Key Encapsulation Mechanism (FIPS 203)
A KEM is a cryptographic scheme that, under certain conditions, can be used to establish a shared secret key between two communicating parties. This shared secret key can then be used for symmetric-key cryptography.
The security of the particular KEM specified in this standard is related to the computational difficulty of solving certain systems of noisy linear equations, specifically the Module Learning With Errors (MLWE) problem. At present, it is believed that this particular method of establishing a shared secret key is secure, even against adversaries who possess a quantum computer. In the future, additional KEMs may be specified and approved in FIPS publications or in NIST Special Publications.
The following is a high-level overview of KEMs.
In a typical application, a KEM is used to establish a shared secret between two parties (referred to here as Alice and Bob), as described in the figure above.
Alice begins by generating an ML-KEM key pair, which consists of a (public) encapsulation key and a (private) decapsulation key. Upon obtaining Alice’s encapsulation key, Bob runs the encapsulation algorithm, which produces his copy, K, of the shared secret along with an associated ciphertext. Bob sends the ciphertext to Alice, and Alice completes the process by running the decapsulation algorithm using her decapsulation key and the ciphertext.
This final step produces Alice’s copy, K′, of the shared secret. After completing this process, Alice and Bob can conclude that their outputs satisfy K′ = K and that this value is a secure, random, shared secret. However, these properties only hold if certain important conditions are satisfied, as discussed in SP 800-227.
Generate key pair
POST: /v1/key
{
"label": "pqc_mlkem_fips203_final",
"password": null,
"algorithm": "ML-KEM-1024",
"attributes": {
"sign": false,
"decrypt": true,
"derive": true,
"unwrap": false,
"extractable": false,
"modifiable": true,
"destroyable": true,
"sensitive": true
}
}
Supported Algorithms: ML-KEM-512, ML-KEM-768, ML-KEM-1024
Response: The encapsulation key (public key), which Alice should send to Bob.
Alice can also fetch the public key later with /v1/key/attributes.
{
"label": "pqc_mlkem_fips203_final",
"algorithm": "ML-KEM-1024",
"algorithmOid": "2.16.840.1.101.3.4.4.3",
"createTime": "2025-07-18T09:35:16Z",
