Composite ML-KEM for use in X.509 Public Key Infrastructure
draft-ietf-lamps-pq-composite-kem-14
| Document | Type | Active Internet-Draft (lamps WG) | |
|---|---|---|---|
| Authors | Mike Ounsworth , John Gray , Massimiliano Pala , Jan Klaußner , Scott Fluhrer | ||
| Last updated | 2026-03-31 (Latest revision 2026-03-27) | ||
| Replaces | draft-ounsworth-pq-composite-kem | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | Proposed Standard | ||
| Formats | |||
| Additional resources |
GitHub Repository
Mailing list discussion |
||
| Stream | WG state | Submitted to IESG for Publication | |
| Document shepherd | Russ Housley | ||
| Shepherd write-up | Show Last changed 2026-03-31 | ||
| IESG | IESG state | Publication Requested | |
| Action Holder |
Deb Cooley
51
|
||
| Consensus boilerplate | Yes | ||
| Telechat date | (None) | ||
| Responsible AD | Deb Cooley | ||
| Send notices to | housley@vigilsec.com |
draft-ietf-lamps-pq-composite-kem-14
LAMPS M. Ounsworth
Internet-Draft J. Gray
Intended status: Standards Track Entrust
Expires: 28 September 2026 M. Pala
OpenCA Labs
J. Klaussner
Bundesdruckerei GmbH
S. Fluhrer
Cisco Systems
27 March 2026
Composite ML-KEM for use in X.509 Public Key Infrastructure
draft-ietf-lamps-pq-composite-kem-14
Abstract
This document defines combinations of US NIST ML-KEM in hybrid with
traditional algorithms RSA-OAEP, ECDH, X25519, and X448. These
combinations are tailored to meet security best practices and
regulatory guidelines. Composite ML-KEM is applicable in any
application that uses X.509 or PKIX data structures that accept ML-
KEM, but where the operator wants extra protection against breaks or
catastrophic bugs in ML-KEM.
About This Document
This note is to be removed before publishing as an RFC.
The latest revision of this draft can be found at https://lamps-
wg.github.io/draft-composite-kem/draft-ietf-lamps-pq-composite-
kem.html. Status information for this document may be found at
https://datatracker.ietf.org/doc/draft-ietf-lamps-pq-composite-kem/.
Discussion of this document takes place on the LAMPS Working Group
mailing list (mailto:spams@ietf.org), which is archived at
https://datatracker.ietf.org/wg/lamps/about/. Subscribe at
https://www.ietf.org/mailman/listinfo/spams/.
Source for this draft and an issue tracker can be found at
https://github.com/lamps-wg/draft-composite-kem.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Ounsworth, et al. Expires 28 September 2026 [Page 1]
Internet-Draft Composite ML-KEM March 2026
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 28 September 2026.
Copyright Notice
Copyright (c) 2026 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Conventions and Terminology . . . . . . . . . . . . . . . 5
1.2. Notation . . . . . . . . . . . . . . . . . . . . . . . . 7
1.3. Composite Design Philosophy . . . . . . . . . . . . . . . 7
2. Overview of the Composite ML-KEM Scheme . . . . . . . . . . . 8
2.1. Promotion of RSA-OAEP into a KEM . . . . . . . . . . . . 9
2.2. Promotion of ECDH into a KEM . . . . . . . . . . . . . . 10
3. Composite ML-KEM Functions . . . . . . . . . . . . . . . . . 12
3.1. Key Generation . . . . . . . . . . . . . . . . . . . . . 12
3.1.1. Allowed Modifications to the Key Generation
Process . . . . . . . . . . . . . . . . . . . . . . . 14
3.2. Encapsulation . . . . . . . . . . . . . . . . . . . . . . 15
3.3. Decapsulation . . . . . . . . . . . . . . . . . . . . . . 16
3.4. KEM Combiner Function . . . . . . . . . . . . . . . . . . 19
3.5. Error Handling and Explicit Rejection . . . . . . . . . . 20
4. Serialization . . . . . . . . . . . . . . . . . . . . . . . . 20
4.1. SerializePublicKey and DeserializePublicKey . . . . . . . 22
4.2. SerializePrivateKey and DeserializePrivateKey . . . . . . 24
4.3. SerializeCiphertext and DeserializeCiphertext . . . . . . 25
5. Use within X.509 and PKIX . . . . . . . . . . . . . . . . . . 27
Ounsworth, et al. Expires 28 September 2026 [Page 2]
Internet-Draft Composite ML-KEM March 2026
5.1. Encoding to DER . . . . . . . . . . . . . . . . . . . . . 28
5.2. Key Usage Bits . . . . . . . . . . . . . . . . . . . . . 28
5.3. ASN.1 Definitions . . . . . . . . . . . . . . . . . . . . 28
6. Algorithm Identifiers and Parameters . . . . . . . . . . . . 30
6.1. RSA-OAEP Parameters . . . . . . . . . . . . . . . . . . . 35
6.2. Rationale for choices . . . . . . . . . . . . . . . . . . 36
7. ASN.1 Module . . . . . . . . . . . . . . . . . . . . . . . . 36
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 41
8.1. Object Identifier Allocations . . . . . . . . . . . . . . 41
8.1.1. Module Registration . . . . . . . . . . . . . . . . . 41
8.1.2. Object Identifier Registrations . . . . . . . . . . . 42
9. Security Considerations . . . . . . . . . . . . . . . . . . . 44
9.1. Why Hybrids? . . . . . . . . . . . . . . . . . . . . . . 44
9.2. KEM Combiner . . . . . . . . . . . . . . . . . . . . . . 45
9.2.1. IND-CCA2 Security of the hybrid scheme . . . . . . . 46
9.2.2. Second pre-image resistance of component KEMs . . . . 47
9.2.3. Generifying this construction . . . . . . . . . . . . 47
9.3. Key Reuse . . . . . . . . . . . . . . . . . . . . . . . . 48
9.4. Policy for Deprecated and Acceptable Algorithms . . . . . 49
10. Implementation Considerations . . . . . . . . . . . . . . . . 49
10.1. FIPS Certification . . . . . . . . . . . . . . . . . . . 49
10.1.1. Combiner Function . . . . . . . . . . . . . . . . . 50
10.1.2. Order of KDF inputs with Non-Approved Algorithms . . 51
10.2. Backwards Compatibility . . . . . . . . . . . . . . . . 51
10.3. Profiling down the number of options . . . . . . . . . . 52
10.4. Decapsulation Requires the Public Key . . . . . . . . . 52
10.4.1. Extracting RSAPublicKey from RSAPrivateKey . . . . . 53
10.4.2. Deriving the public ECPoint from ECPrivateKey . . . 54
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 54
11.1. Normative References . . . . . . . . . . . . . . . . . . 54
11.2. Informative References . . . . . . . . . . . . . . . . . 57
Appendix A. Maximum Key and Ciphertext Sizes . . . . . . . . . . 60
Appendix B. Component Algorithm Reference . . . . . . . . . . . 63
Appendix C. Fixed Component Algorithm Identifiers . . . . . . . 64
Appendix D. Comparison with other Hybrid KEMs . . . . . . . . . 67
D.1. X-Wing . . . . . . . . . . . . . . . . . . . . . . . . . 67
D.2. ETSI CatKDF . . . . . . . . . . . . . . . . . . . . . . . 68
Appendix E. Examples of KEM Combiner Intermediate Values . . . . 68
Appendix F. Test Vectors . . . . . . . . . . . . . . . . . . . . 72
Appendix G. Contributors and Acknowledgments . . . . . . . . . . 131
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 132
Ounsworth, et al. Expires 28 September 2026 [Page 3]
Internet-Draft Composite ML-KEM March 2026
1. Introduction
The advent of quantum computing poses a significant threat to current
cryptographic systems because traditional cryptographic key
establishment algorithms such as RSA-OAEP, Diffie-Hellman and its
elliptic curve variants will become vulnerable to quantum attacks.
Unlike previous migrations between cryptographic algorithms, this
migration gives us the foresight that traditional cryptographic
algorithms will be broken in the future, but will remain strong in
the interim, the only uncertainty is around the timing. But there
are also some novel challenges. For instance, the aggressive
migration timelines may require deploying PQC algorithms before their
implementations have been fully hardened or certified, and dual-
algorithm data protection may be desirable over a longer time period
to hedge against security vulnerabilities and other implementation
flaws in the new implementations.
Cautious implementers may opt to combine cryptographic algorithms in
such a way that an attacker would need to break all of them
simultaneously to compromise the protected data. These mechanisms
are referred to as "Post-Quantum / Traditional (PQ/T) Hybrids"
[RFC9794].
This specification defines a specific instantiation of the PQ/T
Hybrid paradigm called "composite" where multiple cryptographic
algorithms are combined to form a single key encapsulation mechanism
(KEM). The composite KEM presents a single public key and ciphertext
such that it can be treated as a single atomic algorithm at the
protocol level. This provides a property referred to as "protocol
backwards compatibility" since it can be applied to protocols that
are not explicitly hybrid-aware. The idea of a composite was first
presented in [Bindel2017]. Composite algorithms retain some security
even if one of their component algorithms is broken, which is
discussed in detail in Section 9. This specification creates PQ/T
Hybrids with the Module-Lattice-based Key Encapsulation Mechanism
(ML-KEM), defined in [FIPS.203] as the PQ component. Instantiations
of the composite ML-KEM scheme are provided based on ML-KEM, RSA-OAEP
and ECDH. The full list of algorithms registered by this
specification is in Section 6. Backwards compatibility in the sense
of upgraded systems continuing to interoperate with legacy systems is
not directly covered in this specification, but is the subject of
Section 10.2.
Certain jurisdictions have recommended that ML-KEM be used
exclusively within a PQ/T hybrid framework. The use of a composite
scheme provides a straightforward implementation of hybrid solutions
compatible with (and advocated by) some governments and cybersecurity
agencies [BSI2021], [ANSSI2024].
Ounsworth, et al. Expires 28 September 2026 [Page 4]
Internet-Draft Composite ML-KEM March 2026
In some situations it might be possible to add Post-Quantum, via a
PQ/T Hybrid, to an already audited and compliant solution without
invalidating the existing certification, whereas a full replacement
of the traditional cryptography would almost certainly incur
regulatory and compliance delays. In other words, PQ/T Hybrids can
allow for deploying Post-Quantum Cryptography before the PQ modules
and operational procedures are fully audited and certified. This,
more than any other requirement, is what motivates the large number
of algorithm combinations in this specification: The intention is to
provide a stepping stone from which any cryptographic algorithm an
organization has deployed today can evolve or transition.
While this specification registers a large number of composite
algorithms, it is expected that organizations will choose to deploy a
single composite algorithm, or a small number of composite
algorithms, that meets the needs of their environment, and very few
implementers will need concern themselves with the entire list. This
specification does not specify any mandatory-to-implement algorithms,
but Section 10.3 provides a short-list of recommended composite
algorithms for common use-cases.
Composite ML-KEM is applicable in any PKIX-related application that
would otherwise use ML-KEM.
1.1. Conventions and Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. These words may also appear in this
document in lower case as plain English words, absent their normative
meanings.
This specification is consistent with all terminology from [RFC9794].
In addition, the following terms are used in this specification:
*ALGORITHM*: The usage of the term "algorithm" within this
specification generally refers to any function which has a registered
Object Identifier (OID) for use within an ASN.1 AlgorithmIdentifier.
*Application Backwards Compatibility*: The usual definition of
backwards compatibility, meaning whether an upgraded and non-upgraded
application can successfully establish communication.
*COMBINER*: A combiner specifies how multiple shared secret keys are
combined into a single shared secret key.
Ounsworth, et al. Expires 28 September 2026 [Page 5]
Internet-Draft Composite ML-KEM March 2026
*COMPOSITE CRYPTOGRAPHIC ELEMENT*: [RFC9794] defines composites as: A
cryptographic element that incorporates multiple component
cryptographic elements of the same type in a multi-algorithm scheme.
*COMPONENT / PRIMITIVE*: The words "component" or "primitive" are
used interchangeably to refer to a cryptographic algorithm that is
used internally within a composite algorithm. For example this could
be an asymmetric algorithm such as "ML-KEM-768" or "RSA-OAEP".
*DER:* Distinguished Encoding Rules as defined in [X.690].
*ECDH*: the Elliptic Curve Diffie-Hellman key agreement scheme
defined in section 5.7.1.2 of [SP.800-56Ar3].
*KEM:* A key encapsulation mechanism as defined in Section 2.
*PKI:* Public Key Infrastructure, as defined in [RFC5280].
*Post-Quantum Traditional (PQ/T) hybrid scheme*: A multi-algorithm
scheme where at least one component algorithm is a post-quantum
algorithm and at least one is a traditional algorithm.
*Protocol Backwards Compatibility*: A property whereby a new feature
can be added to a protocol without requiring any changes to the
protocol's specification and only minimal changes to its
implementations (such as adding new identifiers). This is notable
because many PQ/T Hybrids require modification of the protocol to
make it "hybrid aware", whereas this specification presents as a
standalone algorithm and thus can take advantage of existing
cryptographic agility mechanisms.
*ML-KEM*: The Module-Lattice-based Key Encapsulation Mechanism
algorithm defined in [FIPS.203]
*RSA*: The Rivest-Shamir-Adleman cryptosystem, used in this
specification as the RSA-OAEP (Optimal Asymmetric Encryption Padding)
scheme defined in [RFC8017].
*SHARED SECRET KEY:* A value established between two communicating
parties for use as cryptographic key material suitable for direct use
by symmetric cryptographic algorithms. This specification is
concerned with shared secrets established via public key
cryptographic operations.
*X25519 and X448:* The Edwards Curve Diffie-Hellman scheme defined in
[RFC7748] with pramater sets X25519 and X448.
Ounsworth, et al. Expires 28 September 2026 [Page 6]
Internet-Draft Composite ML-KEM March 2026
1.2. Notation
The algorithm descriptions use python-like syntax. The following
symbols deserve special mention:
* || represents concatenation of two byte arrays.
* [:] represents byte array slicing.
* (a, b) represents a pair of values a and b. Typically this
indicates that a function returns multiple values; the exact
conveyance mechanism -- tuple, struct, output parameters, etc --
is left to the implementer.
* (a, _): represents a pair of values where one -- the second one in
this case -- is ignored.
* Func<TYPE>(): represents a function that is parametrized by <TYPE>
meaning that the function's implementation will have minor
differences depending on the underlying TYPE. Typically this
means that a function will need to look up different constants or
use different underlying cryptographic primitives depending on
which composite algorithm it is implementing.
1.3. Composite Design Philosophy
Composite algorithms, as defined in this specification, follow the
definition in [RFC9794] and should be regarded as a single algorithm
that performs a single cryptographic operation typical of a key
establishment mechanism.This generally means that the complexity of
combining algorithms can and should be handled by the cryptographic
library or cryptographic module. The design intent is that protocols
such as PKCS#10 [RFC2986], CMP [RFC9810], X.509 [RFC5280], the CMS
[RFC5652], and the Trust Anchor Format [RFC5914] can treat composite
algorithms as they would any other algorithm without the protocol
layer to have any "hybrid-awareness". This is a property referred to
as "protocol backwards-compatibility".
Discussion of the specific choices of algorithm pairings can be found
in Section 6.2.
Ounsworth, et al. Expires 28 September 2026 [Page 7]
Internet-Draft Composite ML-KEM March 2026
2. Overview of the Composite ML-KEM Scheme
Composite ML-KEM is a PQ/T hybrid Key Encapsulation Mechanism (KEM)
which combines ML-KEM as specified in [FIPS.203] and
[I-D.ietf-lamps-kyber-certificates] with one of RSA-OAEP defined in
[RFC8017], the Elliptic Curve Diffie-Hellman key agreement schemes
ECDH defined in section 5.7.1.2 of [SP.800-56Ar3], and X25519 / X448
defined in [RFC8410]. A KEM combiner function is used to combine the
two component shared secret keys into a single shared secret key.
Composite Key Encapsulation Mechanisms are defined as cryptographic
primitives that consist of three algorithms. These definitions are
borrowed from [RFC9180].
* KeyGen() -> (pk, sk): A probabilistic key generation algorithm,
which generates a public key pk and a secret key sk. Some
cryptographic modules may also expose a KeyGen(seed) -> (pk, sk),
which generates pk and sk deterministically from a seed. This
specification assumes a seed-based keygen for ML-KEM.
* Encap(pk) -> (ss, ct): A probabilistic encapsulation algorithm,
which takes as input a public key pk and outputs a ciphertext ct
and shared secret key ss. Note: this specification uses Encap()
to conform to [RFC9180], but [FIPS.203] uses Encaps().
* Decap(sk, ct) -> ss: A decapsulation algorithm, which takes as
input a secret key sk and ciphertext ct and outputs a shared
secret ss, or in some cases a distinguished error value. Note:
this specification uses Decap() to conform to [RFC9180], but
[FIPS.203] uses Decaps().
