ML-KEM (FIPS 203).

NIST's standardized post-quantum key encapsulation mechanism, based on the CRYSTALS-Kyber design and published as FIPS 203 in August 2024 — now the default PQ KEM for TLS, IPsec, and hybrid key exchange. 它属于网络安全的 密码学 分类。

NIST's standardized post-quantum key encapsulation mechanism, based on the CRYSTALS-Kyber design and published as FIPS 203 in August 2024 — now the default PQ KEM for TLS, IPsec, and hybrid key exchange.

ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism), standardized as FIPS 203 on 13 August 2024, is the first post-quantum KEM officially standardized by NIST. It is derived from CRYSTALS-Kyber, the winning lattice-based KEM from the NIST PQC competition. The standard defines three parameter sets — ML-KEM-512, ML-KEM-768, and ML-KEM-1024 — targeting AES-128, AES-192, and AES-256-equivalent classical security with quantum resistance under reasonable lattice assumptions. ML-KEM produces encapsulated shared secrets suitable for use with HKDF, allowing it to slot into existing protocols. Hybrid key exchange — combining ML-KEM with classical X25519 via concatenated shared secrets fed into HKDF — was deployed by Apple iMessage (PQ3), Signal (PQXDH), Cloudflare and Google for TLS, and AWS KMS through 2023–2025. Pure ML-KEM (no classical hybrid) is also acceptable per FIPS 203 but most deployments hybridize until lattice cryptography has more years of broad scrutiny. Naming pitfall: the FIPS document uses ML-KEM, but most existing code still says Kyber; treat them as the same family with slight encoding differences between the draft Kyber-768 and final ML-KEM-768.

针对 ML-KEM (FIPS 203) 的防御通常结合技术控制与运营实践,详见上方完整定义。

常见的别称包括: FIPS 203, Kyber (standardized), Module-Lattice KEM。