ML-KEM (FIPS 203).

NIST's standardized post-quantum key encapsulation mechanism, based on the CRYSTALS-Kyber design and published as FIPS 203 in August 2024 — now the default PQ KEM for TLS, IPsec, and hybrid key exchange. Es gehört zur Kategorie Kryptografie der Cybersicherheit.

NIST's standardized post-quantum key encapsulation mechanism, based on the CRYSTALS-Kyber design and published as FIPS 203 in August 2024 — now the default PQ KEM for TLS, IPsec, and hybrid key exchange.

ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism), standardized as FIPS 203 on 13 August 2024, is the first post-quantum KEM officially standardized by NIST. It is derived from CRYSTALS-Kyber, the winning lattice-based KEM from the NIST PQC competition. The standard defines three parameter sets — ML-KEM-512, ML-KEM-768, and ML-KEM-1024 — targeting AES-128, AES-192, and AES-256-equivalent classical security with quantum resistance under reasonable lattice assumptions. ML-KEM produces encapsulated shared secrets suitable for use with HKDF, allowing it to slot into existing protocols. Hybrid key exchange — combining ML-KEM with classical X25519 via concatenated shared secrets fed into HKDF — was deployed by Apple iMessage (PQ3), Signal (PQXDH), Cloudflare and Google for TLS, and AWS KMS through 2023–2025. Pure ML-KEM (no classical hybrid) is also acceptable per FIPS 203 but most deployments hybridize until lattice cryptography has more years of broad scrutiny. Naming pitfall: the FIPS document uses ML-KEM, but most existing code still says Kyber; treat them as the same family with slight encoding differences between the draft Kyber-768 and final ML-KEM-768.

Schutzmaßnahmen gegen ML-KEM (FIPS 203) kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.

Übliche alternative Bezeichnungen: FIPS 203, Kyber (standardized), Module-Lattice KEM.