CRYSTALS-Kyber, explained simply
Updated July 2026CRYSTALS-Kyber is the encryption algorithm NIST selected as its post-quantum key-encapsulation standard, now formalised as ML-KEM in FIPS 203. In plain terms: it lets two parties agree on a secret key in a way that even a future quantum computer is not expected to break.
First: what is a KEM?
KEM stands for key encapsulation mechanism. Think of it as a mathematically sealed lockbox:
- You publish a public key — an open lockbox anyone can use.
- Someone who wants to talk to you generates a fresh secret, locks it in the box ("encapsulation"), and sends you the sealed box.
- Only your private key can open it ("decapsulation"). Now you both share a secret key, and you can encrypt everything that follows with fast symmetric encryption.
Secure key exchange is the foundation under HTTPS, messaging apps, VPNs — and wallet infrastructure. Today it mostly relies on elliptic-curve mathematics; Kyber replaces that layer with quantum-resistant mathematics.
Why lattices resist quantum attack
Shor's algorithm — the quantum method that threatens today's cryptography — is spectacular at exactly two mathematical jobs: factoring large numbers (breaking RSA) and computing discrete logarithms (breaking elliptic curves). It does nothing useful against structured lattice problems, such as "module learning with errors" (MLWE), which is what Kyber is built on.
Informally: Kyber hides secrets inside noisy high-dimensional grids. Recovering the secret means solving a noisy lattice problem that decades of research — classical and quantum — have failed to crack efficiently. That track record is why NIST chose it.
From competition to standard: the NIST timeline
| Year | Milestone |
|---|---|
| 2016 | NIST opens its global post-quantum cryptography competition; dozens of candidate algorithms submitted. |
| 2022 | After multiple elimination rounds, CRYSTALS-Kyber is selected for key encapsulation; CRYSTALS-Dilithium leads for signatures. |
| 2024 | Final standards published: Kyber becomes ML-KEM (FIPS 203); Dilithium becomes ML-DSA (FIPS 204); SPHINCS+ becomes SLH-DSA (FIPS 205). |
| Now | Browsers, messaging platforms, cloud providers and government systems roll out ML-KEM — often in hybrid mode alongside classical crypto during transition. |
Naming note: CRYSTALS-Kyber, Kyber and ML-KEM refer to the same lineage — "ML-KEM" is the formal standardised name (Module-Lattice-based KEM), and FIPS 203 is the standard document.
Why crypto wallets care
Wallets are long-lived security products in a hostile environment. Kyber matters to them for three reasons:
- Session and data protection. Wallet apps constantly exchange keys — device to server, device to device, backups. ML-KEM protects those exchanges against future quantum adversaries, including "record now, break later" collection.
- Longevity. Assets are held for years or decades — longer than the useful life of pre-quantum cryptography may turn out to be. Building on vetted PQC now avoids a forced, painful migration later.
- Standards alignment. Building on NIST-standardised algorithms means a wallet's security rests on publicly vetted mathematics, not proprietary claims.
BMIC and post-quantum cryptography
BMIC is building quantum-resistant wallet and security infrastructure designed around post-quantum cryptography, with the NIST-selected CRYSTALS-Kyber family named in its technical framing. That is the project's core thesis: the wallet layer should adopt post-quantum standards early. Start with what BMIC is, see why post-quantum security matters, and — if you're considering the live presale — read the risk guide first.
See how a wallet project applies post-quantum cryptography in practice.
Crypto assets are high risk. Value may go down as well as up. This is not financial advice.
Mini-glossary
| Term | Plain meaning |
|---|---|
| PQC | Post-quantum cryptography — algorithms designed to resist quantum attack. |
| KEM | Key encapsulation mechanism — a secure way to agree a shared secret key. |
| ML-KEM / FIPS 203 | The standardised form of CRYSTALS-Kyber. |
| ML-DSA / FIPS 204 | The standardised form of CRYSTALS-Dilithium (signatures). |
| MLWE | Module learning with errors — the lattice problem underlying Kyber's security. |
| Hybrid mode | Running classical + post-quantum crypto together during the transition, so security holds if either survives. |
| Harvest now, decrypt later | Recording encrypted data today to break it with future quantum hardware. |
Is Kyber unbreakable?
No algorithm is provably unbreakable. Kyber is the best-vetted post-quantum KEM available — selected through an eight-year public competition — and it resists all known classical and quantum attacks. Honest security language is always 'resistant', never 'proof'.
Is CRYSTALS-Kyber the same as ML-KEM?
Yes — same lineage. ML-KEM is the formal name given when NIST standardised Kyber in FIPS 203 (2024).
Does Kyber replace blockchain signatures?
No — Kyber handles key exchange/encryption. Signatures need companion standards like ML-DSA (Dilithium). A full post-quantum wallet stack uses both, for different jobs.
Claim sources: NIST post-quantum cryptography project publications (FIPS 203, 204, 205 and competition history); public cryptography literature on lattice problems; bmic.ai official pages for BMIC-specific facts. Nothing on this page is financial advice.