Amazon Web Services (AWS) is adding support for ML-KEM post-quantum key agreement standards in AWS Key Management Service (KMS), AWS Certificate Manager (ACM) and AWS Secrets Manager. This will improve the security of TLS connections.
ML-KEM (Module-Lattice-based Key Encapsulation Mechanism) is a post-quantum cryptographic algorithm designed to exchange keys in a way that is resistant to the expected—but still theoretical—threat of quantum computers. ML-KEM can then theoretically break traditional encryption, such as RSA.
The mechanism is based on CRYSTALS-Kyber. The American National Institute of Standards and Technology (NIST) chose it as the basis for its post-quantum cryptography standard. The final version of this standard will be announced in August 2024.
Harvest now, decrypt later attacks
Although quantum computers do not currently pose an active threat to cryptography, implementing quantum-safe algorithms is seen as a way to prevent future exposure to so-called harvest now, decrypt later attacks.
AWS indicated that it has chosen to secure the most critical services first: KMS, ACM, and Secrets Manager. These services already supported CRYSTALS-Kyber, which will be phased out in 2026.
AWS selected these three services because they are among the most security-critical AWS services, for which post-quantum confidentiality is most urgent. AWS stated that these three services had previously rolled out support for CRYSTALS-Kyber, the predecessor of ML-KEM. The company also stated that support for CRYSTALS-Kyber will continue until the end of 2025 but will be replaced by ML-KEM in all AWS services in 2026.
Instructions for enabling ML-KEM
Users must update their client SDKs and explicitly enable the feature to activate ML-KEM post-quantum TLS when using AWS services such as KMS, ACM, or Secrets Manager. AWS offers instructions for enabling ML-KEM for both the SDK for Java (from version 2.30.22) and the SDK for Rust.
The company also advises administrators to perform performance tests, benchmarks and connectivity tests within their environment to verify compatibility and performance.
AWS’ own performance tests show that enabling ML-KEM hybrid post-quantum TLS has hardly any impact on performance, not even in the least favorable scenarios. When reusing TLS connections—the default setting in the SDKs—the performance loss is virtually nil. The decrease is then 0.05%. Without reuse, the performance decrease is approximately 2.3%. This is due to the additional 1,600 bytes that ML-KEM adds to the TLS handshake. This requires between 80 and 150 microseconds of additional computing time per connection.
In summary, enabling ML-KEM results in only a minimal performance loss for almost all applications. AWS recommends that users take advantage of this new security feature as soon as possible.