Quantum experts are heralding the arrival of a new cryptographic algorithm, Module-Lattice-Based Key-Encapsulation Mechanism, or put more simply: ML-KEM. ML-KEM is the recently standardized alternative to ECC or RSA key agreement schemes, with ML-KEM-768 chosen as the primary parameter set to replace widely used algorithms such as X25519. The pressure is on for quantum experts to guarantee that this set of algorithms will protect important data when “Q-day” arrives — the anticipated moment when quantum computers are powerful enough to break today’s encryption. “ML-KEM is considered secure enough to protect government data,” Lily Chen, mathematician at the NIST, said. In the transition to PQC, cryptography architects have a choice between pure and hybrid algorithms. Pure PQC migration replaces all previous algorithms with quantum-resistant ones, whereas hybrid migration combines traditional public key algorithms with PQC algorithms. ML-KEM can be deployed with either option. “Now that we have ML-KEM, we still standardized groups that use ML-KEM in this hybrid scenario, it was basically very simple to switch to ML-KEM from Kyber.” Chen added that developing hybrid mode algorithms in alignment with current standards is necessary to prevent people from using unsafe, ad hoc hybrid algorithms. The goal is to meet companies’ needs while staying within the NIST framework.