diff --git a/lib/src/main/java/org/asamk/signal/manager/storage/prekeys/KyberPreKeyStore.java b/lib/src/main/java/org/asamk/signal/manager/storage/prekeys/KyberPreKeyStore.java
index 7b05dff9..b6d79c2b 100644
--- a/lib/src/main/java/org/asamk/signal/manager/storage/prekeys/KyberPreKeyStore.java
+++ b/lib/src/main/java/org/asamk/signal/manager/storage/prekeys/KyberPreKeyStore.java
@@ -4,6 +4,8 @@ import org.asamk.signal.manager.storage.Database;
 import org.asamk.signal.manager.storage.Utils;
 import org.signal.libsignal.protocol.InvalidKeyIdException;
 import org.signal.libsignal.protocol.InvalidMessageException;
+import org.signal.libsignal.protocol.ReusedBaseKeyException;
+import org.signal.libsignal.protocol.ecc.ECPublicKey;
 import org.signal.libsignal.protocol.state.KyberPreKeyRecord;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -132,7 +134,16 @@ public class KyberPreKeyStore implements SignalServiceKyberPreKeyStore {
     }
 
     @Override
-    public void markKyberPreKeyUsed(final int keyId) {
+    public void markKyberPreKeyUsed(
+            final int kyberPreKeyId,
+            final int signedPreKeyId,
+            final ECPublicKey baseKey
+    ) throws ReusedBaseKeyException {
+        // TODO implement correct handling for last resort keys:
+        //  If it's a last-resort pre-key, check whether this specific
+        //  (kyberPreKeyId, signedPreKeyId, baseKey) tuple has been seen before, and throw an
+        //  exception if so. If not, record it for later. Entries can be removed when either the Kyber key
+        //  or the last-resort key is deleted (not just rotated).
         final var sql = (
                 """
                 DELETE FROM %s AS p
@@ -142,7 +153,7 @@ public class KyberPreKeyStore implements SignalServiceKyberPreKeyStore {
         try (final var connection = database.getConnection()) {
             try (final var statement = connection.prepareStatement(sql)) {
                 statement.setInt(1, accountIdType);
-                statement.setInt(2, keyId);
+                statement.setInt(2, kyberPreKeyId);
                 statement.executeUpdate();
             }
         } catch (SQLException e) {
diff --git a/lib/src/main/java/org/asamk/signal/manager/storage/protocol/SignalProtocolStore.java b/lib/src/main/java/org/asamk/signal/manager/storage/protocol/SignalProtocolStore.java
index e1cf9a88..b436fc67 100644
--- a/lib/src/main/java/org/asamk/signal/manager/storage/protocol/SignalProtocolStore.java
+++ b/lib/src/main/java/org/asamk/signal/manager/storage/protocol/SignalProtocolStore.java
@@ -4,7 +4,9 @@ import org.signal.libsignal.protocol.IdentityKey;
 import org.signal.libsignal.protocol.IdentityKeyPair;
 import org.signal.libsignal.protocol.InvalidKeyIdException;
 import org.signal.libsignal.protocol.NoSessionException;
+import org.signal.libsignal.protocol.ReusedBaseKeyException;
 import org.signal.libsignal.protocol.SignalProtocolAddress;
+import org.signal.libsignal.protocol.ecc.ECPublicKey;
 import org.signal.libsignal.protocol.groups.state.SenderKeyRecord;
 import org.signal.libsignal.protocol.state.IdentityKeyStore;
 import org.signal.libsignal.protocol.state.KyberPreKeyRecord;
@@ -228,8 +230,12 @@ public class SignalProtocolStore implements SignalServiceAccountDataStore {
     }
 
     @Override
-    public void markKyberPreKeyUsed(final int kyberPreKeyId) {
-        kyberPreKeyStore.markKyberPreKeyUsed(kyberPreKeyId);
+    public void markKyberPreKeyUsed(
+            final int kyberPreKeyId,
+            final int signedPreKeyId,
+            final ECPublicKey baseKey
+    ) throws ReusedBaseKeyException {
+        kyberPreKeyStore.markKyberPreKeyUsed(kyberPreKeyId, signedPreKeyId, baseKey);
     }
 
     @Override