CRYSTALS-Kyber
CryptographyDefinition
A NIST-standardized (FIPS 203) post-quantum key encapsulation mechanism based on the hardness of the Module Learning With Errors (MLWE) lattice problem, resistant to attacks from both classical and quantum computers.
Technical Details
Kyber (now standardized as ML-KEM under FIPS 203) provides key encapsulation for establishing shared secrets, replacing RSA and ECDH in key exchange protocols. It offers three parameter sets (Kyber-512, Kyber-768, Kyber-1024) trading security level for performance. Kyber's lattice-based security relies on the computational hardness of MLWE, which has no known efficient quantum algorithm. It is being integrated into TLS 1.3, SSH, and VPN protocols.
Practical Usage
Security architects replacing RSA-2048 or ECDH key exchange should evaluate Kyber-768 as a post-quantum replacement. Hybrid deployments combining classical ECDH with Kyber provide defense-in-depth during the transition period, maintaining security even if one algorithm is unexpectedly broken.
Examples
- Google Chrome began testing X25519Kyber768 hybrid key exchange in TLS connections in 2023.
- NIST published FIPS 203 (ML-KEM based on Kyber) in August 2024 as the primary post-quantum key encapsulation standard.
- A VPN provider implements hybrid Kyber + ECDH key exchange to protect against harvest-now-decrypt-later attacks.