Hybrid TLS proof
Read →
FIPS 203
ML-KEM migration guide
FIPS 203 (ML-KEM) is the NIST-standardized key encapsulation mechanism for post-quantum TLS — available now.
Framework
Module-Lattice-Based Key-Encapsulation Mechanism standard
Deadline: Available 2024
The three standards
| FIPS | Algorithm | Primary use |
|---|---|---|
| 203 | ML-KEM | Key encapsulation (TLS) |
| 204 | ML-DSA | Digital signatures |
| 205 | SLH-DSA | Hash-based signatures |
Hybrid TLS first
Most production migrations combine classical ECDHE with ML-KEM (e.g. X25519MLKEM768) for backward compatibility. Google and Cloudflare deploy hybrid KEX at scale — inventory must identify which endpoints are still RSA/ECDSA-only.
Handshake proof
Qtangl demo captures hybrid handshake traces attachable to signed reports. Auditors verify signatures at /verify — migration evidence, not lab-only claims.
Rollout playbook
- Inventory endpoints by algorithm and client compatibility requirements
- Pilot on internal services with controlled client base
- Expand to external APIs with monitoring for handshake failures
- Re-scan after each wave; attach proof to Convert backlog items
SLH-DSA and firmware
FIPS 205 supports code signing and firmware where stateful hash signatures (SP 800-208) apply — tag signing infrastructure separately from TLS in your CBOM.
Qtangl mapping
- Hybrid ML-KEM handshake proof in demo and reports
- Per-asset playbook for load balancer rollout
- Re-scan verification after hybrid KEX deployment
References & further reading
Authoritative primary sources cited in this article. Summaries are our own — follow links for full context.
Last verified 2026-06-03
- FIPS 203 — Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM)NIST · 2024-08Standardized post-quantum key encapsulation (formerly Kyber).
- FIPS 204 — Module-Lattice-Based Digital Signature Standard (ML-DSA)NIST · 2024-08Standardized post-quantum digital signatures (formerly Dilithium).
- FIPS 205 — Stateless Hash-Based Digital Signature Standard (SLH-DSA)NIST · 2024-08Hash-based post-quantum signatures (SPHINCS+ family).
- What Is Post-Quantum Cryptography?NIST · 2024Official overview of NIST's PQC project, finalized standards, and the harvest-now-decrypt-later threat model.
Try it