Passa al contenuto principale

1. Introduction

Questa sezione conserva il testo RFC per ML-KEM in PKIX, inclusi algorithm identifiers, SubjectPublicKeyInfo, private key formats, ASN.1 objects, security considerations ed examples.

1.  Introduction

The Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM)
standardized in [FIPS203] is a quantum-resistant Key Encapsulation
Mechanism (KEM) standardized by the US National Institute of
Standards and Technology (NIST) Post-Quantum Cryptography (PQC)
Project [NIST-PQC]. Prior to standardization, versions of the
mechanism were known as Kyber. ML-KEM and Kyber are not compatible.
This document specifies the use of ML-KEM in Public Key
Infrastructure using X.509 (PKIX) certificates [RFC5280] at three
security levels: ML-KEM-512, ML-KEM-768, and ML-KEM-1024, using
object identifiers (OIDs) assigned by NIST. The private key format
is also specified.

1.1. Applicability Statement

ML-KEM certificates are used in protocols where the public key is
used to generate and encapsulate a shared secret used to derive a
symmetric key used to encrypt a payload; see [RFC9936]. To be used
in TLS, ML-KEM certificates could only be used as end-entity identity
certificates and would require significant updates to the protocol;
for example, see [KEM-TLS].