Quantum experts are heralding the arrival of a new cryptographic algorithm, Module-Lattice-Based Key-Encapsulation Mechanism, or put more simply: ML-KEM.

Why prepare for post-quantum attacks when quantum computers don’t exist yet? Securing your data now is essential, according to Shane Kelly (pictured, left), principal crypto architect at DigiCert Inc. 

“An attacker can take the data that you’re transmitting now,” he said. “They can store it somewhere and when there is a relevant quantum computer, they can start to decrypt it. The higher value your information, the more likely you’re going to be susceptible to this type of attack. Medical information, confidential information, banking information … that’s going to be susceptible.”

Kelly spoke with Lily Chen (center), mathematician at the National Institute of Standards and Technology, and Panos Kampanakis (right), principal security engineer of cryptography at Amazon Web Services Inc., for the DigiCert World Quantum Readiness Day event, during an encore broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the development of ML-KEM and the future of post-quantum cryptography, or PQC. (* Disclosure below.)

ML-KEM: Pure, hybrid or both?

ML-KEM is the recently standardized alternative to ECC or RSA key agreement schemes, with ML-KEM-768 chosen as the primary parameter set to replace widely used algorithms such as X25519. The pressure is on for quantum experts to guarantee that this set of algorithms will protect important data when “Q-day” arrives — the anticipated moment when quantum computers are powerful enough to break today’s encryption.

“ML-KEM is considered secure enough to protect government data,” Chen said. “The confidence is on the whole research community. This ML-KEM candidate has been in the public domain for five years with rigorous and extensive evaluation and analysis. The community is mature enough to make this decision to select ML-KEM as KEM for the quantum-resistant cryptography key encapsulation algorithm.”

In the transition to PQC, cryptography architects have a choice between pure and hybrid algorithms. Pure PQC migration replaces all previous algorithms with quantum-resistant ones, whereas hybrid migration combines traditional public key algorithms with PQC algorithms. ML-KEM can be deployed with either option.

“The industry chose to deploy Kyber [the precursor to ML-KEM] in a hybrid format,” Kampanakis said. “Now that we have ML-KEM, we still standardized groups that use ML-KEM in this hybrid scenario, it was basically very simple to switch to ML-KEM from Kyber.”

Chen added that developing hybrid mode algorithms in alignment with current standards is necessary to prevent people from using unsafe, ad hoc hybrid algorithms. The goal is to meet companies’ needs while staying within the NIST framework.

At AWS, engineers are developing a PQC migration strategy that combines security, flexibility and speed. The company is focused on creating cryptographic libraries that can be deployed consistently across multiple services, ensuring both interoperability and rapid adoption.

“The way we approach these deployments is by using building blocks that allows us to deploy in many services at the same time,” Kampanakis said. “When I say building blocks, I mean cryptographic libraries that implement these algorithms. When you have these implementations and you trust them in your libraries, you basically have them deployed in many services that use them across the world.”

Stay tuned for the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the DigiCert World Quantum Readiness Day event.

(* Disclosure: TheCUBE is a paid media partner for the DigiCert World Quantum Readiness Day event. Neither DigiCert Inc., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Image: SiliconANGLE