AWS rolls out ML-KEM to secure TLS from quantum threats

April 8, 2025

AWS

Amazon Web Services (AWS) has added support for the ML-KEM post-quantum key encapsulation mechanism to AWS Key Management Service (KMS), AWS Certificate Manager (ACM), and AWS Secrets Manager, making TLS connections more secure.

ML-KEM (Module-Lattice-based Key Encapsulation Mechanism) is a post-quantum cryptographic algorithm designed to secure key exchanges from the perceived, yet still theoretical threat of quantum computers that could break traditional encryption like RSA and elliptic curve cryptography (ECC).

The mechanism is based on CRYSTALS-Kyber, which was selected by NIST (National Institute of Standards and Technology) as the basis for its post-quantum cryptography standard, which was announced in its final form in August 2024.

Although quantum computers aren't an active threat to cryptography right now, implementing quantum-secure algorithms prevents future exposure of secrets through "harvest now, decrypt later" attacks.

AWS says it prioritized securing its most critical services (KMS, ACM, Secrets Manager), which previously supported CRYSTALS-Kyber, which is set to be deprecated in 2026.

"These three services were chosen because they are security-critical AWS services with the most urgent need for post-quantum confidentiality," reads the announcement.

"These three AWS services have previously deployed support for CRYSTALS-Kyber, the predecessor of ML-KEM."

"Support for CRYSTALS-Kyber will continue through 2025, but will be removed across all AWS service endpoints in 2026 in favor of ML-KEM."

To activate ML-KEM post-quantum TLS when using AWS services such as KMS, ACM, or Secrets Manager, users need to update their client SDKs and enable the feature explicitly.

AWS provides instructions for enabling ML-KEM for both users of SDK for Java (2.30.22 and later) and SDK for Rust.

The cloud firm also suggests that administrators run load tests, benchmarks, and connectivity tests in their environment to verify compatibility and performance.

AWS's own performance benchmarks show that enabling ML-KEM hybrid post-quantum TLS has minimal performance impact, even in worst-case scenarios.

**Performance test results***Source: AWS*

With TLS connection reuse, the default setting in SDKs, there's virtually no performance loss, measured at only 0.05%.

With no reuse, the drop is approximately 2.3%, caused by the additional 1,600 bytes ML-KEM adds to the TLS handshake, requiring between 80 and 150 microseconds of extra compute time per connection.

Ultimately, enabling ML-KEM has minimal performance trade-offs for nearly all applications, and users are recommended to take advantage of the new data security feature as soon as possible.