The KEM interface was chosen as the interface for a composite key
establishment because it allows for arbitrary combinations of
component algorithm types since both key transport and key agreement
mechanisms can be promoted into KEMs as described in Section 2.1 and
Section 2.2 below.
The following algorithms are defined for serializing and
deserializing component values. These algorithms are inspired by
similar algorithms in [RFC9180].
* SerializePublicKey(mlkemPK, tradPK) -> bytes: Produce a byte
string encoding of the component public keys.
* DeserializePublicKey(bytes) -> (mlkemPK, tradPK): Parse a byte
string to recover the component public keys.
Ounsworth, et al. Expires 28 September 2026 [Page 8]
Internet-Draft Composite ML-KEM March 2026
* SerializeCiphertext(mlkemCT, tradCT) -> bytes: Produce a byte
string encoding of the component ciphertexts.
* DeserializeCiphertext(bytes) -> (mlkemCT, tradCT): Parse a byte
string to recover the component ciphertexts.
* SerializePrivateKey(mlkemSeed, tradSK) -> bytes: Produce a byte
string encoding of the component private keys.
* DeserializePrivateKey(bytes) -> (mlkemSeed, tradSK): Parse a byte
string to recover the component private keys.
Full definitions of serialization and deserialization algorithms can
be found in Section 4.
2.1. Promotion of RSA-OAEP into a KEM
The RSA Optimal Asymmetric Encryption Padding (OAEP), as defined in
section 7.1 of [RFC8017] is a public key encryption algorithm used to
transport key material from a sender to a receiver. A "key
transport" type algorithm has the following API:
* Encrypt(pk, ss) -> ct: Take an existing shared secret key ss and
encrypt it for pk.
* Decrypt(sk, ct) -> ss: Decrypt the ciphertext ct to recover ss.
Note the difference between the API of RSA.Encrypt(pk, ss) -> ct and
KEM.Encap(pk) -> (ss, ct) presented above. For this reason, RSA-OAEP
cannot be directly combined with ML-KEM. Fortunately, a key
transport mechanism such as RSA-OAEP can be easily promoted into a
KEM by having the sender generate a random 256 bit shared secret key
and encrypt it.
RSAOAEPKEM.Encap(pkR):
shared_secret = SecureRandom(ss_len)
enc = RSAES-OAEP-ENCRYPT(pkR, shared_secret)
return shared_secret, enc
Note that the OAEP label L is left to its default value, which is the
empty string as per [RFC8017]. The shared secret key output by the
overall Composite ML-KEM already binds a composite KEM Combiner
Label, so there is no need to also use the component Label.
The value of ss_len as well as concrete values for all the RSA-OAEP
parameters used within this specification can be found in
Section 6.1.
Ounsworth, et al. Expires 28 September 2026 [Page 9]
Internet-Draft Composite ML-KEM March 2026
Decap(sk, ct) -> ss is accomplished by direct use of OAEP Decrypt.
RSAOAEPKEM.Decap(skR, enc):
shared_secret = RSAES-OAEP-DECRYPT(skR, enc)
return shared_secret
The encodings for the public key (pkR), private key (skR), and
ciphertext (enc) are described in Section 4.
A quick note on the choice of RSA-OAEP as the supported RSA
encryption primitive. RSA-KEM [RFC9690] is cryptographically robust
and is more straightforward to work with, but it has fairly limited
adoption and therefore is of limited value as a PQ migration
mechanism. Also, while RSA-PKCS#1v1.5 [RFC8017] is still widely
used, it is hard to make secure and no longer FIPS-approved as of the
end of 2023 [SP800-131Ar2], so it is of limited forwards value. This
leaves RSA-OAEP [RFC8017] as the remaining choice. See Section 6.2
for further discussion of algorithm choices.
Note that, at least at the time of writing, the algorithm RSAOAEPKEM
is not defined as a standalone algorithm within PKIX standards and it
does not have an assigned algorithm OID, so it cannot be used
directly with CMS KEMRecipientInfo [RFC9629]; it is merely a building
block for the composite algorithm.
2.2. Promotion of ECDH into a KEM
The elliptic curve Diffie-Hellman algorithm identified by the OID id-
ecDH as defined in [RFC5480] and [SEC1] is a key agreement algorithm
requiring both parties to contribute an asymmetric keypair to the
derivation of the shared secret key. A "key agreement" type
algorithm has the following API:
* DH(skX, pkY) -> ss: Each party combines their secret key skX with
the other party's public key pkY.
Note the difference between the API of DH(skX, pkY) -> ss and
KEM.Encap(pk) -> (ss, ct) presented above. For this reason, a
Diffie-Hellman key exchange cannot be directly combined with ML-KEM.
Fortunately, a Diffie-Hellman key agreement can be easily promoted
into a KEM Encap(pk) -> (ss, ct) by having the sender generate an
ephemeral keypair for themself and sending their public key as the
ciphertext ct. Composite ML-KEM uses a simplified version of the
DHKEM definition from [RFC9180]:
Ounsworth, et al. Expires 28 September 2026 [Page 10]
Internet-Draft Composite ML-KEM March 2026
DHKEM.Encap(pkR):
(skE, pkE) = GenerateKeyPair()
ss = DH(skE, pkR)
ct = SerializePublicKey(pkE)
return ss, ct
Decap(sk, ct) -> ss is accomplished in the analogous way.
DHKEM.Decap(skR, ct):
pkE = DeserializePublicKey(ct)
ss = DH(skR, pkE)
return ss
This construction applies for all variants of elliptic curve Diffie-
Hellman used in this specification: ECDH, X25519, and X448.
For ECDH, DH() yields the value Z as described in section 5.7.1.2 of
[SP.800-56Ar3].
For X25519 and X448, DH() yields the value K as described in section
6 of [RFC7748].
The encodings for the public key (pkR), private key (skR), and
ciphertext (pkE) are described in Section 4.
The promotion of DH to a KEM is similar to the DHKEM functions in
[RFC9180], but it is simplified in the following ways:
1. Notation has been aligned to the notation used in this
specification.
2. Since a KEM Combiner Label is included explicitly in the
Composite ML-KEM combiner, there is no need to perform the
labeled steps of ExtractAndExpand().
3. Since the ciphertext and receiver's public key are included
explicitly in the Composite ML-KEM combiner, there is no need to
construct the kem_context object.
Note that here, SerializePublicKey() and DeserializePublicKey() refer
to the underlying encoding of the DH primitive, and not to the
composite serialization functions defined in Section 4.
Ounsworth, et al. Expires 28 September 2026 [Page 11]
Internet-Draft Composite ML-KEM March 2026
Note that, at least at the time of writing, the algorithm DHKEM is
not defined as a standalone algorithm within PKIX standards and it
does not have an assigned algorithm OID, so it cannot be used
directly with CMS KEMRecipientInfo [RFC9629]; it is merely a building
block for the composite algorithm.
3. Composite ML-KEM Functions
This section describes the composite ML-KEM functions needed to
instantiate the public API of a Key Encapsulation Mechanism as
defined in Section 2.
3.1. Key Generation
In order to maintain security properties of the composite, this
specification strictly forbids re-using component key material
between composite and non-composite keys, or between multiple
composite keys. This means that an invocation of Composite-ML-
KEM.KeyGen() MUST perform, or otherwise guarantee, fresh generation
of the key material for both underlying algorithms and MUST NOT reuse
existing key material. See Section 9.3 for a discussion.
To generate a new keypair for composite schemes, the KeyGen() -> (pk,
sk) function is used. The KeyGen() function calls the two key
generation functions of the component algorithms independently.
Multi-threaded, multi-process, or multi-module applications might
choose to execute the key generation functions in parallel for better
key generation performance or architectural modularity.
To generate an ML-KEM key pair this specification uses the function
ML-KEM.KeyGen_internal(d, z). According to [FIPS.203] d and z are
two random 32 Byte values. This document combines both values in
mlkemSeed by concatenating them so that mlkemSeed = d || z.
The following describes how to instantiate a KeyGen() function for a
given composite algorithm represented by <OID>.
Ounsworth, et al. Expires 28 September 2026 [Page 12]
Internet-Draft Composite ML-KEM March 2026
Composite-ML-KEM<OID>.KeyGen() -> (pk, sk)
Explicit Inputs:
None
Implicit Inputs mapped from <OID>:
ML-KEM The underlying ML-KEM algorithm and
parameter set, for example "ML-KEM-768".
Trad The underlying traditional algorithm and
parameter, for example "RSA-OAEP"
or "X25519".
Output:
(pk, sk) The composite keypair.
Key Generation Process:
1. Generate component keys
mlkemSeed = Random(64)
(mlkemPK, mlkemSK) = ML-KEM.KeyGen_internal(mlkemSeed[:32], mlkemSeed[32:])
(tradPK, tradSK) = Trad.KeyGen()
2. Check for component key gen failure
if NOT (mlkemPK, mlkemSK) or NOT (tradPK, tradSK):
output "Key generation error"
3. Output the composite public and private keys
pk = SerializePublicKey(mlkemPK, tradPK)
sk = SerializePrivateKey(mlkemSeed, tradSK)
return (pk, sk)
In order to ensure fresh keys, the key generation functions MUST be
executed for both component algorithms. Compliant parties MUST NOT
use, import or export component keys that are used in other contexts,
combinations, or by themselves as keys for standalone algorithm use.
For more details on the security considerations around key reuse, see
Section 9.3.
Errors produced by the component KeyGen() routines MUST be forwarded
on to the calling application. Further discussion can be found below
in Section 3.5.
Ounsworth, et al. Expires 28 September 2026 [Page 13]
Internet-Draft Composite ML-KEM March 2026
3.1.1. Allowed Modifications to the Key Generation Process
Key generation is a process that is entirely internal to a
cryptographic module, and as such it is often customized to fit the
performance or operational requirements of the module. In cases
where the private keys never leave the module or are otherwise not
required to interoperate with other cryptographic modules, it is not
required for interoperability for the private keys to match the
format described in this specification. Therefore, in general,
implementations of Composite ML-KEM MAY use an alternate key
generation process so long as it generates compatible public keys,
and so long as both component keys are freshly-generated and not re-
used in a standalone key or within another composite key. Below are
some examples of modifications that an implementer MAY make to the
key generation process.
Implementations MAY modify this process to additionally output the
expanded mlkemSK or to make use of ML-KEM.KeyGen_internal(d, z) as
needed to expand the ML-KEM seed (d || z) into an expanded key prior
to performing a signing operation.
In cases where it is desirable to have a deterministic KeyGen of one
or both component keys from a seed, this process MAY be modified to
expose an interface of Composite-ML-KEM<OID>.KeyGen(seed) such that
one component algorithm is generated from the seed and the other from
random, or the input seed is cryptohraphically expanded to produce
seeds for both components. Security analysis of such a modified key
generation process is outside the scope of this document.
Where interoperable private keys are not required, implementations
MAY choose to use a different private key representation than the one
given in Section 4.2. For example, the component keys MAY be stored
in separate cryptographic modules, or MAY be stored in separate
PKCS#8 objects, or MAY be stored in a format that preserves the ML-
KEM expanded key instead of the ML-KEM seed. The required
modifications to the key generation process, as well as the signature
generation process below, to support these private key
representations are considered compliant with this specification so
long as they generate compatible public keys, and so long as both
component keys are freshly-generated. Note that when implementing
Composite ML-KEM with a private key format that does not preserve the
ML-KEM seed, especially when implementing on top of a cryptographic
module that does not support seeds, it will be impossible to
reconstruct a compliant seed-based private key as described in
Section 4.2
Ounsworth, et al. Expires 28 September 2026 [Page 14]
Internet-Draft Composite ML-KEM March 2026
3.2. Encapsulation
The Encap(pk) of a Composite ML-KEM algorithm is designed to behave
exactly the same as ML-KEM.Encaps(ek) defined in Algorithm 20 in
Section 7.2 of [FIPS.203]. Specifically, Composite-ML-KEM.Encap(pk)
produces a 256-bit shared secret key that can be used directly with
any symmetric-key cryptographic algorithm. In this way, Composite
ML-KEM can be used as a direct drop-in replacement anywhere that ML-
KEM is used.
The following describes how to instantiate a Encap(pk) function for a
given composite algorithm represented by <OID>.
Composite-ML-KEM<OID>.Encap(pk) -> (ss, ct)
Explicit Inputs:
pk Composite public key consisting of encryption public keys
for each component.
Implicit inputs mapped from <OID>:
ML-KEM The underlying ML-KEM algorithm and
parameter set, for example "ML-KEM-768".
Trad The underlying ML-KEM algorithm and
parameter set, for example "RSA-OAEP"
or "X25519".
Label KEM Combiner Label value for binding the ciphertext to the
Composite OID. See section on KEM Combiner Labels below.
Output:
ss The shared secret key, a 256-bit key suitable for use with
symmetric cryptographic algorithms.
ct The ciphertext, a byte string.
Encap Process:
1. Separate the public keys.
(mlkemPK, tradPK) = DeserializePublicKey(pk)
2. Perform the respective component Encap operations according to
their algorithm specifications.
Ounsworth, et al. Expires 28 September 2026 [Page 15]
Internet-Draft Composite ML-KEM March 2026
(mlkemCT, mlkemSS) = ML-KEM.Encaps(mlkemPK)
(tradCT, tradSS) = TradKEM.Encap(tradPK)
3. If either ML-KEM.Encaps() or TradKEM.Encap() return an error,
then this process must return an error.
if NOT (mlkemCT, mlkemSS) or NOT (tradCT, tradSS):
output "Encapsulation error"
4. Encode the ciphertext
ct = SerializeCiphertext(mlkemCT, tradCT)
5. Combine the KEM secrets and additional context to yield the
composite shared secret key.
ss = KemCombiner(mlkemSS, tradSS, tradCT, tradPK, Label)
6. Output composite shared secret key and ciphertext.
return (ss, ct)
The specific values for Label are defined per Composite ML-KEM
algorithm in Section 6.
Errors produced by the component Encaps() routines MUST be forwarded
on to the calling application. Further discussion can be found below
in Section 3.5.
3.3. Decapsulation
The Decap(sk, ct) -> ss of a Composite ML-KEM algorithm is designed
to behave exactly the same as ML-KEM.Decaps(dk, c) defined in
Algorithm 21 in Section 7.3 of [FIPS.203]. Specifically, Composite-
ML-KEM.Decap(sk, ct) produces a 256-bit shared secret key that can be
used directly with any symmetric-key cryptographic algorithm. In
this way, Composite ML-KEM can be used as a direct drop-in
replacement anywhere that ML-KEM is used.
The following describes how to instantiate a Decap(sk, ct) function
for a given composite algorithm represented by <OID>.
Composite-ML-KEM<OID>.Decap(sk, ct) -> ss
Explicit inputs
sk Composite private key consisting of decryption private
keys for each component.
Ounsworth, et al. Expires 28 September 2026 [Page 16]
Internet-Draft Composite ML-KEM March 2026
ct The ciphertext, a byte string.
Implicit inputs mapped from <OID>:
ML-KEM The underlying ML-KEM algorithm and
parameter set, for example "ML-KEM-768".
Trad The underlying traditional algorithm and
parameter set, for example "RSA-OAEP"
or "X25519".
Label KEM Combiner Label value for binding the ciphertext to
the Composite ML-KEM OID.
See section on KEM Combiner Labels below.
Implicit inputs looked up from SK:
tradPK The traditional public key is required for the KEM
combiner.
For discussion of where to get this value, see the
Decapsulation Requires the Public Key section.
Output:
ss The shared secret key, a 256-bit key suitable for use
with symmetric cryptographic algorithms.
Decap Process:
1. Separate the private keys and ciphertexts
(mlkemSeed, tradSK) = DeserializePrivateKey(sk)
(_, mlkemSK) = ML-KEM.KeyGen(mlkemSeed[:32], mlkemSeed[32:])
(mlkemCT, tradCT) = DeserializeCiphertext(ct)
2. Perform the respective component Decap operations according
to their algorithm specifications.
mlkemSS = ML-KEM.Decaps(mlkemSK, mlkemCT)
tradSS = TradKEM.Decap(tradSK, tradCT)
3. If either ML-KEM.Decaps() or TradKEM.Decap() return an error,
then this process must return an error.
if NOT mlkemSS or NOT tradSS:
output "Decapsulation error"
4. Combine the KEM secrets and additional context to yield the
Ounsworth, et al. Expires 28 September 2026 [Page 17]
Internet-Draft Composite ML-KEM March 2026
composite shared secret key.
ss = KemCombiner(mlkemSS, tradSS, tradCT, tradPK, Label)
5. Output composite shared secret key.
return ss
Steps 2 and 4 SHOULD be performed in a timing-invariant way to
prevent side-channel attackers from learning any of the inputs or
output of the KEM combiner.
