FIPS 203 ML-KEM Guide

Introduction

This guide explains how to use Kyber Club's FIPS 203 ML-KEM tools to generate quantum-safe keypairs, encrypt data, and decrypt it securely. We'll follow a scenario with Alice and Bob to show how these tools work in practice. The process is straightforward, but careful handling of keys is essential, as they cannot be regenerated.

Use Scenario: Alice and Bob

Alice wants to receive sensitive information from Bob securely, protected against future quantum computer attacks. She uses Kyber Club's tools to generate a keypair, shares the public key with Bob, who encrypts the data. Alice then decrypts it using her private key. This ensures only Alice can access the information, even if intercepted.

Step-by-Step Guide

Follow these steps to use our ML-KEM tools effectively:

1. Generate a Keypair (Alice)

   Visit the keypair generation tool. This creates three keypairs for ML-KEM-512, ML-KEM-768, and ML-KEM-1024, each with different security levels. For most cases, we recommend ML-KEM-768 for a balance of security and efficiency.

   Action: Download each keypair or copy them to a secure location. For example, click 'Download' next to ML-KEM-768 to save 'ML-KEM-768-public.txt' and 'ML-KEM-768-private.txt'. Alternatively, use the 'Download All as ZIP' button to get all keypairs in one file.

   Important: Save both the public and private keys securely. The private key must be kept secret and stored offline, as it cannot be regenerated. Without it, encrypted data cannot be decrypted.

2. Share the Public Key (Alice)

   Send the public key (e.g., 'ML-KEM-768-public.txt') to Bob via a trusted channel, such as a secure email or messaging service. Do not share the private key.

   Tip: Verify with Bob that he received the correct public key to avoid errors during encryption.

3. Encrypt Data (Bob)

   Bob visits the encryption tool. He pastes Alice's public key into the provided text box or uploads the public key file. Then, he enters the data to encrypt (up to 1KB if pasted, or up to 5MB if uploaded as a file, such as a document or image).

   Action: Click 'Generate ML-KEM Encryption'. The tool automatically detects the ML-KEM variant (e.g., 768) based on the public key and produces encrypted data in JSON format. Bob can copy this output or download it as a file (e.g., 'ml-kem-768-encrypted.txt').

   Tip: If uploading a file, the output filename includes the original name for clarity (e.g., 'document.pdf.ML-KEM-768.enc.txt').

4. Send Encrypted Data (Bob)

   Bob sends the encrypted data to Alice, either by sharing the copied JSON text or the downloaded file, using any communication method, as the data is quantum-safe.

5. Decrypt Data (Alice)

   Alice visits the decryption tool. She pastes her private key (e.g., from 'ML-KEM-768-private.txt') or uploads the private key file. Then, she pastes the encrypted JSON data or uploads the encrypted file received from Bob.

   Action: Click 'Decrypt ML-KEM Data'. The tool detects the ML-KEM variant and recovers the original data, which Alice can copy or download (e.g., as 'ml-kem-768-decrypted.txt' or with the original filename).

   Important: Keep the decrypted data secure, as it is no longer protected by encryption.

Safekeeping Your Keys

Your private key is critical for decryption and cannot be regenerated. If lost, any data encrypted with the corresponding public key will be inaccessible. Follow these best practices:

• Store private keys offline, such as on a secure USB drive or encrypted storage device.
• Back up your keys in multiple secure locations to prevent loss due to hardware failure.
• Never share your private key, even with trusted parties.
• Use strong passwords and encryption for any device or file containing your keys.

Public keys can be shared freely, but ensure they are sent through a trusted channel to avoid tampering.

Additional Tips

• Choose the Right Variant: ML-KEM-768 is recommended for most users, balancing security and performance. Use ML-KEM-512 for low-power devices or ML-KEM-1024 for highly sensitive data.
• Verify Inputs: Double-check public and private keys for accuracy. Incorrect keys will result in encryption or decryption failures.
• Data Size Limits: The encryption tool accepts pasted text up to 1KB or files up to 5MB. For larger files, consider splitting them before encryption.
• Security Assurance: Our tools process data in memory and do not store your keys or files. For more details, see our Privacy Policy.

Need Help?

If you encounter errors, have questions, or want to suggest improvements, please visit our contact page. We're here to assist you in securing your data with quantum-safe cryptography.