ML-KEM replaces classical methods like RSA or ECDH for key exchange. It's based on the „Learning with Errors“ (LWE) problem, which is hard to solve even for quantum computers.

Operations:

• KeyGen - Generate key pair (Public + Private)
• Encaps - Create Shared Secret + Ciphertext from Public Key
• Decaps - Extract Shared Secret from Ciphertext + Private Key

ML-DSA replaces RSA/ECDSA for digital signatures. Also lattice-based.

Operations:

• Sign - Sign message with Private Key
• Verify - Verify signature with Public Key

AES-GCM provides simultaneous encryption AND integrity protection. The GCM mode creates an Authentication Tag that detects tampering.

Components:

• Key - 256-bit key
• Nonce - 12-byte initialization vector (NEVER reuse!)
• AAD - Additional Authenticated Data (unencrypted but authenticated)
• Tag - 16-byte Authentication Tag

A nonce is a number that may only be used once per key. With AES-GCM, nonce reuse leads to complete compromise:

The WvdS Crypto Service automatically protects against nonce reuse through tracking.

Data that is NOT encrypted but protected by the Authentication Tag. Typical use:

• Metadata (timestamp, sender ID)
• Routing information
• Version numbers

Security-critical data (keys, plaintexts) is actively overwritten with zeros after use. This prevents memory dumps from containing sensitive data.

US standards for cryptographic modules:

Technical guideline from BSI for cryptographic requirements in eHealth systems. Defines allowed algorithms and key lengths.

EU directive on network and information security. Article 21 requires „state of the art“ cryptography for critical infrastructure.

Dedicated hardware for cryptographic operations. Keys never leave the HSM in plaintext.

Chip on the motherboard for:

• Secure Boot verification
• Key storage
• Platform attestation

< Back to Overview