Step 4 requires the Decaps() process to have access to tradPK, which
is not carried in the private key format and therefore the
implementation is required to acquire it from some out-of-band means.
The Implementation Considerations Section 10.4 provides further
discussion on this.
It is possible to use component private keys stored in separate
software or hardware keystores. Variations in the process to
accommodate particular private key storage mechanisms are considered
to be conformant to this specification so long as it produces the
same output and error handling as the process sketched above.
Ounsworth, et al. Expires 28 September 2026 [Page 18]
Internet-Draft Composite ML-KEM March 2026
In order to properly achieve its security properties, the KEM
combiner requires that all inputs are fixed-length or length-encoded.
Since each Composite ML-KEM algorithm fully specifies its component
algorithms, including key sizes, all inputs should be fixed-length in
non-error scenarios except for minor variations introduced by
encoding. In the cases where there are minor variations introduced
by encoding, those encodings already have a fixed-length prefix
followed by length-encoded data, so the requirements for the KEM
combiner security properties hold (namely that the input is
injective). However some implementations may choose to perform
additional checking to handle certain error conditions. In
particular, the KEM combiner step should not be performed if either
of the component decapsulations returned an error condition
indicating malformed inputs. RSA-based composites MUST ensure that
the modulus size (i.e. the size of tradCT and tradPK) matches that
specified for the given Composite ML-KEM algorithm in Section 6;
depending on the cryptographic library used, this check may be done
by the library or may require an explicit check as part of the
Composite-ML-KEM.Decap() routine. Implementers should keep in mind
that some instances of tradCT and tradPK will be DER-encoded which
could introduce minor length variations such as dropping leading
zeroes; since the underlying KEMs are assumed to be IND-CCA secure,
decapsulation against tampered ciphertexts or public keys is assumed
to fail, these length differences are considered benign to the KEM
combiner.
Errors produced by the component Decaps() routines MUST be forwarded
on to the calling application. Further discussion can be found below
in Section 3.5.
3.4. KEM Combiner Function
This specification provides a combiner construction with SHA3-256 for
all combinations of algorithms.
Ounsworth, et al. Expires 28 September 2026 [Page 19]
Internet-Draft Composite ML-KEM March 2026
KemCombiner(mlkemSS, tradSS, tradCT, tradPK, Label) -> ss
Explicit inputs:
The list of input values to be combined.
Output:
ss The shared secret key, a 256-bit key suitable for use with
symmetric cryptographic algorithms.
Process:
ss = SHA3-256(mlkemSS || tradSS || tradCT || tradPK || Label)
return ss
3.5. Error Handling and Explicit Rejection
ML-KEM, particularly its Decaps() defined in Algorithms 18 and 21 of
[FIPS.203], is designed to be implicitly rejecting, meaning that a
failure within the underlying PKE scheme due to a mangled ciphertext
will not cause ML-KEM.Decaps() to return an error, but instead any
errors encountered during decapsulation are handled by producing a
pseudo-random shared secret. ML-KEM.Decaps() can, however return
errors for example if the provided ciphertext or decapsulation
private key is the wrong size.
In Composite ML-KEM, not all component algorithms will be implicitly
rejecting, for example RSA-OAEP's Decrypt() can return an error if
the padding is incorrect. In general, in the case that one of the
component primitives generates an error during Composite ML-KEM
KeyGen, Encaps, or Decaps, Composite ML-KEM MUST clear all buffers
containing key material and forward the error to its caller; i.e.
Composite ML-KEM MUST be explicitly rejecting whenever one of its
components is. The same applies to Composite ML-KEM KeyGen() and
Encaps(): Composite KEM MUST forward any errors produced by component
algorithms.
4. Serialization
This section presents routines for serializing and deserializing
composite public keys, private keys, and ciphertext values to bytes.
The functions defined in this section are considered internal
implementation details and are referenced from within the public API
definitions in Section 3.
Ounsworth, et al. Expires 28 September 2026 [Page 20]
Internet-Draft Composite ML-KEM March 2026
Deserialization is possible because ML-KEM has fixed-length public
keys, private keys (seeds), and ciphertext values as shown in the
following table.
+=============+============+=============+============+
| Algorithm | Public Key | Private Key | Ciphertext |
+=============+============+=============+============+
| ML-KEM-768 | 1184 | 64 | 1088 |
+-------------+------------+-------------+------------+
| ML-KEM-1024 | 1568 | 64 | 1568 |
+-------------+------------+-------------+------------+
Table 1: ML-KEM Sizes in bytes
For all serialization routines below, when these values are required
to be carried in an ASN.1 structure, they are wrapped as described in
Section 5.1.
While ML-KEM has a single fixed-size representation for each of
public key, private key, and ciphertext, the traditional component
might allow multiple valid encodings; for example an elliptic curve
public key, and therefore also ciphertext, might be validly encoded
as either compressed or uncompressed [SEC1], or an RSA private key
could be encoded in Chinese Remainder Theorem form [RFC8017]. In
order to obtain interoperability, composite algorithms MUST use the
following encodings of the underlying components:
* *ML-KEM*: MUST be encoded as specified in sections 7.1 and 7.2 of
[FIPS.203], using a 64-byte seed (d || z) as the private key.
* *RSA*: the public key MUST be encoded as RSAPublicKey with the
(n,e) public key representation as specified in A.1.1 of [RFC8017]
and the private key representation as RSAPrivateKey specified in
A.1.2 of [RFC8017] with version 0 and 'otherPrimeInfos' absent.
An RSA-OAEP ciphertext MUST be encoded as specified in section
7.1.1 of [RFC8017]
* *ECDH*: public key MUST be encoded as an uncompressed elliptic
curve point as in section 2.2 of [RFC5480], including the leading
byte 0x04 indicating uncompressed encoding and without the ASN.1
OCTET STRING wrapper. This is consistent with the encoding of EC
public keys in X9.62 [X9.62_2005]. The private key MUST be
encoded as ECPrivateKey specified in [RFC5915] with 'NamedCurve'
parameter set to the OID of the curve, but without the 'publicKey'
field. The ciphertext MUST be encoded in the same manner as the
public key.
Ounsworth, et al. Expires 28 September 2026 [Page 21]
Internet-Draft Composite ML-KEM March 2026
* *X25519 and X448*: the public key MUST be encoded as per section 5
of [RFC7748] and the private key is a 32 or 56 byte raw value for
X25519 and X448 respectively. The ciphertext MUST be encoded in
the same manner as the public key.
All ASN.1 objects SHALL be encoded using DER on serialization.
Even with fixed encodings for the traditional component, there may be
slight differences in size of the encoded value due to, for example,
encoding rules that drop leading zeroes. See Appendix A for further
discussion of encoded size of each composite algorithm.
The deserialization routines described below do not check for well-
formedness of the cryptographic material they are recovering. It is
assumed that underlying cryptographic primitives will catch malformed
values and raise an appropriate error.
4.1. SerializePublicKey and DeserializePublicKey
The serialization routine for keys simply concatenates the public
keys of the component algorithms, as defined below:
Composite-ML-KEM.SerializePublicKey(mlkemPK, tradPK) -> bytes
Explicit inputs:
mlkemPK The ML-KEM public key, which is bytes.
tradPK The traditional public key in the appropriate
encoding for the underlying component algorithm.
Implicit inputs:
None
Output:
bytes The encoded composite public key.
Serialization Process:
1. Combine and output the encoded public key
output mlkemPK || tradPK
Ounsworth, et al. Expires 28 September 2026 [Page 22]
Internet-Draft Composite ML-KEM March 2026
Deserialization reverses this process. Each component key is
deserialized according to their respective specification as shown in
Appendix B.
The following describes how to instantiate a
DeserializePublicKey(bytes) function for a given composite algorithm
represented by <OID>.
Composite-ML-KEM<OID>.DeserializePublicKey(bytes) -> (mlkemPK, tradPK)
Explicit inputs:
bytes An encoded composite public key.
Implicit inputs mapped from <OID>:
ML-KEM The underlying ML-KEM algorithm and
parameter, for example, could be "ML-KEM-768".
Output:
mlkemPK The ML-KEM public key, which is bytes.
tradPK The traditional public key in the appropriate
encoding for the underlying component algorithm.
Deserialization Process:
1. Parse each constituent encoded public key.
The length of the mlkemPK is known based on the size of
the ML-KEM component key length specified by the Object ID.
switch ML-KEM do
case ML-KEM-768:
mlkemPK = bytes[:1184]
tradPK = bytes[1184:]
case ML-KEM-1024:
mlkemPK = bytes[:1568]
tradPK = bytes[1568:]
Note that while ML-KEM has fixed-length keys, RSA
may not, depending on encoding, so rigorous length-checking
of the overall composite key is not always possible.
2. Output the component public keys
output (mlkemPK, tradPK)
Ounsworth, et al. Expires 28 September 2026 [Page 23]
Internet-Draft Composite ML-KEM March 2026
4.2. SerializePrivateKey and DeserializePrivateKey
The serialization routine for keys simply concatenates the private
keys of the component algorithms, as defined below:
Composite-ML-KEM.SerializePrivateKey(mlkemSeed, tradSK) -> bytes
Explicit inputs:
mlkemSeed The ML-KEM private key, which consists of 32 Byte seed value d
concatenated with 32 Byte seed value z.
tradSK The traditional private key in the appropriate
encoding for the underlying component algorithm.
Implicit inputs:
None
Output:
bytes The encoded composite private key.
Serialization Process:
1. Combine and output the encoded private key.
output mlkemSeed || tradSK
Deserialization reverses this process. Each component key is
deserialized according to their respective specification as shown in
Appendix B.
The following describes how to instantiate a
DeserializePrivateKey(bytes) function. Since ML-KEM private keys are
64 bytes for all parameter sets, this function does not need to be
parametrized.
Ounsworth, et al. Expires 28 September 2026 [Page 24]
Internet-Draft Composite ML-KEM March 2026
Composite-ML-KEM.DeserializePrivateKey(bytes)
-> (mlkemSeed, tradSK)
Explicit inputs:
bytes An encoded composite private key.
Implicit inputs:
That an ML-KEM private key is 64 bytes for all parameter sets.
Output:
mlkemSeed The ML-KEM private key, which consists of 32 Byte seed value d
concatenated with 32 Byte seed value z.
tradSK The traditional private key in the appropriate
encoding for the underlying component algorithm.
Deserialization Process:
1. Parse the ML-KEM seed, which is always a 64 byte seed
for all parameter sets.
mlkemSeed = bytes[:64]
tradSK = bytes[64:]
2. Output the component private keys
output (mlkemSeed,tradSK)
4.3. SerializeCiphertext and DeserializeCiphertext
The serialization routine for the composite ciphertext value simply
concatenates the fixed-length ML-KEM ciphertext with the ciphertext
from the traditional algorithm, as defined below:
Ounsworth, et al. Expires 28 September 2026 [Page 25]
Internet-Draft Composite ML-KEM March 2026
Composite-ML-KEM.SerializeCiphertext(mlkemCT, tradCT) -> bytes
Explicit inputs:
mlkemCT The ML-KEM ciphertext, which is bytes.
tradCT The traditional ciphertext in the appropriate
encoding for the underlying component algorithm.
Implicit inputs:
None
Output:
bytes The encoded composite ciphertext value.
Serialization Process:
1. Combine and output the encoded composite ciphertext
output mlkemCT || tradCT
Deserialization reverses this process. Each component ciphertext is
deserialized according to their respective specification as shown in
Appendix B.
The following describes how to instantiate a
DeserializeCiphertext(bytes) function for a given composite algorithm
represented by <OID>.
Ounsworth, et al. Expires 28 September 2026 [Page 26]
Internet-Draft Composite ML-KEM March 2026
Composite-ML-KEM<OID>.DeserializeCiphertext(bytes)
-> (mlkemCT, tradCT)
Explicit inputs:
bytes An encoded composite ciphertext value.
Implicit inputs mapped from <OID>:
ML-KEM The underlying ML-KEM algorithm and
parameter, for example, could be "ML-KEM-768".
Output:
mlkemCT The ML-KEM ciphertext, which is bytes.
tradCT The traditional ciphertext in the appropriate
encoding for the underlying component algorithm.
Deserialization Process:
1. Parse each constituent encoded ciphertext.
The length of the mlkemCT is known based on the size of the
ML-KEM component ciphertext length specified by the Object ID.
switch ML-KEM do
case ML-KEM-768:
mlkemCT = bytes[:1088]
tradCT = bytes[1088:]
case ML-KEM-1024:
mlkemCT= bytes[:1568]
tradCT = bytes[1568:]
2. Output the component ciphertext values
output (mlkemCT, tradCT)
5. Use within X.509 and PKIX
The following sections provide processing logic and the necessary
ASN.1 modules necessary to use composite ML-KEM within X.509 and PKIX
protocols. Use within the Cryptographic Message Syntax (CMS) will be
covered in a separate specification.
Ounsworth, et al. Expires 28 September 2026 [Page 27]
Internet-Draft Composite ML-KEM March 2026
While composite ML-KEM keys and ciphertext values MAY be used raw,
the following sections provide conventions for using them within
X.509 and other PKIX protocols such that Composite ML-KEM can be used
as a drop-in replacement for KEM algorithms in PKCS#10 [RFC2986], CMP
[RFC9810], X.509 [RFC5280], and related protocols.
5.1. Encoding to DER
The serialization routines presented in Section 4 produce raw binary
values. When these values are required to be carried within a DER-
encoded message format such as an X.509's subjectPublicKey or a
OneAsymmetricKey.privateKey OCTET STRING [RFC5958], then the BIT
STRING or OCTET STRING contains this raw byte string output of the
appropriate serialization routine from Section 4 without further
encoding.
When a Composite ML-KEM public key appears outside of a
SubjectPublicKeyInfo type in an environment that uses ASN.1 encoding,
it could be encoded as an OCTET STRING by using the Composite-ML-KEM-
PublicKey type defined below.
Composite-ML-KEM-PublicKey ::= OCTET STRING
Size constraints MAY be enforced, as appropriate as per Appendix A.
5.2. Key Usage Bits
When any Composite ML-KEM Object Identifier appears within the
SubjectPublicKeyInfo.AlgorithmIdentifier field of an X.509
certificate [RFC5280], the key usage certificate extension MUST only
contain:
keyEncipherment
Composite ML-KEM keys MUST NOT be used in a "dual usage" mode because
even if the traditional component key supports both signing and
encryption, the post-quantum algorithms do not and therefore the
overall composite algorithm does not. Implementations MUST NOT use
one component of the composite for the purposes of digital signature
and the other component for the purposes of encryption or key
establishment.
5.3. ASN.1 Definitions
Composite ML-KEM uses a substantially non-ASN.1 based encoding, as
specified in Section 4. However, as composite algorithms will be
used within ASN.1-based X.509 and PKIX protocols, some conventions
for ASN.1 wrapping are necessary.
Ounsworth, et al. Expires 28 September 2026 [Page 28]
Internet-Draft Composite ML-KEM March 2026
The following ASN.1 Information Object Classes are defined to allow
for compact definitions of each composite algorithm, leading to a
smaller overall ASN.1 module.
pk-CompositeKEM {OBJECT IDENTIFIER:id}
PUBLIC-KEY ::= {
IDENTIFIER id
-- KEY no ASN.1 wrapping --
PARAMS ARE absent
CERT-KEY-USAGE { keyEncipherment }
-- PRIVATE-KEY no ASN.1 wrapping --
}
kema-CompositeKEM {
OBJECT IDENTIFIER:id,
PUBLIC-KEY:publicKeyType }
KEM-ALGORITHM ::= {
IDENTIFIER id
-- VALUE no ASN.1 wrapping --
PARAMS ARE absent
PUBLIC-KEYS { publicKeyType }
SMIME-CAPS { IDENTIFIED BY id }
}
Figure 1: ASN.1 Object Information Classes for Composite ML-KEM
As an example, the public key and KEM algorithm types associated with
id-MLKEM768-ECDH-P256-SHA3-256 are defined as:
pk-MLKEM768-ECDH-P256-SHA3-256 PUBLIC-KEY ::=
pk-CompositeKEM {
id-MLKEM768-ECDH-P256-SHA3-256 }
kema-MLKEM768-ECDH-P256-SHA3-256 KEM-ALGORITHM ::=
kema-CompositeKEM{
id-MLKEM768-ECDH-P256-SHA3-256,
pk-MLKEM768-ECDH-P256-SHA3-256 }
The full set of key types defined by this specification can be found
in the ASN.1 Module in Section 7.
Use cases that require an interoperable encoding for composite
private keys will often need to place a composite private key inside
a OneAsymmetricKey structure defined in [RFC5958], such as when
private keys are carried in PKCS #12 [RFC7292], CMP [RFC9810] or CRMF
[RFC4211]. The definition of OneAsymmetricKey is copied here for
convenience:
Ounsworth, et al. Expires 28 September 2026 [Page 29]
Internet-Draft Composite ML-KEM March 2026
OneAsymmetricKey ::= SEQUENCE {
version Version,
privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
privateKey PrivateKey,
attributes [0] Attributes OPTIONAL,
...,
[[2: publicKey [1] PublicKey OPTIONAL ]],
...
