Amazon Web Services (AWS) has added support for the ML-KEM post-quantum key encapsulation mechanism to AWS Key Management Service (KMS), AWS Certificate Manager (ACM), and AWS Secrets Manager, making TLS connections more secure. ML-KEM (Module-Lattice-based Key Encapsulation Mechanism) is a post-quantum cryptographic algorithm designed to secure key exchanges from the perceived, yet still theoretical threat of quantum computers that could break traditional encryption like RSA and elliptic curve cryptography (ECC). To activate ML-KEM post-quantum TLS when using AWS services such as KMS, ACM, or Secrets Manager, users need to update their client SDKs and enable the feature explicitly. AWS's own performance benchmarks show that enabling ML-KEM hybrid post-quantum TLS has minimal performance impact, even in worst-case scenarios. Ultimately, enabling ML-KEM has minimal performance trade-offs for nearly all applications, and users are recommended to take advantage of the new data security feature as soon as possible. The mechanism is based on CRYSTALS-Kyber, which was selected by NIST (National Institute of Standards and Technology) as the basis for its post-quantum cryptography standard, which was announced in its final form in August 2024. Although quantum computers aren't an active threat to cryptography right now, implementing quantum-secure algorithms prevents future exposure of secrets through "harvest now, decrypt later" attacks. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 08 Apr 2025 14:55:11 +0000