IETF draft, Post-quantum hybrid ECDHE-MLKEM Key Agreement for TLSv1.3:
ML-KEM is a key encapsulation method (KEM) defined in the [FIPS203]. It is designed to withstand
cryptanalytic attacks from quantum computers.
This document introduces two new supported groups for hybrid post-quantum key agreements in TLS 1.3:
X25519MLKEM768 and SecP256r1MLKEM768. Both combine ML-KEM-768 with ECDH in the manner of [hybrid].
The first one uses X25519 [rfc7748] and is an update to X25519Kyber768Draft00 [xyber], the most widely
deployed PQ/T hybrid combiner for TLS v1.3 deployed in 2024.
The second one uses secp256r1 (NIST P-256) [ECDSA] [DSS]. The goal of this group is to support a use
case that requires both shared secrets to be generated by FIPS-approved mechanisms.
Both constructions aim to provide a FIPS-approved key-establishment scheme (as per [SP56C]).