}
...
PrivateKey ::= OCTET STRING
-- Content varies based on type of key. The
-- algorithm identifier dictates the format of
-- the key.
Figure 2: OneAsymmetricKey as defined in [RFC5958]
When a composite private key is conveyed inside a OneAsymmetricKey
structure (version 1 of which is also known as PrivateKeyInfo)
[RFC5958], the privateKeyAlgorithm field SHALL be set to the
corresponding composite algorithm identifier defined according to
Section 6 and its parameters field MUST be absent. The privateKey
field SHALL contain the OCTET STRING representation of the serialized
composite private key as per Section 4.2. The publicKey field
remains OPTIONAL. If the publicKey field is present, it MUST be a
composite public key as per Section 4.1.
Some applications might need to reconstruct the SubjectPublicKeyInfo
or OneAsymmetricKey objects corresponding to each component key
individually, for example if this is required for invoking the
underlying primitive. Section 6 provides the necessary mapping
between composite and their component algorithms for doing this
reconstruction.
Component keys of a composite private key MUST NOT be used in any
other type of key or as a standalone key. For more details on the
security considerations around key reuse, see Section 9.3.
6. Algorithm Identifiers and Parameters
This section lists the algorithm identifiers and parameters for all
Composite ML-KEM algorithms.
Full specifications for the referenced algorithms can be found in
Appendix B.
Ounsworth, et al. Expires 28 September 2026 [Page 30]
Internet-Draft Composite ML-KEM March 2026
As the number of algorithms can be daunting to implementers, see
Section 10.3 for a discussion of choosing a subset to support.
Each Composite ML-KEM algorithm has a unique Label which is used in
constructing the KEM combiner in (Section 3.4). This helps protect
against a different algorithm arriving at the same shared secret key
even if all inputs are the same.
Label values are provided in two forms: where the label value is
alphanumeric ASCII, they are represented below as strings. For
example, "MLKEM768-RSAOAEP2048" below is equivalent to the
hexadecimal value 4D4C4B454D3736382D5253414F41455032303438.
Some of the label values contain problematic characters, such as
backslashes, that can cause issues displaying correctly in rendered
documents or even in source code when the compiler interprets it as
an escape character. Below, these are represented directly in
hexadecimal. For example, the label for id-MLKEM768-X25519-SHA3-256
is "\.//^\", but to avoid transcription errors it is provided only in
hexadecimal as 5c2e2f2f5e5c.
Composite KEM algorithm list:
* id-MLKEM768-RSA2048-SHA3-256
- OID: 1.3.6.1.5.5.7.6.55
- Label: "MLKEM768-RSAOAEP2048"
- ML-KEM variant: ML-KEM-768
- Traditional Algorithm: RSA
o Traditional KEM Algorithm: id-RSAES-OAEP
o RSA size: 2048
o RSAES-OAEP parameters: See Table 2
* id-MLKEM768-RSA3072-SHA3-256
- OID: 1.3.6.1.5.5.7.6.56
- Label: "MLKEM768-RSAOAEP3072"
- ML-KEM variant: ML-KEM-768
- Traditional Algorithm: RSA
Ounsworth, et al. Expires 28 September 2026 [Page 31]
Internet-Draft Composite ML-KEM March 2026
o Traditional KEM Algorithm: id-RSAES-OAEP
o RSA size: 3072
o RSAES-OAEP parameters: See Table 2
* id-MLKEM768-RSA4096-SHA3-256
- OID: 1.3.6.1.5.5.7.6.57
- Label: "MLKEM768-RSAOAEP4096"
- ML-KEM variant: ML-KEM-768
- Traditional Algorithm: RSA
o Traditional KEM Algorithm: id-RSAES-OAEP
o RSA size: 4096
o RSAES-OAEP parameters: See Table 2
* id-MLKEM768-X25519-SHA3-256
- OID: 1.3.6.1.5.5.7.6.58
- Label: "5c2e2f2f5e5c" (hex)
- ML-KEM variant: ML-KEM-768
- Traditional Algorithm: X25519
o Traditional KEM Algorithm: id-X25519
* id-MLKEM768-ECDH-P256-SHA3-256
- OID: 1.3.6.1.5.5.7.6.59
- Label: "MLKEM768-P256"
- ML-KEM variant: ML-KEM-768
- Traditional Algorithm: ECDH
o Traditional KEM Algorithm: id-ecDH
o ECDH curve: secp256r1
Ounsworth, et al. Expires 28 September 2026 [Page 32]
Internet-Draft Composite ML-KEM March 2026
* id-MLKEM768-ECDH-P384-SHA3-256
- OID: 1.3.6.1.5.5.7.6.60
- Label: "MLKEM768-P384"
- ML-KEM variant: ML-KEM-768
- Traditional Algorithm: ECDH
o Traditional KEM Algorithm: id-ecDH
o ECDH curve: secp384r1
* id-MLKEM768-ECDH-brainpoolP256r1-SHA3-256
- OID: 1.3.6.1.5.5.7.6.61
- Label: "MLKEM768-BP256"
- ML-KEM variant: ML-KEM-768
- Traditional Algorithm: ECDH
o Traditional KEM Algorithm: id-ecDH
o ECDH curve: brainpoolP256r1
* id-MLKEM1024-RSA3072-SHA3-256
- OID: 1.3.6.1.5.5.7.6.62
- Label: "MLKEM1024-RSAOAEP3072"
- ML-KEM variant: ML-KEM-1024
- Traditional Algorithm: RSA
o Traditional KEM Algorithm: id-RSAES-OAEP
o RSA size: 3072
o RSAES-OAEP parameters: See Table 2
* id-MLKEM1024-ECDH-P384-SHA3-256
- OID: 1.3.6.1.5.5.7.6.63
Ounsworth, et al. Expires 28 September 2026 [Page 33]
Internet-Draft Composite ML-KEM March 2026
- Label: "MLKEM1024-P384"
- ML-KEM variant: ML-KEM-1024
- Traditional Algorithm: ECDH
o Traditional KEM Algorithm: id-ecDH
o ECDH curve: secp384r1
* id-MLKEM1024-ECDH-brainpoolP384r1-SHA3-256
- OID: 1.3.6.1.5.5.7.6.64
- Label: "MLKEM1024-BP384"
- ML-KEM variant: ML-KEM-1024
- Traditional Algorithm: ECDH
o Traditional KEM Algorithm: id-ecDH
o ECDH curve: brainpoolP384r1
* id-MLKEM1024-X448-SHA3-256
- OID: 1.3.6.1.5.5.7.6.65
- Label: "MLKEM1024-X448"
- ML-KEM variant: ML-KEM-1024
- Traditional Algorithm: X448
o Traditional KEM Algorithm: id-X448
* id-MLKEM1024-ECDH-P521-SHA3-256
- OID: 1.3.6.1.5.5.7.6.66
- Label: "MLKEM1024-P521"
- ML-KEM variant: ML-KEM-1024
- Traditional Algorithm: ECDH
o Traditional KEM Algorithm: id-ecDH
Ounsworth, et al. Expires 28 September 2026 [Page 34]
Internet-Draft Composite ML-KEM March 2026
o ECDH curve: secp521r1
In alignment with ML-KEM [FIPS.203], Composite KEM algorithms output
a 256-bit shared secret key at all security levels.
For all RSA key types and sizes, the exponent is RECOMMENDED to be
65537. Implementations MAY support only 65537 and reject other
exponent values. Legacy RSA implementations that use other values
for the exponent MAY be used within a composite, but need to be
careful when interoperating with other implementations.
SHA3-256 is used as the KDF for all Composite ML-KEM algorithms.
6.1. RSA-OAEP Parameters
Use of RSA-OAEP [RFC8017] requires additional parameters to be
specified.
The RSA component keys MUST be generated at the specified 2048-bit,
3072-bit, 4096-bit key sizes respectively (up to small differences
such as dropping leading zeros); intermediate sizes are not
acceptable.
As with the other Composite ML-KEM algorithms, AlgorithmIdentifier
parameters MUST be absent. The RSA-OAEP primitive SHALL be
instantiated with the following hard-coded parameters which are the
same for the 2048, 3072 and 4096 bit key sizes since the objective is
to carry and output a 256-bit shared secret key at all security
levels.
+=============================+=================+
| RSAES-OAEP-params | Value |
+=============================+=================+
| hashAlgorithm | id-sha256 |
+-----------------------------+-----------------+
| MaskGenAlgorithm.algorithm | id-mgf1 |
+-----------------------------+-----------------+
| maskGenAlgorithm.parameters | id-sha256 |
+-----------------------------+-----------------+
| pSourceAlgorithm | pSpecifiedEmpty |
+-----------------------------+-----------------+
| ss_len | 256 bits |
+-----------------------------+-----------------+
Table 2: RSA-OAEP Parameters
Full specifications for the referenced algorithms can be found in
Appendix B.
Ounsworth, et al. Expires 28 September 2026 [Page 35]
Internet-Draft Composite ML-KEM March 2026
Note: The mask length, according to [RFC8017], is k - hLen - 1, where
k is the size of the RSA modulus. Since the choice of hash function
and the RSA key size is fixed for each composite algorithm,
implementations could choose to pre-compute and hard-code the mask
length.
6.2. Rationale for choices
In generating the list of composite algorithms, the idea was to
provide composite algorithms at various security levels with varying
performance characteristics.
The main design consideration in choosing pairings is to prioritize
providing pairings of each ML-KEM security level with commonly-
deployed traditional algorithms. This supports the design goal of
using composites as a stepping stone to efficiently deploy post-
quantum on top of existing hardened and certified traditional
algorithm implementations. This was prioritized rather than
attempting to exactly match the security level of the post-quantum
and traditional components -- which in general is difficult to do
since there is no academic consensus on how to compare the "bits of
security" against classical attackers and "qubits of security"
against quantum attackers.
While it may seem odd to use 256-bit outputs at all security levels,
this aligns with ML-KEM [FIPS.203] which produces a 256-bit shared
secret key at all security levels. SHA3-256 has 256 bits of (2nd)
pre-image resistance, which is the required property for a KDF to
provide 128 bits of security, as allowed in Table 3 of
[SP.800-57pt1r5].
7. ASN.1 Module
<CODE STARTS>
Composite-MLKEM-2025
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-composite-mlkem-2025(TBDMOD) }
DEFINITIONS IMPLICIT TAGS ::= BEGIN
EXPORTS ALL;
IMPORTS
PUBLIC-KEY, AlgorithmIdentifier{}, SMIME-CAPS
FROM AlgorithmInformation-2009 -- RFC 5912 [X509ASN1]
Ounsworth, et al. Expires 28 September 2026 [Page 36]
Internet-Draft Composite ML-KEM March 2026
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-algorithmInformation-02(58) }
KEM-ALGORITHM
FROM KEMAlgorithmInformation-2023
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-kemAlgorithmInformation-2023(109) }
;
--
-- Object Identifiers
--
--
-- Information Object Classes
--
pk-CompositeKEM {OBJECT IDENTIFIER:id}
PUBLIC-KEY ::= {
IDENTIFIER id
-- KEY no ASN.1 wrapping --
PARAMS ARE absent
CERT-KEY-USAGE { keyEncipherment }
-- PRIVATE-KEY no ASN.1 wrapping --
}
kema-CompositeKEM {
OBJECT IDENTIFIER:id,
PUBLIC-KEY:publicKeyType }
KEM-ALGORITHM ::= {
IDENTIFIER id
-- VALUE no ASN.1 wrapping --
PARAMS ARE absent
PUBLIC-KEYS { publicKeyType }
SMIME-CAPS { IDENTIFIED BY id }
}
--
-- Composite KEM Algorithms
--
-- Composite ML-KEM
Ounsworth, et al. Expires 28 September 2026 [Page 37]
Internet-Draft Composite ML-KEM March 2026
id-MLKEM768-RSA2048-SHA3-256 OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) alg(6) 55 }
pk-MLKEM768-RSA2048-SHA3-256 PUBLIC-KEY ::=
pk-CompositeKEM {
id-MLKEM768-RSA2048-SHA3-256 }
kema-MLKEM768-RSA2048-SHA3-256 KEM-ALGORITHM ::=
kema-CompositeKEM{
id-MLKEM768-RSA2048-SHA3-256,
pk-MLKEM768-RSA2048-SHA3-256 }
id-MLKEM768-RSA3072-SHA3-256 OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) alg(6) 56 }
pk-MLKEM768-RSA3072-SHA3-256 PUBLIC-KEY ::=
pk-CompositeKEM {
id-MLKEM768-RSA3072-SHA3-256 }
kema-MLKEM768-RSA3072-SHA3-256 KEM-ALGORITHM ::=
kema-CompositeKEM{
id-MLKEM768-RSA3072-SHA3-256,
pk-MLKEM768-RSA3072-SHA3-256 }
id-MLKEM768-RSA4096-SHA3-256 OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) alg(6) 57 }
pk-MLKEM768-RSA4096-SHA3-256 PUBLIC-KEY ::=
pk-CompositeKEM {
id-MLKEM768-RSA4096-SHA3-256 }
kema-MLKEM768-RSA4096-SHA3-256 KEM-ALGORITHM ::=
kema-CompositeKEM{
id-MLKEM768-RSA4096-SHA3-256,
pk-MLKEM768-RSA4096-SHA3-256 }
id-MLKEM768-X25519-SHA3-256 OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) alg(6) 58 }
Ounsworth, et al. Expires 28 September 2026 [Page 38]
Internet-Draft Composite ML-KEM March 2026
pk-MLKEM768-X25519-SHA3-256 PUBLIC-KEY ::=
pk-CompositeKEM {
id-MLKEM768-X25519-SHA3-256 }
kema-MLKEM768-X25519-SHA3-256 KEM-ALGORITHM ::=
kema-CompositeKEM{
id-MLKEM768-X25519-SHA3-256,
pk-MLKEM768-X25519-SHA3-256 }
id-MLKEM768-ECDH-P256-SHA3-256 OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) alg(6) 59 }
pk-MLKEM768-ECDH-P256-SHA3-256 PUBLIC-KEY ::=
pk-CompositeKEM {
id-MLKEM768-ECDH-P256-SHA3-256 }
kema-MLKEM768-ECDH-P256-SHA3-256 KEM-ALGORITHM ::=
kema-CompositeKEM{
id-MLKEM768-ECDH-P256-SHA3-256,
pk-MLKEM768-ECDH-P256-SHA3-256 }
id-MLKEM768-ECDH-P384-SHA3-256 OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) alg(6) 60 }
pk-MLKEM768-ECDH-P384-SHA3-256 PUBLIC-KEY ::=
pk-CompositeKEM {
id-MLKEM768-ECDH-P384-SHA3-256 }
kema-MLKEM768-ECDH-P384-SHA3-256 KEM-ALGORITHM ::=
kema-CompositeKEM{
id-MLKEM768-ECDH-P384-SHA3-256,
pk-MLKEM768-ECDH-P384-SHA3-256 }
id-MLKEM768-ECDH-brainpoolP256r1-SHA3-256 OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) alg(6) 61 }
pk-MLKEM768-ECDH-brainpoolP256r1-SHA3-256 PUBLIC-KEY ::=
pk-CompositeKEM {
id-MLKEM768-ECDH-brainpoolP256r1-SHA3-256 }
Ounsworth, et al. Expires 28 September 2026 [Page 39]
Internet-Draft Composite ML-KEM March 2026
kema-MLKEM768-ECDH-brainpoolP256r1-SHA3-256 KEM-ALGORITHM ::=
kema-CompositeKEM{
id-MLKEM768-ECDH-brainpoolP256r1-SHA3-256,
pk-MLKEM768-ECDH-brainpoolP256r1-SHA3-256 }
id-MLKEM1024-RSA3072-SHA3-256 OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) alg(6) 62 }
pk-MLKEM1024-RSA3072-SHA3-256 PUBLIC-KEY ::=
pk-CompositeKEM {
id-MLKEM1024-RSA3072-SHA3-256 }
kema-MLKEM1024-RSA3072-SHA3-256 KEM-ALGORITHM ::=
kema-CompositeKEM{
id-MLKEM1024-RSA3072-SHA3-256,
pk-MLKEM1024-RSA3072-SHA3-256 }
id-MLKEM1024-ECDH-P384-SHA3-256 OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) alg(6) 63 }
pk-MLKEM1024-ECDH-P384-SHA3-256 PUBLIC-KEY ::=
pk-CompositeKEM {
id-MLKEM1024-ECDH-P384-SHA3-256 }
kema-MLKEM1024-ECDH-P384-SHA3-256 KEM-ALGORITHM ::=
kema-CompositeKEM{
id-MLKEM1024-ECDH-P384-SHA3-256,
pk-MLKEM1024-ECDH-P384-SHA3-256 }
id-MLKEM1024-ECDH-brainpoolP384r1-SHA3-256 OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) alg(6) 64 }
pk-MLKEM1024-ECDH-brainpoolP384r1-SHA3-256 PUBLIC-KEY ::=
pk-CompositeKEM{
id-MLKEM1024-ECDH-brainpoolP384r1-SHA3-256 }
kema-MLKEM1024-ECDH-brainpoolP384r1-SHA3-256 KEM-ALGORITHM ::=
kema-CompositeKEM{
id-MLKEM1024-ECDH-brainpoolP384r1-SHA3-256,
Ounsworth, et al. Expires 28 September 2026 [Page 40]
Internet-Draft Composite ML-KEM March 2026
pk-MLKEM1024-ECDH-brainpoolP384r1-SHA3-256 }
id-MLKEM1024-X448-SHA3-256 OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) alg(6) 65 }
pk-MLKEM1024-X448-SHA3-256 PUBLIC-KEY ::=
pk-CompositeKEM {
id-MLKEM1024-X448-SHA3-256 }
kema-MLKEM1024-X448 KEM-ALGORITHM ::=
kema-CompositeKEM{
id-MLKEM1024-X448-SHA3-256,
pk-MLKEM1024-X448-SHA3-256 }
id-MLKEM1024-ECDH-P521-SHA3-256 OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) alg(6) 66 }
pk-MLKEM1024-ECDH-P521-SHA3-256 PUBLIC-KEY ::=
pk-CompositeKEM {
id-MLKEM1024-ECDH-P521-SHA3-256 }
kema-MLKEM1024-ECDH-P521-SHA3-256 KEM-ALGORITHM ::=
kema-CompositeKEM{
id-MLKEM1024-ECDH-P521-SHA3-256,
pk-MLKEM1024-ECDH-P521-SHA3-256 }
END
<CODE ENDS>
8. IANA Considerations
8.1. Object Identifier Allocations
IANA has registered the Object Identifiers in the "SMI Security for
PKIX Algorithms" registry.
