JDK-8342630 : Implement JEP 496: Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism
  • Type: CSR
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Priority: P3
  • Status: Closed
  • Resolution: Approved
  • Fix Versions: 24
  • Submitted: 2024-10-18
  • Updated: 2024-11-15
  • Resolved: 2024-11-15
Related Reports
Blocks :  
JDK-8339009 - JEP 496: Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism
CSR :  
JDK-8298390 - Implement JEP 496: Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism
Description
Summary
-------

Implementing the Module-Lattice-Based Digital Key-Encapsulation Mechanism (ML-KEM) as defined in [FIPS 203](https://csrc.nist.gov/pubs/fips/203/final) in the Java Platform.

Problem
-------

ML-KEM is a quantum-resistant digital signature algorithm selected by the National Institute of Standards and Technology (NIST) to ensure the security of cryptographic systems in the post-quantum era. Supporting ML-KEM is critical to future-proof applications running on the Java Platform against the emerging threat of quantum computing, which can potentially break current cryptographic algorithms.

Solution
--------

1. Define `ML-KEM` and its three standardized parameter sets (`ML-KEM-512`, `ML-KEM-768`, and `ML-KEM-1024`) as [Java Security Standard Algorithm Names](https://docs.oracle.com/en/java/javase/21/docs/specs/security/standard-names.html).
2. Implement `KeyPairGenerator`, `KeyFactory`, and `KEM` implementations of ML-KEM with these standardized parameter sets in the `SunJCE` security provider.
3. Create new `NamedParameterSpec` constants for `ML-KEM-512`, `ML-KEM-768`, and `ML-KEM-1024`.
4. Add the algorithms to the `KeyPairGenerator`, `KeyFactory` and `KEM` rows of [the SunJCE provider table of the JDK Security Providers Guide](https://docs.oracle.com/en/java/javase/23/security/oracle-providers.html#GUID-A47B1249-593C-4C38-A0D0-68FA7681E0A7).

Specification
-------------

First, in `src/java.base/share/classes/java/security/spec/NamedParameterSpec.java`, add the following lines:

    /**
     * The ML-KEM-512 parameters
     *
     * @since 24
     */
    public static final NamedParameterSpec ML_KEM_512
            = new NamedParameterSpec("ML-KEM-512");

    /**
     * The ML-KEM-768 parameters
     *
     * @since 24
     */
    public static final NamedParameterSpec ML_KEM_768
            = new NamedParameterSpec("ML-KEM-768");

    /**
     * The ML-KEM-1024 parameters
     *
     * @since 24
     */
    public static final NamedParameterSpec ML_KEM_1024
            = new NamedParameterSpec("ML-KEM-1024");

Second, in the Java Security Standard Algorithm Names document, add the following lines to the `KeyPairGenerator` section:

    ---------------  --------------------------------------------------------------
    Algorithm Name   Description
    ---------------  --------------------------------------------------------------
    ML-KEM           Generates keypairs for the Module-Lattice-Based Key-Encapsulation Mechanism
                     (ML-KEM) as defined in
                     [FIPS 203](https://csrc.nist.gov/pubs/fips/203/final).
                     This algorithm supports keys with ML-KEM-512, ML-KEM-768,
                     and ML-KEM-1024 parameter sets.

    ML-KEM-512       Generates keypairs for the Module-Lattice-Based Key-Encapsulation Mechanism
                     (ML-KEM) using the ML-KEM-512 parameter set as defined in
                     [FIPS 203](https://csrc.nist.gov/pubs/fips/203/final).

    ML-KEM-768       Generates keypairs for the Module-Lattice-Based Key-Encapsulation Mechanism
                     (ML-KEM) using the ML-KEM-768 parameter set as defined in
                     [FIPS 203](https://csrc.nist.gov/pubs/fips/203/final).

    ML-KEM-1024      Generates keypairs for the Module-Lattice-Based Key-Encapsulation Mechanism
                     (ML-KEM) using the ML-KEM-1024 parameter set as defined in
                     [FIPS 203](https://csrc.nist.gov/pubs/fips/203/final).


