A naukri.com initiative
Amazon
1w
273
Image Credit: Amazon
ML-KEM post-quantum TLS now supported in AWS KMS, ACM, and Secrets Manager
- Amazon Web Services (AWS) has deployed the latest post-quantum key agreement standards, ML-KEM, to AWS KMS, ACM, and Secrets Manager endpoints.
- ML-KEM enables hybrid post-quantum key agreement in non-FIPS endpoints across all AWS Regions.
- The migration from CRYSTALS-Kyber to ML-KEM is part of AWS's post-quantum cryptography plan.
- Customers need to update their TLS clients to offer ML-KEM when connecting to AWS services for future-proofing.
- TLS handshake using ECDH+ML-KEM adds extra data and computational time, but the impact is amortized over the session.
- AWS's open-source cryptographic library, AWS-LC, and s2n-tls facilitate the negotiation of hybrid post-quantum key agreement.
- Enabling hybrid post-quantum TLS in AWS SDKs showed a negligible performance impact with connection reuse.
- Support for CRYSTALS-Kyber will be phased out as customers transition to ML-KEM by 2026.
- Instructions for enabling hybrid post-quantum key agreement are provided for AWS SDK for Rust and Java.
- AWS plans to deploy ML-KEM support to all HTTPS endpoints gradually, urging customers to adapt their TLS configurations.
Read Full Article
16 Likes
For uninterrupted reading, download the app