8.1.1. Module Registration
The following is to be registered in "SMI Security for PKIX Module
Identifier":
Ounsworth, et al. Expires 28 September 2026 [Page 41]
Internet-Draft Composite ML-KEM March 2026
* Decimal: IANA Assigned - *Replace TBDMOD*
* Description: Composite-MLKEM-2025 - id-mod-composite-mlkem-2025
* References: This Document
8.1.2. Object Identifier Registrations
The following are registered in the "SMI Security for PKIX
Algorithms":
* id-MLKEM768-RSA2048-SHA3-256
- Decimal: 1.3.6.1.5.5.7.6.55
- Description: id-MLKEM768-RSA2048-SHA3-256
- References: This Document
* id-MLKEM768-RSA3072-SHA3-256
- Decimal: 1.3.6.1.5.5.7.6.56
- Description: id-MLKEM768-RSA3072-SHA3-256
- References: This Document
* id-MLKEM768-RSA4096-SHA3-256
- Decimal: 1.3.6.1.5.5.7.6.57
- Description: id-MLKEM768-RSA4096-SHA3-256
- References: This Document
* id-MLKEM768-X25519-SHA3-256
- Decimal: 1.3.6.1.5.5.7.6.58
- Description: id-MLKEM768-X25519-SHA3-256
- References: This Document
* id-MLKEM768-ECDH-P256-SHA3-256
- Decimal: 1.3.6.1.5.5.7.6.59
- Description: id-MLKEM768-ECDH-P256-SHA3-256
Ounsworth, et al. Expires 28 September 2026 [Page 42]
Internet-Draft Composite ML-KEM March 2026
- References: This Document
* id-MLKEM768-ECDH-P384-SHA3-256
- Decimal: 1.3.6.1.5.5.7.6.60
- Description: id-MLKEM768-ECDH-P384-SHA3-256
- References: This Document
* id-MLKEM768-ECDH-brainpoolP256r1-SHA3-256
- Decimal: 1.3.6.1.5.5.7.6.61
- Description: id-MLKEM768-ECDH-brainpoolP256r1-SHA3-256
- References: This Document
* id-MLKEM1024-RSA3072-SHA3-256
- Decimal: 1.3.6.1.5.5.7.6.62
- Description: id-MLKEM1024-RSA3072-SHA3-256
- References: This Document
* id-MLKEM1024-ECDH-P384-SHA3-256
- Decimal: 1.3.6.1.5.5.7.6.63
- Description: id-MLKEM1024-ECDH-P384-SHA3-256
- References: This Document
* id-MLKEM1024-ECDH-brainpoolP384r1-SHA3-256
- Decimal: 1.3.6.1.5.5.7.6.64
- Description: id-MLKEM1024-ECDH-brainpoolP384r1-SHA3-256
- References: This Document
* id-MLKEM1024-X448-SHA3-256
- Decimal: 1.3.6.1.5.5.7.6.65
- Description: id-MLKEM1024-X448-SHA3-256
Ounsworth, et al. Expires 28 September 2026 [Page 43]
Internet-Draft Composite ML-KEM March 2026
- References: This Document
* id-MLKEM1024-ECDH-P521-SHA3-256
- Decimal: 1.3.6.1.5.5.7.6.66
- Description: id-MLKEM1024-ECDH-P521-SHA3-256
- References: This Document
9. Security Considerations
As this specification uses ML-KEM as a component of all composite
algorithms, all security considerations from
[I-D.ietf-lamps-kyber-certificates] and
[I-D.sfluhrer-cfrg-ml-kem-security-considerations] apply. Note in
particular the "Encapsulation key check" in section 7.2 of [FIPS.203]
and the "Decapsulation input check" in section 7.3 of [FIPS.203]
which are required for correct and secure functioning of ML-KEM, but
which are considered to be external to the Encaps() and Decaps()
algorithms.
9.1. Why Hybrids?
In broad terms, a PQ/T Hybrid can be used either to provide dual-
algorithm security or to provide migration flexibility. Let's
quickly explore both.
Dual-algorithm security. The general idea is that the data is
protected by two algorithms such that an attacker would need to break
both in order to compromise the data. As with most of cryptography,
this property is easy to state in general terms, but becomes more
complicated when expressed in formalisms. The following sections go
into more detail here.
Ounsworth, et al. Expires 28 September 2026 [Page 44]
Internet-Draft Composite ML-KEM March 2026
Migration flexibility. Some PQ/T hybrids exist to provide a sort of
"OR" mode where the application can choose to use one algorithm or
the other or both. The intention is that the PQ/T hybrid mechanism
builds in application backwards compatibility to allow legacy and
upgraded applications to co-exist and communicate. The composite
algorithms presented in this specification do not provide this since
they operate in a strict "AND" mode. They do, however, provide
codebase migration flexibility. Consider that an organization has
today a mature, validated, certified, hardened implementation of RSA
or ECC; composites allow them to add an ML-KEM implementation which
immediately starts providing benefits against harvest-now-decrypt-
later attacks even if that ML-KEM implementation is still an
experimental, non-validated, non-certified, non-hardened
implementation. More details of obtaining FIPS certification of a
composite algorithm can be found in Section 10.1.
9.2. KEM Combiner
The KEM combiner from Section 3.4 is reproduced here for reference.
SHA3-256(mlkemSS || tradSS || tradCT || tradPK || Label)
Figure 3: KEM combiner construction
The primary security property of the KEM combiner is that it
preserves indistinguishable (adaptive) chosen-ciphertext (IND-CCA2)
security of the overall Composite ML-KEM so long as at least one
component is IND-CCA2 [X-Wing] [GHP18]. Additionally, we also need
to consider the case where one of the component algorithms is
completely broken; that the private key is known to an attacker. In
this case, we rely on the construction of the KEM combiner to ensure
that the value of the other shared secret key cannot be leaked or the
combined shared secret key predicted via manipulation of the broken
algorithm.
Each registered Composite ML-KEM algorithm specifies a Label -- see
Section 6. Given that each Composite ML-KEM algorithm fully
specifies the component algorithms, including for example the size of
the RSA modulus, all inputs to the KEM combiner are fixed-size and
thus do not require length-prefixing.
* mlkemSS is always 32 bytes.
* tradSS in the case of DH this is derived by the decapsulator and
therefore the length is not controlled by the attacker, however in
the case of RSA-OAEP this value is directly chosen by the sender
and both the length and content could be freely chosen by an
attacker.
Ounsworth, et al. Expires 28 September 2026 [Page 45]
Internet-Draft Composite ML-KEM March 2026
* tradCT is either an elliptic curve public key or an RSA-OAEP
ciphertext which is required to have its length checked by step 1b
of RSAES-OAEP-DECRYPT in [RFC8017].
* tradPK is the public key of the traditional component (elliptic
curve or RSA) and therefore fixed-length.
* Label is a fixed value specified in this document.
9.2.1. IND-CCA2 Security of the hybrid scheme
Informally, a Composite ML-KEM algorithm is secure if the combiner
(SHA3) is secure, and either ML-KEM is secure or the traditional
component (RSA-OAEP, ECDH, X25519 or X448) is secure.
The security of ML-KEM and DH hybrids is covered in [X-Wing] and
requires that the first KEM component (ML-KEM in this construction)
is IND-CCA2 and second ciphertext preimage resistant (C2PRI) and that
the DH component is nominal group; i.e. a well-behaved elliptic curve
DH group, but does not require the traditional component to be IND-
CCA. This design choice improves performance by not including the
large ML-KEM public key and ciphertext, but means that an
implementation error in the ML-KEM component that affects the
ciphertext check step of the FO transform could result in the overall
composite no longer achieving IND-CCA2 security. This solution
remains IND-CCA2 due to binding the tradPK and tradCT in the KEM
combiner.
The QSF framework presented in [X-Wing] is extended to cover RSA-OAEP
as the traditional algorithm in place of DH. Informally we note that
that RSA-OAEP is IND-CCA2 secure [RFC8017] but is not C2PRI(aka
ciphertext binding) or public key binding since it is mathematically
possibly to construct two RSA-OAEP ciphertexts that decapsulate to
the same shared secret under the same public key or under different
public keys. Binding the RSA-OAEP ciphertext and public key to the
internal KDF restores these properties. Formally, [Starhunters]
ports the proof of [X-Wing] to cover RSA-OAEP as the traditional
compenent in a QSF construction. [KWW2026] goes further, analyzing a
range of different RSA-based KEMs, including the RSA-OAEP-KEM
construction used in this specification, concluding that it achieves
LEAK-BIND-K,PK-CT and C2PRI when the ciphertext is included in the
post-processing KDF.
The composite combiner cannot be assumed to be secure when used with
different KEMs and a more cautious approach would bind the public key
and ciphertext of the first KEM as well.
Ounsworth, et al. Expires 28 September 2026 [Page 46]
Internet-Draft Composite ML-KEM March 2026
9.2.2. Second pre-image resistance of component KEMs
The notion of a "ciphertext second pre-image resistant KEM" is
defined in [X-Wing] as being the property that it is computationally
difficult to find two different ciphertexts c != c' that will
decapsulate to the same shared secret key under the same public key.
For the purposes of a hybrid KEM combiner, this property means that
given two composite ciphertexts (c1, c2) and (c1', c2'), we must
obtain a unique overall shared secret key so long as either c1 != c1'
or c2 != c2' -- i.e. the overall Composite ML-KEM is ciphertext
second pre-image resistant, and therefore secure so long as one of
the component KEMs is secure.
In [X-Wing] it is proven that ML-KEM is a second pre-image resistant
KEM and therefore the ML-KEM ciphertext can safely be omitted from
the KEM combiner. Note that this makes a fundamental assumption on
ML-KEM remaining ciphertext second pre-image resistant, and therefore
this formulation of KEM combiner does not fully protect against
implementation errors in the ML-KEM component -- particularly around
the ciphertext check step of the Fujisaki-Okamoto transform -- which
could trivially lead to second ciphertext pre-image attacks that
break the IND-CCA2 security of the ML-KEM component and of the
overall Composite ML-KEM. This could be more fully mitigated by
binding the ML-KEM ciphertext in the combiner, but a design decision
was made to settle for protection against algorithmic attacks and not
implementation attacks against ML-KEM in order to increase
performance.
However, since neither RSA-OAEP nor DH guarantee second pre-image
resistance at all, even in a correct implementation, these
ciphertexts are bound to the key derivation in order to guarantee
that c != c' will yield a unique ciphertext, and thus restoring
second pre-image resistance to the overall Composite ML-KEM.
9.2.3. Generifying this construction
It should be clear that the security analysis of the presented KEM
combiner construction relies heavily on the specific choices of
component algorithms and combiner KDF, and this combiner construction
SHOULD NOT by applied to any other combination of ciphers without
performing the appropriate security analysis.
Ounsworth, et al. Expires 28 September 2026 [Page 47]
Internet-Draft Composite ML-KEM March 2026
9.3. Key Reuse
While conformance with this specification requires that both
components of a composite key MUST be freshly generated, the
designers are aware that some implementers may be forced to break
this rule due to operational constraints. This section documents the
implications of doing so.
When using single-algorithm cryptography, the best practice is to
always generate fresh keying material for each purpose, for example
when renewing a certificate, or obtaining both a TLS and S/MIME
certificate for the same device. However, in practice key reuse in
such scenarios is not always catastrophic to security and therefore
often tolerated. However this reasoning does not hold in the PQ/T
hybrid setting.
Within the broader context of PQ/T hybrids, we need to consider new
attack surfaces that arise due to the hybrid constructions and did
not exist in single-algorithm contexts. One of these is key reuse
where the component keys within a hybrid are also used by themselves
within a single-algorithm context. For example, it might be tempting
for an operator to take already-deployed RSA keys and add an ML-KEM
key to them to form a hybrid. Within a hybrid signature context this
leads to a class of attacks referred to as "stripping attacks" where
one component signature can be extracted and presented as a single-
algorithm signature. Hybrid KEMs using a concatenation-style KEM
combiner, as is done in this specification, do not have the analogous
attack surface because even if an attacker is able to extract and
decrypt one of the component ciphertexts, this will yield a different
shared secret key than the overall shared secret key derived from the
composite, so any subsequent symmetric cryptographic operations will
fail.
In addition, there is a further implication to key reuse regarding
certificate revocation. Upon receiving a new certificate enrolment
request, many certification authorities will check if the requested
public key has been previously revoked due to key compromise. Often
a CA will perform this check by using the public key hash.
Therefore, if one, or even both, components of a composite have been
previously revoked, the CA may only check the hash of the combined
composite key and not find the revocations. Therefore, because the
possibility of key reuse exists even though forbidden in this
specification, CAs performing revocation checks on a composite key
SHOULD also check both component keys independently to verify that
the component keys have not been revoked.
Ounsworth, et al. Expires 28 September 2026 [Page 48]
Internet-Draft Composite ML-KEM March 2026
9.4. Policy for Deprecated and Acceptable Algorithms
Traditionally, a public key or certificate contains a single
cryptographic algorithm. If and when an algorithm becomes deprecated
(for example, RSA-512, or SHA1), the path to deprecating it through
policy and removing it from operational environments is, at least is
principle, straightforward.
In the composite model this is less obvious since a PQ/T hybrid is
expected to still be considered valid after the traditional component
is deprecated for individual use. As such, a single composite public
key or certificate may contain a mixture of deprecated and non-
deprecated algorithms. In general this should be manageable through
policy by removing OIDs for the standalone component algorithms while
still allowing OIDs for composite algorithms. However, complications
may arise when the composite implementation needs to invoke the
cryptographic module for a deprecated component algorithm. In
particular, this could lead to complex Cryptographic Bills of
Materials that show implementations of deprecated algorithms still
present and being used.
10. Implementation Considerations
10.1. FIPS Certification
The following sections give guidance to implementers wishing to FIPS-
certify a composite implementation.
This guidance is not authoritative and has not been endorsed by NIST.
Implementers seeking FIPS certification of a composite KEM algorithm
where only one of the component algorithms has been FIPS-validated or
FIPS-approved should credit the FIPS-validated component algorithm
with full security strength, the non-FIPS-validated component
algorithm with zero security, and the overall composite should be
considered at least as strong and thus FIPS-approved.
The composite algorithm has been designed to treat the underlying
primitives as "black-box implementations" and not impose any
additional requirements on them that could require an existing
implementation of an underlying primitive to run in a mode different
from the one under which it was certified. For example, the KeyGen
defined in Section 3.1 invokes ML-KEM.KeyGen_internal(d, z) which
might not be available in a cryptographic module running in FIPS-
mode, but Section 3.1 is only a suggested implementation and the
composite KeyGen MAY be implemented using a different available
interface for ML-KEM.KeyGen.
Ounsworth, et al. Expires 28 September 2026 [Page 49]
Internet-Draft Composite ML-KEM March 2026
The authors wish to note that composite algorithms provide a design
pattern to provide utility in future situations that require care to
remain FIPS-compliant, such as future cryptographic migrations as
well as bridging across jurisdictions with non-intersecting
cryptographic requirements.
