1. Introduction
この節では PKIX における ML-KEM の RFC 原文を保持し, algorithm identifiers, SubjectPublicKeyInfo, private key formats, ASN.1 objects, security considerations, examples を含めます.
1. Introduction
The Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM)
standardized in [FIPS203] is a quantum-resistant Key Encapsulation
Mechanism (KEM) standardized by the US National Institute of
Standards and Technology (NIST) Post-Quantum Cryptography (PQC)
Project [NIST-PQC]. Prior to standardization, versions of the
mechanism were known as Kyber. ML-KEM and Kyber are not compatible.
This document specifies the use of ML-KEM in Public Key
Infrastructure using X.509 (PKIX) certificates [RFC5280] at three
security levels: ML-KEM-512, ML-KEM-768, and ML-KEM-1024, using
object identifiers (OIDs) assigned by NIST. The private key format
is also specified.
1.1. Applicability Statement
ML-KEM certificates are used in protocols where the public key is
used to generate and encapsulate a shared secret used to derive a
symmetric key used to encrypt a payload; see [RFC9936]. To be used
in TLS, ML-KEM certificates could only be used as end-entity identity
certificates and would require significant updates to the protocol;
for example, see [KEM-TLS].