To help organizations protect their data against possible future attacks from quantum computers, the National Institute of Standards and Technology (NIST) has released a publication offering guidelines for implementing a class of post-quantum cryptography (PQC) algorithms known as key-encapsulation mechanisms, or KEMs.
A KEM is a set of algorithms that can be used by two parties to securely establish a shared secret key over a public channel — a sort of first handshake between parties that want to exchange confidential information. Recent examples of KEMs include ML-KEM and HQC.
The new publication, Recommendations for Key-Encapsulation Mechanisms (NIST Special Publication 800-227), describes the basic definitions, properties and applications of KEMs and provides recommendations for implementing and using KEMs securely.
The publication also offers guidelines for implementing “hybrid” setups that use both conventional and PQC algorithms together, requiring an attacker to break both. For those organizations that opt to use such hybrid setups during their transition to using PQC, the publication offers a way to implement them safely and securely.
The finalized publication reflects comments received on the initial public draft before the deadline on March 7, 2025, as well as input from NIST’s virtual Workshop on Guidance for KEMs held Feb. 25-26, 2025. Comments on the draft are available at the final version’s publication details. Presentations and the recording of the workshop are available on the event webpage.