Successful FIPS certification will need to take into account the
"Encapsulation key check" in section 7.2 of [FIPS.203] and the
"Decapsulation input check" in section 7.3 of [FIPS.203] which are
required for correct and secure functioning of ML-KEM, but which are
considered to be external to the Encaps() and Decaps() algorithms.
The following sections go into further detail on specific issues that
relate to FIPS certification.
10.1.1. Combiner Function
For reference, the KEM combiner used in Composite ML-KEM is:
ss = SHA3-256(mlkemSS || tradSS || tradCT || tradPK || Label)
NIST SP 800-227 [SP800-227] allows hybrid key combiners of the
following form:
K <- KDM((S1,S2,...,St), OtherInput) (14)
Composite ML-KEM maps cleanly into this since it places the two
shared secret keys mlkemSS || tradSS at the beginning of the KDF
input such that all other inputs tradCT || tradPK || Label can be
considered part of OtherInput for the purposes of FIPS certification.
For the detailed steps of the Key Derivation Mechanism KDM,
[SP800-227] refers to [SP.800-56Cr2].
Compliance of the Composite ML-KEM variants is achieved in the
following way:
The Composite ML-KEM algorithms use SHA3, and so can be certified
under [SP.800-56Cr2] One-Step Key Derivation Option 1: H(x) =
hash(x).
[SP.800-56Cr2] section 4 "One-Step Key Derivation" requires a counter
which begins at the 4-byte value 0x00000001. However, the counter is
allowed to be omitted when the hash function is executed only once,
as specified on page 159 of the FIPS 140-3 Implementation Guidance
[FIPS-140-3-IG].
Ounsworth, et al. Expires 28 September 2026 [Page 50]
Internet-Draft Composite ML-KEM March 2026
10.1.2. Order of KDF inputs with Non-Approved Algorithms
[SP800-227] adds an important stipulation that was not present in
earlier NIST specifications:
This publication approves the use of the key combiner (14) for any
t > 1, so long as at least one shared secret (i.e., S_j for some
j) is a shared secret generated from the key- establishment
methods of SP 800-56A or SP 800-56B, or an approved KEM.
This means that although Composite ML-KEM always places the shared
secret key from ML-KEM in the first slot, a Composite ML-KEM can be
FIPS certified so long as either component is FIPS certified. This
is important for several reasons. First, in the early stages of PQC
migration, composites allow for a non-FIPS certified ML-KEM
implementation to be added to a module that already has a FIPS
certified traditional component, and the resulting composite can be
FIPS certified. Second, when eventually RSA and Elliptic Curve are
no longer FIPS-allowed, the composite can retain its FIPS certified
status on the strength of the ML-KEM component. Third, while this is
outside the scope of this specification, the general composite
construction could be used to create FIPS certified algorithms that
contain a component algorithm from a different jurisdiction. Third,
a composite where both components are FIPS-certified could allow an
implementer to patch one component algorithm while awaiting re-
certification while continuing to use the overall composite in FIPS
mode.
Note that before [SP800-227] was in force, [SP.800-56Cr2] required
the shared secret key from the certified algorithm to be in the first
slot and therefore a Composite ML-KEM implementation using a FIPS-
certified traditional component and a non-FIPS certified ML-KEM is
not believed to be certifiable under [SP.800-56Cr2] alone, and
requires the ammendments made by [SP800-227].
10.2. Backwards Compatibility
The term "application backwards compatibility" is used here to mean
that existing systems as they are deployed today can interoperate
with the upgraded systems of the future. This draft explicitly does
not provide application backwards compatibility, only upgraded
systems will understand the OIDs defined in this specification.
These migration and interoperability concerns need to be thought
about in the context of various types of protocols that make use of
X.509 and PKIX with relation to key establishment and content
encryption, from online negotiated protocols such as TLS 1.3
[RFC8446] and IKEv2 [RFC7296], to non-negotiated asynchronous
Ounsworth, et al. Expires 28 September 2026 [Page 51]
Internet-Draft Composite ML-KEM March 2026
protocols such as S/MIME signed email [RFC8551], as well as myriad
other standardized and proprietary protocols and applications that
leverage CMS [RFC5652] encrypted structures.
10.3. Profiling down the number of options
One daunting aspect of this specification is the number of composite
algorithm combinations. Each option has been specified because there
is a community that has a direct application for it; typically
because the traditional component is already deployed in a change-
managed environment, or because that specific traditional component
is required for regulatory reasons.
However, this large number of combinations leads either to fracturing
of the ecosystem into non-interoperable sub-groups when different
communities choose non-overlapping subsets to support, or on the
other hand it leads to spreading development resources too thin when
trying to support all options.
This specification does not list any particular composite algorithm
as mandatory-to-implement, however organizations that operate within
specific application domains are encouraged to define profiles that
select a small number of composites appropriate for that application
domain. For applications that do not have any regulatory
requirements or legacy implementations to consider, it is RECOMMENDED
to focus implementation effort on:
id-MLKEM768-X25519-SHA3-256 (aka "X-Wing")
id-MLKEM768-ECDH-P256-SHA3-256
In applications that only allow NIST PQC Level 5, it is RECOMMENDED
to focus implementation effort on:
id-MLKEM1024-ECDH-P384-SHA3-256
10.4. Decapsulation Requires the Public Key
ML-KEM always requires the public key in order to perform various
steps of the Fujisaki-Okamoto decapsulation [FIPS.203], and for this
reason the private key encoding specified in FIPS 203 includes the
public key.
Ounsworth, et al. Expires 28 September 2026 [Page 52]
Internet-Draft Composite ML-KEM March 2026
Moreover, the KEM combiner as specified in Section 3.4 requires the
public key of the traditional component in order to achieve the
public-key binding property and ciphertext collision resistance as
described in Section 9.2. Since tradPK is not carried in the
composite private key encoding, the implementation is required to
obtain it from some out-of-band mechanism. This section discusses
several options, but is a non-normative, non-exhaustive list.
1. Derive or extract from private key. Many cryptographic modules
expose functionality to obtain an RSA or EC public key from the
corresponding private key. For applications where such
functionality does not exist, Section 10.4.1 and Section 10.4.2
provide the suggested mechanisms for extracting the public keys
from private keys for RSA and ECDH respectively. It is assumed
that this is not required for X25519 or X448 since those private
keys are seeds from which the public key can be obtained.
2. Fetch it from an external data source, for example from the
public-key certificate corresponding to this private key.
3. If the composite KEM private key is being carried within a PKCS#8
OneAsymmetricKey object, place the full composite public key
within the optional OneAsymmetricKey.publicKey field, which
allows extracting the tradPK (and re-encode as necessary for
correctly using it in the KEM Combiner).
4. Use an alternate private key encoding that explicitly carries the
tradPK.
10.4.1. Extracting RSAPublicKey from RSAPrivateKey
Assuming that the RSA component of the composite private key is
encoded as an RSAPrivateKey, as required by this specification, then,
quoting from [RFC8017] you have:
RSAPrivateKey ::= SEQUENCE {
version Version,
modulus INTEGER, -- n
publicExponent INTEGER, -- e
privateExponent INTEGER, -- d
prime1 INTEGER, -- p
prime2 INTEGER, -- q
exponent1 INTEGER, -- d mod (p-1)
exponent2 INTEGER, -- d mod (q-1)
coefficient INTEGER, -- (inverse of q) mod p
otherPrimeInfos OtherPrimeInfos OPTIONAL
}
Ounsworth, et al. Expires 28 September 2026 [Page 53]
Internet-Draft Composite ML-KEM March 2026
This can trivially be converted into an RSAPublicKey through simple
DER decoding / re-encoding since both required values are already
present.
RSAPublicKey ::= SEQUENCE {
modulus INTEGER, -- n
publicExponent INTEGER -- e
}
10.4.2. Deriving the public ECPoint from ECPrivateKey
Unlike RSA, the ECPrivateKey does not contain sufficient information
to simply extract the public key. Note that in the interest of
having a single unique encoding to foster interoperability, this
specification forbids the optional publicKey field.
That said, the EC public key can be derived from the private key in
the following way:
g = generator for the group P256r1, P384r1, etc.
s = ECPrivateKey.getS()
pubKey = ec_multiply_by_scalar(g, s)
where a recommended implementation of ec_multiply_by_scalar() can be
found in [SEC1].
Then encode pubKey as X9.62 uncompressed point.
11. References
11.1. Normative References
[FIPS.202] National Institute of Standards and Technology (NIST),
"SHA-3 Standard: Permutation-Based Hash and Extendable-
Output Functions", August 2015,
<https://nvlpubs.nist.gov/nistpubs/FIPS/
NIST.FIPS.202.pdf>.
[FIPS.203] National Institute of Standards and Technology (NIST),
"Module-Lattice-based Key-Encapsulation Mechanism
Standard", August 2024,
<https://nvlpubs.nist.gov/nistpubs/FIPS/
NIST.FIPS.203.pdf>.
Ounsworth, et al. Expires 28 September 2026 [Page 54]
Internet-Draft Composite ML-KEM March 2026
[FIPS.204] National Institute of Standards and Technology (NIST),
"Module-Lattice-Based Digital Signature Standard", August
2024, <https://nvlpubs.nist.gov/nistpubs/FIPS/
NIST.FIPS.204.pdf>.
[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
Hashing for Message Authentication", RFC 2104,
DOI 10.17487/RFC2104, February 1997,
<https://www.rfc-editor.org/info/rfc2104>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
<https://www.rfc-editor.org/info/rfc5280>.
[RFC5480] Turner, S., Brown, D., Yiu, K., Housley, R., and T. Polk,
"Elliptic Curve Cryptography Subject Public Key
Information", RFC 5480, DOI 10.17487/RFC5480, March 2009,
<https://www.rfc-editor.org/info/rfc5480>.
[RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70,
RFC 5652, DOI 10.17487/RFC5652, September 2009,
<https://www.rfc-editor.org/info/rfc5652>.
[RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
Key Derivation Function (HKDF)", RFC 5869,
DOI 10.17487/RFC5869, May 2010,
<https://www.rfc-editor.org/info/rfc5869>.
[RFC5915] Turner, S. and D. Brown, "Elliptic Curve Private Key
Structure", RFC 5915, DOI 10.17487/RFC5915, June 2010,
<https://www.rfc-editor.org/info/rfc5915>.
[RFC5958] Turner, S., "Asymmetric Key Packages", RFC 5958,
DOI 10.17487/RFC5958, August 2010,
<https://www.rfc-editor.org/info/rfc5958>.
[RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves
for Security", RFC 7748, DOI 10.17487/RFC7748, January
2016, <https://www.rfc-editor.org/info/rfc7748>.
Ounsworth, et al. Expires 28 September 2026 [Page 55]
Internet-Draft Composite ML-KEM March 2026
[RFC8017] Moriarty, K., Ed., Kaliski, B., Jonsson, J., and A. Rusch,
"PKCS #1: RSA Cryptography Specifications Version 2.2",
RFC 8017, DOI 10.17487/RFC8017, November 2016,
<https://www.rfc-editor.org/info/rfc8017>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8410] Josefsson, S. and J. Schaad, "Algorithm Identifiers for
Ed25519, Ed448, X25519, and X448 for Use in the Internet
X.509 Public Key Infrastructure", RFC 8410,
DOI 10.17487/RFC8410, August 2018,
<https://www.rfc-editor.org/info/rfc8410>.
[RFC9629] Housley, R., Gray, J., and T. Okubo, "Using Key
Encapsulation Mechanism (KEM) Algorithms in the
Cryptographic Message Syntax (CMS)", RFC 9629,
DOI 10.17487/RFC9629, August 2024,
<https://www.rfc-editor.org/info/rfc9629>.
[SEC1] Certicom Research, "SEC 1: Elliptic Curve Cryptography",
May 2009, <https://www.secg.org/sec1-v2.pdf>.
[SEC2] Certicom Research, "SEC 2: Recommended Elliptic Curve
Domain Parameters", January 2010,
<https://www.secg.org/sec2-v2.pdf>.
[SP.800-185]
National Institute of Standards and Technology (NIST),
"SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash, and
ParallelHash", December 2016,
<https://nvlpubs.nist.gov/nistpubs/SpecialPublications/
NIST.SP.800-185.pdf>.
[SP.800-56Ar3]
National Institute of Standards and Technology (NIST),
"Recommendation for Pair-Wise Key-Establishment Schemes
Using Discrete Logarithm Cryptography", April 2018,
<https://nvlpubs.nist.gov/nistpubs/SpecialPublications/
NIST.SP.800-56Ar3.pdf>.
[SP.800-56Cr2]
National Institute of Standards and Technology (NIST),
"Recommendation for Key-Derivation Methods in Key-
Establishment Schemes", August 2020,
<https://nvlpubs.nist.gov/nistpubs/SpecialPublications/
NIST.SP.800-56Cr2.pdf>.
Ounsworth, et al. Expires 28 September 2026 [Page 56]
Internet-Draft Composite ML-KEM March 2026
[SP.800-57pt1r5]
National Institute of Standards and Technology (NIST),
"Recommendation for Key Management: Part 1 – General", May
2020,
<https://nvlpubs.nist.gov/nistpubs/SpecialPublications/
NIST.SP.800-57pt1r5.pdf>.
[X.690] ITU-T, "Information technology - ASN.1 encoding Rules:
Specification of Basic Encoding Rules (BER), Canonical
Encoding Rules (CER) and Distinguished Encoding Rules
(DER)", ISO/IEC 8825-1:2015, November 2015.
11.2. Informative References
[ANSSI2024]
French Cybersecurity Agency (ANSSI), Federal Office for
Information Security (BSI), Netherlands National
Communications Security Agency (NLNCSA), and Swedish
National Communications Security Authority, Swedish Armed
Forces, "Position Paper on Quantum Key Distribution",
n.d., <https://cyber.gouv.fr/sites/default/files/document/
Quantum_Key_Distribution_Position_Paper.pdf>.
[Bindel2017]
Bindel, N., Herath, U., McKague, M., and D. Stebila,
"Transitioning to a quantum-resistant public key
infrastructure", 2017, <https://link.springer.com/
chapter/10.1007/978-3-319-59879-6_22>.
[BSI2021] Federal Office for Information Security (BSI), "Quantum-
safe cryptography - fundamentals, current developments and
recommendations", October 2021,
<https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/
Publications/Brochure/quantum-safe-cryptography.pdf>.
[ETSI.TS.103.744]
ETSI, "ETSI TS 103 744 V1.2.1 CYBER-QSC; Quantum-safe
Hybrid Key Establishment", March 2025,
<https://www.etsi.org/deliver/
etsi_ts/103700_103799/103744/01.02.01_60/
ts_103744v010201p.pdf>.
Ounsworth, et al. Expires 28 September 2026 [Page 57]
Internet-Draft Composite ML-KEM March 2026
[FIPS-140-3-IG]
National Institute of Standards and Technology (NIST),
"Implementation Guidance for FIPS 140-3 and the
Cryptographic Module Validation Program", July 2024,
<https://csrc.nist.gov/csrc/media/Projects/cryptographic-
module-validation-program/documents/fips%20140-3/
FIPS%20140-3%20IG.pdf>.
[GHP18] Giacon, F., Heuer, F., and B. Poettering, "KEM Combiners",
2018, <https://eprint.iacr.org/2018/024>.
[I-D.ietf-lamps-kyber-certificates]
Turner, S., Kampanakis, P., Massimo, J., and B.
Westerbaan, "Internet X.509 Public Key Infrastructure -
Algorithm Identifiers for the Module-Lattice-Based Key-
Encapsulation Mechanism (ML-KEM)", Work in Progress,
Internet-Draft, draft-ietf-lamps-kyber-certificates-11, 22
July 2025, <https://datatracker.ietf.org/doc/html/draft-
ietf-lamps-kyber-certificates-11>.
[I-D.sfluhrer-cfrg-ml-kem-security-considerations]
Fluhrer, S., Dang, Q., Mattsson, J. P., Milner, K., and D.
Shiu, "ML-KEM Security Considerations", Work in Progress,
Internet-Draft, draft-sfluhrer-cfrg-ml-kem-security-
considerations-04, 17 November 2025,
<https://datatracker.ietf.org/doc/html/draft-sfluhrer-
cfrg-ml-kem-security-considerations-04>.
[KWW2026] Krämer, J., Weishäupl, M., and S. Winderl, "On the Binding
Security of KEMs based on RSA and DH", 2026,
<https://eprint.iacr.org/2026/407>.
[RFC2986] Nystrom, M. and B. Kaliski, "PKCS #10: Certification
Request Syntax Specification Version 1.7", RFC 2986,
DOI 10.17487/RFC2986, November 2000,
<https://www.rfc-editor.org/info/rfc2986>.
