key Exchange) is a new key exhange developed by google, which combine X25519 with NewHope (elliptic Curve KE + Post-quantum KE).
Google has implemented CECPQ1 in boringSSL But there isn't a documentation or clarified explanation, how it works.
Looking at the code, I think, there are two key exchanges - X25519 and NewHope. Results of those exchanges are concatenated (here) Then this concatenation is fed into KDF and used as session key.
So even if NewHope is broken whole scheme is secure, because X25519 is secure. Attacker must break both NewHope and x25519 to break a scheme.
Can Someone confirm that? or give me more details about CECPQ1?