"attestTime": "2025-07-18T09:35:17Z",
"publicKey": "MIIGMjALBglghkgBZQMEBAMDggYhALYAyUkMeR9ki4UKi7uneYvQgc7RkkH1X+xiaK7wkfELXYHABc9HD4GFmxUEr4fMwgUbgzKHqxqsKINKxXECwIdTRS1khP5CErDGbmYbfxahbUjEOioVL1X2n5FTtVlww51BYXQbgvprc0ZAvHAomHx1CksCipvsz226jUvpdfhFtIC1f1h6O8XkAKhrlMPEyecqVOOgUC+iBtfBATYWtFzbEi2mj/mkezabzFRIrOOkxdg3wRYmo9SLMPyBUbeLv04xZSWsEZvldCwDTjt6EuuHeRBUh3JyeRGiWh0bXtSbNlw5N1TUqloDNa4rkz6AW1dlt02hUF9GtN24K75yl81JGc5AeTbUdz1cDRA2LRxswK5nttd2jTk7yqslX0/XYl9gtUHbOfk8s/DRvfiBve0Ees8cG20ZXtgicjWYiTVSG3GKNyOzj6FDuVA1x21aK1yrIWD2tpv3skVnOi/CJRDAzomkL66qqmW8qM3neqfhpqYlPH0hl4tTy9hZv5MiWmADVIUnGhBUweACvGyKMa/kRnLoQkZwCq3YJs6qczmFNgGqbE0kVLtBWzqTiMagCSh6tu4wZ1v4p2Dgr+0jP1NUz3Z6mCh7Nj22Wl2WJRZJz82oU5vKHDOcCbmEpk5KdKGLOJn7v6cggwEJtfBXjU+KGeNKD85moroZzYj7ctgTbWtAo2yzXKmHsk+Yw+KgwjB0ShI7JzoIIPgWAGb0e+vYxXPMuvBYSTPikuMhFaNGOD/AnBiBVDLkA51MMcdaD3sJBeWzZBjAIJpwZr02Apy0SaV5wkRZFkvBtYssH+aGkOFbnw4QNQ0Tjv+4ZC3ltAsAg0yAN/wxv0YozRUJGEs1zoPXDaxxveV4TElXfpEWaqrVs2jIgAhTmmZ5mE2FTOOER0ebmCHzWx0iKSVbQyfzl/j6XZNDSKIJg5/rKrj5GWDXah30tA3ntrLiS/rWAR8mtfVIKLrsrN/RK+cRk2JZCtX6sbUDBfDWaP5XHcf4tmYTW90KTJ2IsT1VEaeLa3O8YttiBE8cyDBZAXeyO9G3hi3zNCActJUHtGlId/xzBZxheg5weAribmyltntEWbgma4AjQRuarGnbdbParO7RWzs5JPmJhjMVIFYFXVdBQVLcB6AalD57gUaqWJNHYL4IejsrP0pacFDyrz00flmMbbblTUMrsgVLh9z0hBWETVDTuY47SxQFDIB4a4lZezinB7qqdhSJuK9GCXmRyZpRY0aIRzOQqLZhSGNYjddKoOUYRtugrripXI16HdRkF9RBZkmndPEaiBNVIcs3c2uoY05AmZ2xci4WFKjUeuIWUG9MBeQ4Aatlq+xoR2sUT3cJqP0BkcJnzPRBR8q3FGsAjytwFQybiBiYP5IHOHDSNu64srQQDi1gYyGqH2k5q6sTuHiyuuJ1XobXTkmZL3tQgZtnr3PsRxEmuarlyrPZVz2YWac3D3dwxS05yUJrNzwlMvhJEy/DuwjlwmErbaunvjb3NGuRSOaFZIxlNHL8pCQhXgZLjD47fOiARAHrLCdJJnlMtGyTJUkqnPMrOBq6RsHRyY8xKFBIXp9xFcsijFV8ydcbyLTRALDpAeBAkNfbKjyBIPbMdg5REQfJHqm3sLuwHq5jKLO3z2gSbUqIqM02Eqbzi5dFiBRgUeRhfFqbkSPRK6CINr2nP2QBS3yFfiSkihXbOH2DahwxyDN3AuiLBTB6gicLiSMcnS3SopdLKB5HI1gIoYzSxE1ASUEGOQOZWvg3N/gLUnsMvHXDJFS5FI7zjnPoX+m7xRG0TyPhDMuXS/JaDJSMnOZ0nTA6GeTGB6aouAhoE3F7NSXgSt7ZQediZAEJgCXHbP5pQcXqgLUHVjj3EBnyX+Kcc+XRCN0bFexmChRIlu7QBe0oo70FZYyocddwSfmWjDQiNYEjmF6AwLtXJQBEQvJCdwVQJgW0RreSP+TqCQv7wnICqjyidKjgP12IL6M6TyY3VzWJSLsQFhN1ep7owZc4t7PSfa3Ge2dnO8vbupfbmHIobfS5h994HxngatApNaEDxTm3i79I5uN7Hdm5qEvvF/EWEa8FcsgocDRMY7EFjNdP",
...
}
Encapsulate
After Bob receives the public encapsulation key from Alice, he runs the encapsulation algorithm, wich produces Bob's copy of K of the shared secret along with a ciphertext.