[RFC4211] Schaad, J., "Internet X.509 Public Key Infrastructure
Certificate Request Message Format (CRMF)", RFC 4211,
DOI 10.17487/RFC4211, September 2005,
<https://www.rfc-editor.org/info/rfc4211>.
[RFC5639] Lochter, M. and J. Merkle, "Elliptic Curve Cryptography
(ECC) Brainpool Standard Curves and Curve Generation",
RFC 5639, DOI 10.17487/RFC5639, March 2010,
<https://www.rfc-editor.org/info/rfc5639>.
Ounsworth, et al. Expires 28 September 2026 [Page 58]
Internet-Draft Composite ML-KEM March 2026
[RFC5914] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor
Format", RFC 5914, DOI 10.17487/RFC5914, June 2010,
<https://www.rfc-editor.org/info/rfc5914>.
[RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic
Curve Cryptography Algorithms", RFC 6090,
DOI 10.17487/RFC6090, February 2011,
<https://www.rfc-editor.org/info/rfc6090>.
[RFC7292] Moriarty, K., Ed., Nystrom, M., Parkinson, S., Rusch, A.,
and M. Scott, "PKCS #12: Personal Information Exchange
Syntax v1.1", RFC 7292, DOI 10.17487/RFC7292, July 2014,
<https://www.rfc-editor.org/info/rfc7292>.
[RFC7296] Kaufman, C., Hoffman, P., Nir, Y., Eronen, P., and T.
Kivinen, "Internet Key Exchange Protocol Version 2
(IKEv2)", STD 79, RFC 7296, DOI 10.17487/RFC7296, October
2014, <https://www.rfc-editor.org/info/rfc7296>.
[RFC8411] Schaad, J. and R. Andrews, "IANA Registration for the
Cryptographic Algorithm Object Identifier Range",
RFC 8411, DOI 10.17487/RFC8411, August 2018,
<https://www.rfc-editor.org/info/rfc8411>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/info/rfc8446>.
[RFC8551] Schaad, J., Ramsdell, B., and S. Turner, "Secure/
Multipurpose Internet Mail Extensions (S/MIME) Version 4.0
Message Specification", RFC 8551, DOI 10.17487/RFC8551,
April 2019, <https://www.rfc-editor.org/info/rfc8551>.
[RFC9180] Barnes, R., Bhargavan, K., Lipp, B., and C. Wood, "Hybrid
Public Key Encryption", RFC 9180, DOI 10.17487/RFC9180,
February 2022, <https://www.rfc-editor.org/info/rfc9180>.
[RFC9690] Housley, R. and S. Turner, "Use of the RSA-KEM Algorithm
in the Cryptographic Message Syntax (CMS)", RFC 9690,
DOI 10.17487/RFC9690, February 2025,
<https://www.rfc-editor.org/info/rfc9690>.
[RFC9794] Driscoll, F., Parsons, M., and B. Hale, "Terminology for
Post-Quantum Traditional Hybrid Schemes", RFC 9794,
DOI 10.17487/RFC9794, June 2025,
<https://www.rfc-editor.org/info/rfc9794>.
Ounsworth, et al. Expires 28 September 2026 [Page 59]
Internet-Draft Composite ML-KEM March 2026
[RFC9810] Brockhaus, H., von Oheimb, D., Ounsworth, M., and J. Gray,
"Internet X.509 Public Key Infrastructure -- Certificate
Management Protocol (CMP)", RFC 9810,
DOI 10.17487/RFC9810, July 2025,
<https://www.rfc-editor.org/info/rfc9810>.
[SP800-131Ar2]
Barker, E., Roginksy, A., and National Institute of
Standards and Technology (NIST), "Transitioning the Use of
Cryptographic Algorithms and Key Lengths", n.d.,
<https://nvlpubs.nist.gov/nistpubs/specialpublications/
nist.sp.800-131ar2.pdf>.
[SP800-227]
Alagic, G., Barker, E., Chen, L., Moody, D., Robinson, A.,
Silberg, H., Waller, N., and National Institute of
Standards and Technology (NIST), "Recommendations for Key-
Encapsulation Mechanisms", September 2025,
<https://csrc.nist.gov/pubs/sp/800/227/final>.
[Starhunters]
Connolly, D., Ounsworth, M., Schmieg, S., and D. Stebila,
"StarHunters— Secure Hybrid Post-Quantum KEMs From IND-
CCA2 PKEs", 2026, <https://eprint.iacr.org/2026/427>.
[TestVectors]
"Test vectors for Composite-ML-KEM", n.d.,
<https://github.com/lamps-wg/draft-composite-
kem/tree/main/src>.
[X-Wing] Barbosa, M., Connolly, D., Duarte, J., Kaiser, A.,
Schwabe, P., Varner, K., and B. Westerbaan, "X-Wing The
Hybrid KEM You’ve Been Looking For", 9 January 2024,
<https://eprint.iacr.org/2024/039.pdf>.
[X9.62_2005]
"Public Key Cryptography for the Financial Services
Industry, The Elliptic Curve Digital Signature Algorithm
(ECDSA)", November 2005.
Appendix A. Maximum Key and Ciphertext Sizes
The sizes listed below are maximum values: several factors could
cause fluctuations in the size of the traditional component. For
example, this could be due to:
Ounsworth, et al. Expires 28 September 2026 [Page 60]
Internet-Draft Composite ML-KEM March 2026
* The RSA public key (n, e) allows e to vary in size between 3 and n
- 1 [RFC8017]. Note that the size table below assumes the
recommended value of e = 65537, so for RSA combinations it is in
fact not a true maximum.
* When the underlying RSA or EC value is itself DER-encoded, integer
values could occasionally be shorter than expected due to leading
zeros being dropped from the encoding.
By contrast, ML-KEM values are always fixed size, so composite values
can always be correctly de-serialized based on the size of the ML-KEM
component.
Size values marked with an asterisk (*) in the table are not fixed
but maximum possible values for the composite key or ciphertext.
Implementations MUST NOT perform strict length checking based on such
values.
Non-hybrid ML-KEM is included for reference.
Ounsworth, et al. Expires 28 September 2026 [Page 61]
Internet-Draft Composite ML-KEM March 2026
+============================+========+=========+============+====+
| Algorithm | Public | Private | Ciphertext | SS |
| | key | key | | |
+============================+========+=========+============+====+
| id-alg-ml-kem-768 | 1184 | 64 | 1088 | 32 |
+----------------------------+--------+---------+------------+----+
| id-alg-ml-kem-1024 | 1568 | 64 | 1568 | 32 |
+----------------------------+--------+---------+------------+----+
| id- | 1454* | 1258* | 1344 | 32 |
| MLKEM768-RSA2048-SHA3-256 | | | | |
+----------------------------+--------+---------+------------+----+
| id- | 1582* | 1834* | 1472 | 32 |
| MLKEM768-RSA3072-SHA3-256 | | | | |
+----------------------------+--------+---------+------------+----+
| id- | 1710* | 2415* | 1600 | 32 |
| MLKEM768-RSA4096-SHA3-256 | | | | |
+----------------------------+--------+---------+------------+----+
| id- | 1216 | 96 | 1120 | 32 |
| MLKEM768-X25519-SHA3-256 | | | | |
+----------------------------+--------+---------+------------+----+
| id-MLKEM768-ECDH- | 1249 | 115 | 1153 | 32 |
| P256-SHA3-256 | | | | |
+----------------------------+--------+---------+------------+----+
| id-MLKEM768-ECDH- | 1281 | 128 | 1185 | 32 |
| P384-SHA3-256 | | | | |
+----------------------------+--------+---------+------------+----+
| id-MLKEM768-ECDH- | 1249 | 116 | 1153 | 32 |
| brainpoolP256r1-SHA3-256 | | | | |
+----------------------------+--------+---------+------------+----+
| id- | 1966* | 1834* | 1952 | 32 |
| MLKEM1024-RSA3072-SHA3-256 | | | | |
+----------------------------+--------+---------+------------+----+
| id-MLKEM1024-ECDH- | 1665 | 128 | 1665 | 32 |
| P384-SHA3-256 | | | | |
+----------------------------+--------+---------+------------+----+
| id-MLKEM1024-ECDH- | 1665 | 132 | 1665 | 32 |
| brainpoolP384r1-SHA3-256 | | | | |
+----------------------------+--------+---------+------------+----+
| id-MLKEM1024-X448-SHA3-256 | 1624 | 120 | 1624 | 32 |
+----------------------------+--------+---------+------------+----+
| id-MLKEM1024-ECDH- | 1701 | 146 | 1701 | 32 |
| P521-SHA3-256 | | | | |
+----------------------------+--------+---------+------------+----+
Table 3: Maximum size values of composite ML-KEM
Ounsworth, et al. Expires 28 September 2026 [Page 62]
Internet-Draft Composite ML-KEM March 2026
Appendix B. Component Algorithm Reference
This section provides references to the full specification of the
algorithms used in the composite constructions.
+================+========================+===================+
| Component KEM | OID | Specification |
| Algorithm ID | | |
+================+========================+===================+
| id-ML-KEM-768 | 2.16.840.1.101.3.4.4.2 | [FIPS.203] |
+----------------+------------------------+-------------------+
| id-ML-KEM-1024 | 2.16.840.1.101.3.4.4.3 | [FIPS.203] |
+----------------+------------------------+-------------------+
| id-X25519 | 1.3.101.110 | [RFC7748], |
| | | [RFC8410] |
+----------------+------------------------+-------------------+
| id-X448 | 1.3.101.111 | [RFC7748], |
| | | [RFC8410] |
+----------------+------------------------+-------------------+
| id-ecDH | 1.3.132.1.12 | [RFC5480], |
| | | [RFC5915], [SEC1] |
+----------------+------------------------+-------------------+
| id-RSAES-OAEP | 1.2.840.113549.1.1.7 | [RFC8017] |
+----------------+------------------------+-------------------+
Table 4: Component Encryption Algorithms used in Composite
Constructions
+==================+=======================+===================+
| Elliptic CurveID | OID | Specification |
+==================+=======================+===================+
| secp256r1 | 1.2.840.10045.3.1.7 | [RFC6090], [SEC2] |
+------------------+-----------------------+-------------------+
| secp384r1 | 1.3.132.0.34 | [RFC6090], [SEC2] |
+------------------+-----------------------+-------------------+
| secp521r1 | 1.3.132.0.35 | [RFC6090], [SEC2] |
+------------------+-----------------------+-------------------+
| brainpoolP256r1 | 1.3.36.3.3.2.8.1.1.7 | [RFC5639] |
+------------------+-----------------------+-------------------+
| brainpoolP384r1 | 1.3.36.3.3.2.8.1.1.11 | [RFC5639] |
+------------------+-----------------------+-------------------+
Table 5: Elliptic Curves used in Composite Constructions
Ounsworth, et al. Expires 28 September 2026 [Page 63]
Internet-Draft Composite ML-KEM March 2026
+=============+========================+===============+
| HashID | OID | Specification |
+=============+========================+===============+
| id-sha3-256 | 2.16.840.1.101.3.4.2.8 | [FIPS.202] |
+-------------+------------------------+---------------+
Table 6: Hash algorithms used in Composite Constructions
Appendix C. Fixed Component Algorithm Identifiers
Many cryptographic libraries are X.509-focused and do not expose
interfaces to instantiate a public key from raw bytes, but only from
a SubjectPublicKeyInfo structure as you would find in an X.509
certificate, therefore implementing Composite ML-KEM in those
libraries requires reconstructing the SPKI for each component
algorithm. In order to aid implementers and reduce interoperability
issues, this section lists out the full public key for each component
algorithm.
*ML-KEM-768*
ASN.1:
algorithm AlgorithmIdentifier ::= {
algorithm id-alg-ml-kem-768 -- (2.16.840.1.101.3.4.4.2)
}
DER:
30 0B 06 07 60 86 48 01 65 03 04 04 02
*ML-KEM-1024*
ASN.1:
ASN.1:
algorithm AlgorithmIdentifier ::= {
algorithm id-alg-ml-kem-1024 -- (2.16.840.1.101.3.4.4.3)
}
DER:
30 0B 06 07 60 86 48 01 65 03 04 04 03
*RSA-OAEP - all sizes*
Ounsworth, et al. Expires 28 September 2026 [Page 64]
Internet-Draft Composite ML-KEM March 2026
ASN.1:
algorithm AlgorithmIdentifier ::= {
algorithm id-RSAES-OAEP, -- (1.2.840.113549.1.1.7)
parameters RSAES-OAEP-params {
hashFunc [0] id-sha256, -- (2.16.840.1.101.3.4.2.1)
maskGenFunc [1] mgf1SHA256Identifier,
pSourceFunc [2] pSpecifiedEmpty }
}
where
mgf1SHA256Identifier AlgorithmIdentifier ::= {
algorithm id-mgf1, -- (1.2.840.113549.1.1.8)
parameters sha256Identifier }
sha256Identifier AlgorithmIdentifier ::= { id-sha256, NULL }
DER:
30 4D 06 09 2A 86 48 86 F7 0D 01 01 07 30 40 A0 0F 30 0D 06 09 60 86
48 01 65 03 04 02 01 05 00 A1 1C 30 1A 06 09 2A 86 48 86 F7 0D 01 01
08 30 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 A2 0F 30 0D 06 09 2A
86 48 86 F7 0D 01 01 09 04 00
*ECDH NIST-P-256*
ASN.1:
algorithm AlgorithmIdentifier ::= {
algorithm id-ecPublicKey -- (1.2.840.10045.2.1)
parameters ANY ::= {
AlgorithmIdentifier ::= {
algorithm secp256r1 -- (1.2.840.10045.3.1.7)
}
}
}
DER:
30 13 06 07 2A 86 48 CE 3D 02 01 06 08 2A 86 48 CE 3D 03 01 07
*ECDH NIST-P-384*
Ounsworth, et al. Expires 28 September 2026 [Page 65]
Internet-Draft Composite ML-KEM March 2026
ASN.1:
algorithm AlgorithmIdentifier ::= {
algorithm id-ecPublicKey -- (1.2.840.10045.2.1)
parameters ANY ::= {
AlgorithmIdentifier ::= {
algorithm secp384r1 -- (1.3.132.0.34)
}
}
}
DER:
30 10 06 07 2A 86 48 CE 3D 02 01 06 05 2B 81 04 00 22
*ECDH NIST-P-521*
ASN.1:
algorithm AlgorithmIdentifier ::= {
algorithm id-ecPublicKey -- (1.2.840.10045.2.1)
parameters ANY ::= {
AlgorithmIdentifier ::= {
algorithm secp521r1 -- (1.3.132.0.35)
}
}
}
DER:
30 10 06 07 2A 86 48 CE 3D 02 01 06 05 2B 81 04 00 23
*ECDH Brainpool-256*
ASN.1:
algorithm AlgorithmIdentifier ::= {
algorithm id-ecPublicKey -- (1.2.840.10045.2.1)
parameters ANY ::= {
AlgorithmIdentifier ::= {
algorithm brainpoolP256r1 -- (1.3.36.3.3.2.8.1.1.7)
}
}
}
DER:
30 14 06 07 2A 86 48 CE 3D 02 01 06 09 2B 24 03 03 02 08 01 01 07
*ECDH Brainpool-384*
Ounsworth, et al. Expires 28 September 2026 [Page 66]
Internet-Draft Composite ML-KEM March 2026
ASN.1:
algorithm AlgorithmIdentifier ::= {
algorithm id-ecPublicKey -- (1.2.840.10045.2.1)
parameters ANY ::= {
AlgorithmIdentifier ::= {
algorithm brainpoolP384r1 -- (1.3.36.3.3.2.8.1.1.11)
}
}
}
DER:
30 14 06 07 2A 86 48 CE 3D 02 01 06 09 2B 24 03 03 02 08 01 01 0B
*X25519*
ASN.1:
algorithm AlgorithmIdentifier ::= {
algorithm id-X25519 -- (1.3.101.110)
}
DER:
30 05 06 03 2B 65 6E
*X448*
ASN.1:
algorithm AlgorithmIdentifier ::= {
algorithm id-X448 -- (1.3.101.111)
}
DER:
30 05 06 03 2B 65 6F
Appendix D. Comparison with other Hybrid KEMs
D.1. X-Wing
This specification borrows extensively from the analysis and KEM
combiner construction presented in [X-Wing]. In particular, X-Wing
and id-MLKEM768-X25519-SHA3-256 are largely interchangeable. The one
difference is that X-Wing uses a combined KeyGen function to generate
the two component private keys from the same seed, which gives some
additional binding properties. In order to allow for re-use of
existing hardeneded certified cryptographic modules (for example,
getting the RSA component from an existing smartcard), this
specification keeps the key generation for both components separate
and only loosely-specified so that implementers are free to use an
existing certified hardware or software module for one or both
Ounsworth, et al. Expires 28 September 2026 [Page 67]
Internet-Draft Composite ML-KEM March 2026
components.
