Hasty Briefsbeta

ML-KEM Mythbusting

13 days ago
https://keymaterial.net/2025/11/27/ml-kem-mythbusting/
Copy Link
  • #IETF Standards
  • #Post-Quantum Cryptography
  • #ML-KEM
  • ML-KEM was not invented by the NSA but by European cryptographers.
  • Differences between Kyber and ML-KEM are minor, mostly editorial changes by NIST.
  • There is no backdoor in ML-KEM; the parameter space lacks the entropy needed for a NOBUS backdoor.
  • Fault attacks on ML-KEM are possible but not unique to it; any cryptographic algorithm can be vulnerable to hardware failures.
  • Decryption failure attacks on ML-KEM are theoretically possible but practically negligible due to extremely low probability.
  • Implementation flaws like Kyberslash are issues with specific implementations, not the ML-KEM algorithm itself.
  • Hybrid cryptographic schemes combine classical and post-quantum cryptography for enhanced security, supported by IETF standards.
  • The NSA prefers non-hybrid ML-KEM1024 for their systems, which may result in less efficient but not necessarily less secure handshakes.
  • The IETF does not actively discourage hybrids; the lack of a 'Recommended' flag for some hybrid algorithms is more bureaucratic than substantive.
AboutLogin