POST: /v1/encapsulate
{
"publicKey": "MIIGMjALBglghkgBZQMEBAMDggYhALYAyUkMeR9ki4UKi7uneYvQgc7RkkH1X+xiaK7wkfELXYHABc9HD4GFmxUEr4fMwgUbgzKHqxqsKINKxXECwIdTRS1khP5CErDGbmYbfxahbUjEOioVL1X2n5FTtVlww51BYXQbgvprc0ZAvHAomHx1CksCipvsz226jUvpdfhFtIC1f1h6O8XkAKhrlMPEyecqVOOgUC+iBtfBATYWtFzbEi2mj/mkezabzFRIrOOkxdg3wRYmo9SLMPyBUbeLv04xZSWsEZvldCwDTjt6EuuHeRBUh3JyeRGiWh0bXtSbNlw5N1TUqloDNa4rkz6AW1dlt02hUF9GtN24K75yl81JGc5AeTbUdz1cDRA2LRxswK5nttd2jTk7yqslX0/XYl9gtUHbOfk8s/DRvfiBve0Ees8cG20ZXtgicjWYiTVSG3GKNyOzj6FDuVA1x21aK1yrIWD2tpv3skVnOi/CJRDAzomkL66qqmW8qM3neqfhpqYlPH0hl4tTy9hZv5MiWmADVIUnGhBUweACvGyKMa/kRnLoQkZwCq3YJs6qczmFNgGqbE0kVLtBWzqTiMagCSh6tu4wZ1v4p2Dgr+0jP1NUz3Z6mCh7Nj22Wl2WJRZJz82oU5vKHDOcCbmEpk5KdKGLOJn7v6cggwEJtfBXjU+KGeNKD85moroZzYj7ctgTbWtAo2yzXKmHsk+Yw+KgwjB0ShI7JzoIIPgWAGb0e+vYxXPMuvBYSTPikuMhFaNGOD/AnBiBVDLkA51MMcdaD3sJBeWzZBjAIJpwZr02Apy0SaV5wkRZFkvBtYssH+aGkOFbnw4QNQ0Tjv+4ZC3ltAsAg0yAN/wxv0YozRUJGEs1zoPXDaxxveV4TElXfpEWaqrVs2jIgAhTmmZ5mE2FTOOER0ebmCHzWx0iKSVbQyfzl/j6XZNDSKIJg5/rKrj5GWDXah30tA3ntrLiS/rWAR8mtfVIKLrsrN/RK+cRk2JZCtX6sbUDBfDWaP5XHcf4tmYTW90KTJ2IsT1VEaeLa3O8YttiBE8cyDBZAXeyO9G3hi3zNCActJUHtGlId/xzBZxheg5weAribmyltntEWbgma4AjQRuarGnbdbParO7RWzs5JPmJhjMVIFYFXVdBQVLcB6AalD57gUaqWJNHYL4IejsrP0pacFDyrz00flmMbbblTUMrsgVLh9z0hBWETVDTuY47SxQFDIB4a4lZezinB7qqdhSJuK9GCXmRyZpRY0aIRzOQqLZhSGNYjddKoOUYRtugrripXI16HdRkF9RBZkmndPEaiBNVIcs3c2uoY05AmZ2xci4WFKjUeuIWUG9MBeQ4Aatlq+xoR2sUT3cJqP0BkcJnzPRBR8q3FGsAjytwFQybiBiYP5IHOHDSNu64srQQDi1gYyGqH2k5q6sTuHiyuuJ1XobXTkmZL3tQgZtnr3PsRxEmuarlyrPZVz2YWac3D3dwxS05yUJrNzwlMvhJEy/DuwjlwmErbaunvjb3NGuRSOaFZIxlNHL8pCQhXgZLjD47fOiARAHrLCdJJnlMtGyTJUkqnPMrOBq6RsHRyY8xKFBIXp9xFcsijFV8ydcbyLTRALDpAeBAkNfbKjyBIPbMdg5REQfJHqm3sLuwHq5jKLO3z2gSbUqIqM02Eqbzi5dFiBRgUeRhfFqbkSPRK6CINr2nP2QBS3yFfiSkihXbOH2DahwxyDN3AuiLBTB6gicLiSMcnS3SopdLKB5HI1gIoYzSxE1ASUEGOQOZWvg3N/gLUnsMvHXDJFS5FI7zjnPoX+m7xRG0TyPhDMuXS/JaDJSMnOZ0nTA6GeTGB6aouAhoE3F7NSXgSt7ZQediZAEJgCXHbP5pQcXqgLUHVjj3EBnyX+Kcc+XRCN0bFexmChRIlu7QBe0oo70FZYyocddwSfmWjDQiNYEjmF6AwLtXJQBEQvJCdwVQJgW0RreSP+TqCQv7wnICqjyidKjgP12IL6M6TyY3VzWJSLsQFhN1ep7owZc4t7PSfa3Ge2dnO8vbupfbmHIobfS5h994HxngatApNaEDxTm3i79I5uN7Hdm5qEvvF/EWEa8FcsgocDRMY7EFjNdP"
}
Response:
{
"sharedSecret": "5/hVCXK1WfRsp91/By0JPpZ39ynbJhEQzb3fRKVU7Lk=",
"ciphertext": "bWKH1tIfNt5xBztv80bYa2dNg1/GIBFd6EqOysSlcDabEt3UdOvYQQj1Q8R0PgdEO5fkdmb9YkPpoDfLR5O2CibMJ9LcModpYQrsj++ZfhAr8u6sxmZyPcX7/MpfWiSh2BGwP/8X96yL6149O66iKSuVlVUv49AWmqpuhHC8PZl4YJg03Vej5LjdCPkNS0DdnSOMCgtgxcGpKYpy9WWqnCbqaxXsHSw34ImUxbuIkbyitxSieUC9SSnI5UChovHIAEUpOv9OWjr+wrVBN1f6/vg+kUewH1Sddl1mhVrjAjJHclzE6B8TbAFXM5sFLw0TmnTpIvcdmCd1K+n6hj0atS1TRsNwvCB3RfoCRhM9PiY/++VKLtSLRBO+FlbcYfDRLbWb9eBylB4iaMJelJObRTMb+R5MQq3b/OdFPtyE0fkURkjLMbwndyZINKlPZa1fFDOYQDfG7MuS5kN0dEZv1VfCZKMO8rqRl5bdx6upbl9Kc2JbyV7AB64MDcseNjdRPN9Z2vES2A4tHRziIRtplDgctK2Kt9ST25g2Kil/An79eCPKJm3GhyNfI5d3yjkzgG5OuEtZsXB0aIBBj+03jUJYXBqP+31Ojo4SUAOV/3o9mNpGXS3Q70wkOn8lYoGjeVrvbCThtboCfFW7pZBbqxrfy+uSvJyiUqotPBuwVkVTf+UY2sNr9bCHJSPX1S+2hC9iO2pSY1rP9EbCMrGRTjTtPt68/6UlxjwlBs1Y0uJbmKtVNdT/fpCidPxsjpJ+VLI+ve2xW4dm/zSZfYc2ecEFEa+ltgVofhk1Sd2Dbq0SETNH57cVwjGE5t8sH69C7R8o2zoVghMqLvXDH3ZeJ1CQpRAUGdg3ET+/dewB3SeTDzTYlTA7hEF0jFJm1p5zBPs8fmGlnDyEgSINBAidYbIUi+F6bsaTVC3ITchM9pQSPQoce0R2twhvdUFfYJjFQUQ3XSqhwEnntgihlwqCbsjf4oziktSxFVAmuS7EFmaokfG/d2pYYsGDnXpvT56T/FodoNl2Jtj6NA6U6L3qwKnl0JIMta7glUzwmoZpozES2aCCMlq681lK7I/PyyC7B6i4ayZyCH1VF/Ps3eOh+oo1n5kTtSLBH6UrZZWqETUy/zQbEzwDQr4mB2oEnBrwA3B7Jb2ptTaUrDG2S5/cr0rMZaMiMER3Qwa9/WS9f3NqkUzSTJKvFPls1QZGDW6KLR9YHIBlsA18eQWW6KkpRiknvXeIF1hVQCoXhv3g3b2EhZoCshFfpQb0Ksyn4HlVv76Cqw0nOJZrLLhxoVDzzIZpX4b