| Standard | FIPS 203 |
| Purpose | Key exchange |
| Security | Post-Quantum secure |
ML-KEM replaces classical methods like RSA or ECDH for key exchange. It's based on the „Learning with Errors“ (LWE) problem, which is hard to solve even for quantum computers.
Operations:
| Standard | FIPS 204 |
| Purpose | Digital signatures |
| Security | Post-Quantum secure |
ML-DSA replaces RSA/ECDSA for digital signatures. Also lattice-based.
Operations:
| Standard | NIST SP 800-38D |
| Purpose | Authenticated encryption |
| Key Length | 256 bits |
AES-GCM provides simultaneous encryption AND integrity protection. The GCM mode creates an Authentication Tag that detects tampering.
Components:
| Size | 12 bytes (96 bits) |
| Critical | NEVER reuse! |
A nonce is a number that may only be used once per key. With AES-GCM, nonce reuse leads to complete compromise:
Nonce Reuse = Catastrophe
If the same nonce is used twice with the same key, an attacker can reconstruct both plaintexts!
The WvdS Crypto Service automatically protects against nonce reuse through tracking.
Data that is NOT encrypted but protected by the Authentication Tag. Typical use:
Security-critical data (keys, plaintexts) is actively overwritten with zeros after use. This prevents memory dumps from containing sensitive data.
US standards for cryptographic modules:
| FIPS 140-3 | Security requirements for crypto modules |
| FIPS 203 | ML-KEM (Kyber) |
| FIPS 204 | ML-DSA (Dilithium) |
Technical guideline from BSI for cryptographic requirements in eHealth systems. Defines allowed algorithms and key lengths.
EU directive on network and information security. Article 21 requires „state of the art“ cryptography for critical infrastructure.
Dedicated hardware for cryptographic operations. Keys never leave the HSM in plaintext.
Chip on the motherboard for: