Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

FIPS 203 (Initial Public Draft)

Module-Lattice-Based Key-Encapsulation Mechanism Standard

Date Published: August 24, 2023
Comments Due: November 22, 2023 (public comment period is CLOSED)
Email Questions to:

Planning Note (12/12/2023):

The public comments received have been posted.


National Institute of Standards and Technology


NIST requests comments on three draft Federal Information Processing Standards (FIPS):

These proposed standards specify key establishment and digital signature schemes that are designed to resist future attacks by quantum computers, which threaten the security of current standards. The three algorithms specified in these standards are each derived from different submissions to the NIST Post-Quantum Cryptography Standardization Project.

Note to Reviewers

This draft FIPS specifies a key encapsulation mechanism (KEM) called ML-KEM. A KEM is a particular type of key establishment scheme. While NIST has previously published standards for key establishment schemes (see SP-800-56A and SP-800-56B), this will be the first NIST standard for key establishment using a KEM. As a result, NIST will specify both the particulars of the ML-KEM scheme and the general properties of KEMs in FIPS 203 and SP 800-227, respectively.

The scope of FIPS 203 (this document) is limited to specifying only the ML-KEM algorithms (for key generation, encapsulation, and decapsulation) and the associated ML-KEM parameter sets. It aims to provide sufficient information for implementing ML-KEM in a manner that can pass validation through the Cryptographic Module Validation Program (CMVP).

SP 800-227 is forthcoming and will discuss the general properties of KEMs in detail. This will include basic definitions, security properties, and requirements for the use of KEMs in secure applications. These topics will not be discussed in detail in the FIPS 203 draft. NIST welcomes comments from reviewers regarding the planned content of SP 800-227.



computer security; cryptography; encryption; Federal Information Processing Standards; lattice-based cryptography; key-encapsulation; post-quantum; public-key cryptography
Control Families

None selected


Download URL

Supplemental Material:
Federal Register Notice
Public Comments Received (pdf)

Related NIST Publications:
FIPS 205 (Draft)
FIPS 204 (Draft)

Document History:
08/24/23: FIPS 203 (Draft)


Security and Privacy

key management, post-quantum cryptography