Add the following lines to the `KeyFactory` section:

    ---------------  --------------------------------------------------------------
    Algorithm Name   Description
    ---------------  --------------------------------------------------------------
    ML-KEM           Keys for the Module-Lattice-Based Key-Encapsulation Mechanism
                     (ML-KEM) as defined in
                     [FIPS 203](https://csrc.nist.gov/pubs/fips/203/final).
                     This algorithm supports keys with ML-KEM-512, ML-KEM-768,
                     and ML-KEM-1024 parameter sets.

    ML-KEM-512       Keys for the Module-Lattice-Based Key-Encapsulation Mechanism
                     (ML-KEM) using the ML-KEM-512 parameter set as defined in
                     [FIPS 203](https://csrc.nist.gov/pubs/fips/203/final).

    ML-KEM-768       Keys for the Module-Lattice-Based Key-Encapsulation Mechanism
                     (ML-KEM) using the ML-KEM-768 parameter set as defined in
                     [FIPS 203](https://csrc.nist.gov/pubs/fips/203/final).

    ML-KEM-1024      Keys for the Module-Lattice-Based Key-Encapsulation Mechanism
                     (ML-KEM) using the ML-KEM-1024 parameter set as defined in
                     [FIPS 203](https://csrc.nist.gov/pubs/fips/203/final).


Add the following lines to the `KEM` section:

    ------------------  --------------------------------------------------------------------------------------
    Algorithm Name      Description
    ------------------  --------------------------------------------------------------------------------------
    ML-KEM              The Module-Lattice-Based Key-Encapsulation Mechanism
                        (ML-KEM) as defined in
                        [FIPS 203](https://csrc.nist.gov/pubs/fips/203/final).
                        This algorithm supports keys with ML-KEM-512, ML-KEM-768,
                        and ML-KEM-1024 parameter sets.

    ML-KEM-512          The Module-Lattice-Based Key-Encapsulation Mechanism
                        (ML-KEM) using the ML-KEM-512 parameter set as defined in
                        [FIPS 203](https://csrc.nist.gov/pubs/fips/203/final).

    ML-KEM-768          The Module-Lattice-Based Key-Encapsulation Mechanism
                        (ML-KEM) using the ML-KEM-768 parameter set as defined in
                        [FIPS 203](https://csrc.nist.gov/pubs/fips/203/final).

    ML-KEM-1024         The Module-Lattice-Based Key-Encapsulation Mechanism
                        (ML-KEM) using the ML-KEM-1024 parameter set as defined in
                        [FIPS 203](https://csrc.nist.gov/pubs/fips/203/final).

Add the following lines to the `NamedParameterSpec` section:

    ------          -----------------------------------
    Name            Description
    ------          -----------------------------------
    ML-KEM-512      The Module-Lattice-Based Key-Encapsulation Mechanism
                    (ML-KEM) using the ML-KEM-512 parameter set as defined in
                    [FIPS 203](https://csrc.nist.gov/pubs/fips/203/final).

    ML-KEM-768      The Module-Lattice-Based Key-Encapsulation Mechanism
                    (ML-KEM) using the ML-KEM-768 parameter set as defined in
                    [FIPS 203](https://csrc.nist.gov/pubs/fips/203/final).

    ML-KEM-1024     The Module-Lattice-Based Key-Encapsulation Mechanism
                    (ML-KEM) using the ML-KEM-1024 parameter set as defined in
                    [FIPS 203](https://csrc.nist.gov/pubs/fips/203/final).
Comments
Moving to Approved.
15-11-2024
#2 in the Solution section should be the SunJCE security provider. I think we should also mention that we will add these algorithms to the KeyPairGenerator, KeyFactory and KEM rows of the SunJCE provider table of the JDK Providers Guide.
08-11-2024
Moving to Provisional.
06-11-2024