Adding ECC KEM

NIIBE Yutaka gniibe at
Wed Apr 3 07:19:11 CEST 2024


Let me answer two messages by this reply.

Werner Koch <wk at> wrote:
> Using that API would make FIPS certification easier, right?

Yes.  That's my intention.

I think that KEM API will be added in FIPS 140-* when FIPS 203 (for
ML-KEM) is finalized.

Jussi Kivilinna <jussi.kivilinna at> wrote:
> I noticed that t-kem is currently failing with FIPS mode in master:
> t-kem: gcry_kem_keypair 40: Not supported

Thank you for your report.

The test program t-kem is not good yet for FIPS support.  Since KEM API
is not included in FIPS 140-* yet, all tests should be failed and the
tests should handle the failure as expected.  Currently, ECC KEM with
X25519 fails because Curve25519 is defined with "fips" field = 0 (in

In (near) future, KEM API itself should have check for FIPS.

More information about the Gcrypt-devel mailing list