7EZK3JbngS4eqo/Rss/cDLsqeapppac5ZEHiLhSQbDZWyJtGZNw8OdYaZgYzIqIQU7MhGZfMYFsfdpbQaCcZ4303F44PxjpihLV3AXF5rA3A7McCnRFb1h1swaxiaA74b0LW0RaYnCUCFvU0+E6VyQYtnxd40ggHkOgYX01engBlZWKbQhy/HTArUFxy29wkp7gqCgWPiZl8ySyLxeqLY0mOUMhliPE5us9qa+I4V/Y1FGVtoXAhyArN3eU7OnvMoQTV4gyaA99aChcss9UsNIoAk3ZGJ2a0+ZsA270I4b46c5Q7iHB+ww4SHKYpG06ld4sDUvw0ayBYRPNebqJ/k5zOmxdoxJ5TMQrJP4OTAAVYOVTrJvu0Cvgu7GyB6mWn2xaTUSEsbG8G1OubodKOTuyPfgg/hbHAsYv9KCmENNLvvrS1/FCoV754USOVbMdhK23REipJGOZ0CKbm1qJiQtQp1LfxBXv+9Pqm5Arebn4eRF61FiOE5+qBTt8kPR9+P+EPu/EGhWcvnQIPA86WZweYVddTfulKjJpKMZzu99C4QW09wkRnzOtGGsAMkWtQ8I18P72k3Z0X5ReCrHPCBxFVUDK0saP7w+L43XT4DrZHHpdLMNeUNOzuq6w/y+B4OPcKs0lyyg5jwKLlB7d2xhSvwe/YCjia8Siq285aHhQ0QZ7SpRkN/eRzCrOd45hw7bZLeC21RdcCpR1V4/u812MCRWzHa1JJKPXve7bgcqFPC8UWDwVml3QVfjvDuzsP15gzIqPKqWezK/H8="
}
Decapsulate
Bob sends the ciphertext to Alice, and Alice completes the process by running the decapsulation algorithm using her private decapsulation key (which is stored in the HSM) and the ciphertext.
POST: /v1/decapsulate
{
"decapsulationKeyName": "pqc_mlkem_fips203_final",
"keyPassword": null,
"ciphertext": "bWKH1tIfNt5xBztv80bYa2dNg1/GIBFd6EqOysSlcDabEt3UdOvYQQj1Q8R0PgdEO5fkdmb9YkPpoDfLR5O2CibMJ9LcModpYQrsj++ZfhAr8u6sxmZyPcX7/MpfWiSh2BGwP/8X96yL6149O66iKSuVlVUv49AWmqpuhHC8PZl4YJg03Vej5LjdCPkNS0DdnSOMCgtgxcGpKYpy9WWqnCbqaxXsHSw34ImUxbuIkbyitxSieUC9SSnI5UChovHIAEUpOv9OWjr+wrVBN1f6/vg+kUewH1Sddl1mhVrjAjJHclzE6B8TbAFXM5sFLw0TmnTpIvcdmCd1K+n6hj0atS1TRsNwvCB3RfoCRhM9PiY/++VKLtSLRBO+FlbcYfDRLbWb9eBylB4iaMJelJObRTMb+R5MQq3b/OdFPtyE0fkURkjLMbwndyZINKlPZa1fFDOYQDfG7MuS5kN0dEZv1VfCZKMO8rqRl5bdx6upbl9Kc2JbyV7AB64MDcseNjdRPN9Z2vES2A4tHRziIRtplDgctK2Kt9ST25g2Kil/An79eCPKJm3GhyNfI5d3yjkzgG5OuEtZsXB0aIBBj+03jUJYXBqP+31Ojo4SUAOV/3o9mNpGXS3Q70wkOn8lYoGjeVrvbCThtboCfFW7pZBbqxrfy+uSvJyiUqotPBuwVkVTf+UY2sNr9bCHJSPX1S+2hC9iO2pSY1rP9EbCMrGRTjTtPt68/6UlxjwlBs1Y0uJbmKtVNdT/fpCidPxsjpJ+VLI+ve2xW4dm/zSZfYc2ecEFEa+ltgVofhk1Sd2Dbq0SETNH57cVwjGE5t8sH69C7R8o2zoVghMqLvXDH3ZeJ1CQpRAUGdg3ET+/dewB3SeTDzTYlTA7hEF0jFJm1p5zBPs8fmGlnDyEgSINBAidYbIUi+F6bsaTVC3ITchM9pQSPQoce0R2twhvdUFfYJjFQUQ3XSqhwEnntgihlwqCbsjf4oziktSxFVAmuS7EFmaokfG/d2pYYsGDnXpvT56T/FodoNl2Jtj6NA6U6L3qwKnl0JIMta7glUzwmoZpozES2aCCMlq681lK7I/PyyC7B6i4ayZyCH1VF/Ps3eOh+oo1n5kTtSLBH6UrZZWqETUy/zQbEzwDQr4mB2oEnBrwA3B7Jb2ptTaUrDG2S5/cr0rMZaMiMER3Qwa9/WS9f3NqkUzSTJKvFPls1QZGDW6KLR9YHIBlsA18eQWW6KkpRiknvXeIF1hVQCoXhv3g3b2EhZoCshFfpQb0Ksyn4HlVv76Cqw0nOJZrLLhxoVDzzIZpX4b7EZK3JbngS4eqo/Rss/cDLsqeapppac5ZEHiLhSQbDZWyJtGZNw8OdYaZgYzIqIQU7MhGZfMYFsfdpbQaCcZ4303F44PxjpihLV3AXF5rA3A7McCnRFb1h1swaxiaA74b0LW0RaYnCUCFvU0+E6VyQYtnxd40ggHkOgYX01engBlZWKbQhy/HTArUFxy29wkp7gqCgWPiZl8ySyLxeqLY0mOUMhliPE5us9qa+I4V/Y1FGVtoXAhyArN3eU7OnvMoQTV4gyaA99aChcss9UsNIoAk3ZGJ2a0+ZsA270I4b46c5Q7iHB+ww4SHKYpG06ld4sDUvw0ayBYRPNebqJ/k5zOmxdoxJ5TMQrJP4OTAAVYOVTrJvu0Cvgu7GyB6mWn2xaTUSEsbG8G1OubodKOTuyPfgg/hbHAsYv9KCmENNLvvrS1/FCoV754USOVbMdhK23REipJGOZ0CKbm1qJiQtQp1LfxBXv+9Pqm5Arebn4eRF61FiOE5+qBTt8kPR9+P+EPu/EGhWcvnQIPA86WZweYVddTfulKjJpKMZzu99C4QW09wkRnzOtGGsAMkWtQ8I18P72k3Z0X5ReCrHPCBxFVUDK0saP7w+L43XT4DrZHHpdLMNeUNOzuq6w/y+B4OPcKs0lyyg5jwKLlB7d2xhSvwe/YCjia8Siq285aHhQ0QZ7SpRkN/eRzCrOd45hw7bZLeC21RdcCpR1V4/u812MCRWzHa1JJKPXve7bgcqFPC8UWDwVml3QVfjvDuzsP15gzIqPKqWezK/H8="
}
Response:
{
"sharedSecret": "5/hVCXK1WfRsp91/By0JPpZ39ynbJhEQzb3fRKVU7Lk="
}
Alice and Bob now have a shared secret key.
While the shared secret key produced by the KEM is ready for use as a key, applications and protocols may use a key derivation function (KDF) to derive subsequent keys from the initial shared secret key (see Section 8.5 of NIST SP 800-227).