D.2. ETSI CatKDF
[ETSI.TS.103.744] section 8.2.3 defines CatKDF as:
1) Form secret = psk || k1 || k2.
2) Set context = f(info, MA, MB), where f is a context formatting
function.
3) key_material = KDF(secret, label, context, length).
4) Return key_material.
MA shall contain all of the public keys.
MB shall contain all of the corresponding public keys and ciphertexts.
The main difference between the Composite ML-KEM combiner and the
ETSI CatKDF combiner is that CatKDF makes the more conservative
choice to bind the public keys and ciphertexts of both components,
while Composite ML-KEM follows the analysis presented in [X-Wing]
that while preserving the security properties of the traditional
component requires binding the public key and ciphertext of the
traditional component, it is not necessary to do so for ML-KEM thanks
to the rejection sampling step of the Fujisaki-Okamoto transform.
Additionally, ETSI CatKDF can be instantiated with either HMAC
[RFC2104], KMAC [SP.800-185] or HKDF [RFC5869] as KDF. Since this
specification uses SHA3-256 as the KDF for all variants, there is no
equivalent construction of CatKDF.
Appendix E. Examples of KEM Combiner Intermediate Values
This section provides examples of constructing the input for the KEM
Combiner, showing all intermediate values. This is intended to be
useful for debugging purposes. See Section 3.4 for additional
information.
Each input component is shown. Note that values are shown hex-
encoded for display purposes only, they are actually raw binary
values.
* mlkemSS is the shared secret produced by the ML-KEM encapsulate or
decapsulate function which is always 32 bytes.
* tradSS is the shared secret produce by the traditional algorithm.
* tradCT is either an elliptic curve public key or an RSA-OAEP
ciphertext depending on the algorithm chosen.
Ounsworth, et al. Expires 28 September 2026 [Page 68]
Internet-Draft Composite ML-KEM March 2026
* tradPK is the public key of the traditional component (elliptic
curve or RSA) and therefore fixed-length.
* Label is the specific KEM Combiner Label for this composite
algorithm. See Section 6
Next, the Combined KDF Input is given, which is simply the
concatenation of the above values.
Finally, the KDF Function and the ss Output are shown as outputs.
The ss is the Composite ML-KEM shared-secret generated by applying
the KDF to the Combined KDF Input.
Examples are given for each recommended Composite ML-KEM algorithm
from Section 10.3.
Example 1:
Ounsworth, et al. Expires 28 September 2026 [Page 69]
Internet-Draft Composite ML-KEM March 2026
Example of id-MLKEM768-ECDH-P256-SHA3-256 Combiner function output.
# Inputs
mlkemSS:
ca48920ded22e063f98a79a4091508678b7042cab63f78c571ff392e82612d43
tradSS:
ef1c92443aaf987000e3470d34332b4c53ff0cdd4554b6bf377bf7bdb677d3d0
tradCT: 041d155f6d3078d7e2cd4f9f758947029795dd9ab6d6e92d81d1917127
0cdefcd4abb682edbb22faf961ce75fc688109931bfa24468f646b97eca4d57d5f5
e7610
tradPK: 04ba2bfbf7b91182eb1fad54a2940c8b1dfd53de55fa3c02d199a3159f
f73d38d29aa94f32e3e82bcc99b165320297149455997d7c3ea5ac97cd987d3e803
96a3e
Label: 4d4c4b454d3736382d50323536
(ascii: "MLKEM768-P256")
# Combined KDF Input:
# mlkemSS || tradSS || tradCT || tradPK || Label
Combined KDF Input: ca48920ded22e063f98a79a4091508678b7042cab63f78c
571ff392e82612d43ef1c92443aaf987000e3470d34332b4c53ff0cdd4554b6bf37
7bf7bdb677d3d0041d155f6d3078d7e2cd4f9f758947029795dd9ab6d6e92d81d19
171270cdefcd4abb682edbb22faf961ce75fc688109931bfa24468f646b97eca4d5
7d5f5e761004ba2bfbf7b91182eb1fad54a2940c8b1dfd53de55fa3c02d199a3159
ff73d38d29aa94f32e3e82bcc99b165320297149455997d7c3ea5ac97cd987d3e80
396a3e4d4c4b454d3736382d50323536
# Outputs
# ss = SHA3-256(Combined KDF Input)
ss:
d6c69aa6e986b620a2777d8cf1fb6be1b2255d6efae0566deb34c882b38846ee
Example 2:
Ounsworth, et al. Expires 28 September 2026 [Page 70]
Internet-Draft Composite ML-KEM March 2026
Example of id-MLKEM768-X25519-SHA3-256 Combiner function output.
# Inputs
mlkemSS:
461b74b074818906edcd2fd976008caca5247f496670ae86e34abe35e62a7ae1
tradSS:
4c62bd6d6f76294f3c14d7e79dbf56e4bf82cb1fb803accfaf2a59c1663a8843
tradCT:
0ec7210a4aa22bb75af9243f95a6ccf857e872efbe5e77e8e917b56178fa473f
tradPK:
1e9d4f72d56cef589864e102c6d6fa86cd3ac5163839556f7555ad083f37b03b
Label: 5c2e2f2f5e5c
(ascii: "\.//^\")
# Combined KDF Input:
# mlkemSS || tradSS || tradCT || tradPK || Label
Combined KDF Input: 461b74b074818906edcd2fd976008caca5247f496670ae8
6e34abe35e62a7ae14c62bd6d6f76294f3c14d7e79dbf56e4bf82cb1fb803accfaf
2a59c1663a88430ec7210a4aa22bb75af9243f95a6ccf857e872efbe5e77e8e917b
56178fa473f1e9d4f72d56cef589864e102c6d6fa86cd3ac5163839556f7555ad08
3f37b03b5c2e2f2f5e5c
# Outputs
# ss = SHA3-256(Combined KDF Input)
ss:
21ee673fdeac21dd78ef13bc8432a50c0ac31893cbe97d14c0e82f5fe4a28d98
Example 3:
Ounsworth, et al. Expires 28 September 2026 [Page 71]
Internet-Draft Composite ML-KEM March 2026
Example of id-MLKEM1024-ECDH-P384-SHA3-256 Combiner function output.
# Inputs
mlkemSS:
c0f87f0c53fa8e2ba192a494694d37d1e3cf99c65e0dc5f69b2cc044b3fb205d
tradSS: 4d52b7ef430382f479603207c0b8f7aa5bc35d8758835007e39a2642ad
65e635d674db7a5513889657fb24e4e228a098
tradCT: 0401a5b81dcb51290a0eb142b9032d5a37503164b7a20ac0e3b52dc54f
9b0b7c9fdd2699a59563a0b9ad0e54478846faeab72b92275e1fbb8b963bcc6e80e
30c089fbe4ed8d47ec76951db94aede46e679d5692eeb1d1b150d5b2e6660dc67c4
69
tradPK: 0468cc4acc5dd85edbcbf25bae7ee7dcacec2968ea7ee57fc91311cb9c
47d4a24c3854e5ce3e5d0b309fda493224520f2870496eb16571108b3deafd72c1d
f17edc302fbb8b60bae44d93177e6df5278e4667a090a2d59a2076f41d693975e8d
19
Label: 4d4c4b454d313032342d50333834
(ascii: "MLKEM1024-P384")
# Combined KDF Input:
# mlkemSS || tradSS || tradCT || tradPK || Label
Combined KDF Input: c0f87f0c53fa8e2ba192a494694d37d1e3cf99c65e0dc5f
69b2cc044b3fb205d4d52b7ef430382f479603207c0b8f7aa5bc35d8758835007e3
9a2642ad65e635d674db7a5513889657fb24e4e228a0980401a5b81dcb51290a0eb
142b9032d5a37503164b7a20ac0e3b52dc54f9b0b7c9fdd2699a59563a0b9ad0e54
478846faeab72b92275e1fbb8b963bcc6e80e30c089fbe4ed8d47ec76951db94aed
e46e679d5692eeb1d1b150d5b2e6660dc67c4690468cc4acc5dd85edbcbf25bae7e
e7dcacec2968ea7ee57fc91311cb9c47d4a24c3854e5ce3e5d0b309fda493224520
f2870496eb16571108b3deafd72c1df17edc302fbb8b60bae44d93177e6df5278e4
667a090a2d59a2076f41d693975e8d194d4c4b454d313032342d50333834
# Outputs
# ss = SHA3-256(Combined KDF Input)
ss:
eb60f6c80a309ad4158d7b02f2cf8c947faead96ebbd85c3f62a94868ffddca4
Appendix F. Test Vectors
The following test vectors are provided in a format similar to the
NIST ACVP Known-Answer-Tests (KATs).
Ounsworth, et al. Expires 28 September 2026 [Page 72]
Internet-Draft Composite ML-KEM March 2026
The structure is that a global cacert is provided which is used to
sign each KEM certificate.
Within each test case there are the following values:
* tcId the name of the algorithm.
* ek the encapsulation public key.
* x5c the X.509 certificate of the encapsulation key, signed by the
cacert.
* dk the raw decapsulation private key.
* dk_pkcs8 the decapsulation private key in a PKCS#8 object.
* c the ciphertext.
* k the derived shared secret key.
Implementers should be able to perform the following tests using the
test vectors below:
1. Load the public key ek or certificate x5c and perform an
encapsulation for it (you should obtain valid ct and k values,
but they will not match the ones in the test vector since Encap()
is randomized.)
2. Load the decapsulation private key dk or dk_pkcs8 and the
ciphertext c and perform a Decaps() operation to ensure that the
same shared secret key k is derived.
Test vectors are provided for each underlying ML-KEM algorithm in
isolation for the purposes of debugging.
Due to the length of the test vectors, some readers will prefer to
retrieve the non-word-wrapped copy from GitHub [TestVectors]. The
reference implementation written in python that generated them is
also available.
{
"cacert": "MIIVpzCCCKSgAwIBAgIUPGsGMD62FcFQ7UWtEng5AYgngTkwCwYJYIZIA
WUDBAMSMD0xDTALBgNVBAoMBElFVEYxDjAMBgNVBAsMBUxBTVBTMRwwGgYDVQQDDBNDb
21wb3NpdGUgTUwtS0VNIENBMB4XDTI2MDExNDEyMTUzNloXDTM2MDExNTEyMTUzNlowP
TENMAsGA1UECgwESUVURjEOMAwGA1UECwwFTEFNUFMxHDAaBgNVBAMME0NvbXBvc2l0Z
SBNTC1LRU0gQ0EwggeyMAsGCWCGSAFlAwQDEgOCB6EABoBhTR3o2qD4gk8GmzyvPQord
rVrFGg8Ri4zNm+vD17WNb5hKwAGMdJy9a7Zehf/mQnbRDHRNSi4xdiyhYKepsLEubVN9
5eMpHRGdIOJie7QbQ7NM6xGq714j+D7UpKpHTeFWNeNwNvQoPpiAKXHrJutAHKD9f/G4
Ounsworth, et al. Expires 28 September 2026 [Page 73]
Internet-Draft Composite ML-KEM March 2026
9wMe4x6Yn5+aRAQrKU1MIOnR12J2ahSmzVmhvfnrtOSpIrKVoVzPacOXdAhvTb5BbP0B
1EtIzQ/lxH1TQKy6QlbonZ8k7gwa4jgeLlzrGnAKoFIUP7TSPWAHcShIXJHDe2vAR9ej
OCWYS64K5WsNdTGvfM7e9TyxFLE6U4oQdX3ydsK+ki7desOr2XcdCnc61oiGtUiiKbe/
r4kturOaPlxkF5WoM02S+VOJmLlaJXHsb+9lszWzE+wWX5BdhH44iBnNv/Dz3VQCT0dB
boTEd8Jqbkp7mww/CaVKw5ADvzD6bGj3zF/6m/9lBXlyGIICJpfCwlskDEzvB0OPnRM6
E3Fj/T06Lvc+6O+4lEAiPlBpMRHlnvGqQLNldXlbVfK2IrnOMYmme2kE47n5vHT7fzjy
/La79fg6+56aEV6+gUZKQxEZ9885BOoZ6rYMZoGMcIUPvWntVHxwtmB3q1hn3WWT7SuP
SHku7fHRmWIlYx6ymf3yoco5v6DwxA4IJzZ3Ty7hJxeWma92AE+DgTk7y4cy1g/t+hXy
tLYFhPcckm3+BXuSkUgSmGcYisfEV/AAHvFmbueesjNq0cPT21qz853Wr6wTKXbIa1YD
MngKf0Z1OOGog/d4KBgwD2ZpLeepsrEEm1uP6MR/tf/F8xIaPSbOKRX8ZnaYlLA/dbh/
FZ8SKT4pJAfqGDd+7ufpgtxAFeeBG30D8dFclQZsTjKO3X+j6CnKdMA4HFKNsoP7TDvG
P1UgNtWYEKIwi8AYo4lciujjtML5+8dV6t83s16EN3ejfiHZiyw0h38k9wJnafze4xye
UABujqWOMLQitHWyXi1OP6hEjRxMadZaChYbfIAEVtSDseke9q7nDK808y36/PpooBxm
2vbjEhib4j9XzXmXIQIqlL/Vh28WFcTNBbYNY5J7Ig8L1uQCxqUfTgIqo2dgmolblqnF
UMYd3dAJIExzNMI7M+O+bpt60rstJb6o8kBmX/P3kQhOjueP+m21PhywZLPMFjhnVUJf
eOF3/QFf1OdWU3i9ewajf6ezDdM01XL/ZsWp43qhngqHt2rJPQSIRwW+ZAKzXL6/f2Jy
RVH5nM0pB0fXjovC6aiX0vNiCuYBba/cPAAa0ZzF/ihYOLqr0QctY8eaA8L5lhZL8OTf
ZUsxYWpWsY3k9v+d3xkTkKdO3LWgG4AeEGAK3hU1K+wDukWcQYxu9O/8bpG/TYbN1ltp
q/9xVBEViKt57W6Fke0YeAO5o1E0V4OjqA0sioT643l3txTc/t4/hxI/HFDgSOM7rC4t
/XVeUKGCKSWetSroWRvC8riTKVr/utz7/5TGDH/rLYoNkq92bwLu8AkC+XV55lQ7g7IG
GUXd1CE8hh+ctNnjH8TFVTGp+/SoC5DIV2OMiLYgH810HGVALXB4D031YFo1+y2oPcCk
VJwFjDoAGW8Q2da66b/j9wP76KENsiL0OX+q/MCeOsBnAe3apDUu1mlcztwjF/KcbdI8
hwcjs7GfRE1WmfUOuk66E2sy2he3I97TKevWW/F9XJQ4FslXVUfMWnJFHa8/UOWr04Yo
eFFW8He/Vmbz5METAq5KFTwEyA7p2BEth+6fGd1FA8qM46+kV532AHVzwVgc/gvT7mCH
ZEEqja0neth/kC2mnW8/cXyHbVMoS9Ydw9pNj7t6lUrihqcPSQmy+MWxb/y4yaop5lh9
svfEem1HM3GvmeGiefoqZAtGaXrbFQWHPzR3Nv0i0i+RSTkGOihDl3g3cfi1DEcYn8+V
rFPmesn9nQfmWcMkNA67vRQh7R8Gxu3WDWNj6GCyxFYPfgYtUCdHQn2rt3HveCr3TMlX
r10aVywBfrnDNw7dsZv75oGNH6GxtKYJ3AfUgBZ1jxotmrQ/LRQYT1BlEi3Y1vstQ3l9
f5G2zf0ziG7U+CbSpKS3hQfRKviHUPK8n3OocXeun3cURfGHrCouoxV3QThq3Y2wusqo
6L6q5HMac2aizIbxUq9LfPeKV51sCcPKo1F7hCQR6VchuSRF0bGes7OPym1LrXj5WdYp
mfmhNxXYOysGHXlWsm57LXjgFsbFPag2n7vlBZXwW6BBYwhOl7trNJ7y71ttLl+zfz9g
fgP8eV2v8BXggU96+jCX9X/CYpyAPYq/GeqMHC1Okc1Oh2JdthLnmYr95Y2V3dTJ2/3r
Cg1cFqP/w0Zmh7jOew/4ONntL7bXsnpbuWF9iB+4R8kWt9LBh+DF4Tbs64YLiA9rq6ut
kizrnHnfgCi1Hmo0OloCuOP01Az/CsQeD9X2h0pilMqeujGWNN/Ve12qrxoxdqYfkah6
nRTmZCOCMIYa1b9VAMIhopYTLYiXMXX/0Itd01GZch+uwhsQ8OMxCJg/+BcxBMphaDp6
4YD5d3tRtjFBuUOTTb8d/wLiKedWuI7Irv/O3WSYAadnf2NPtPnp8YILld5k1ajJjAkM
A4GA1UdDwEB/wQEAwICBDASBgNVHRMBAf8ECDAGAQH/AgECMAsGCWCGSAFlAwQDEgOCD
O4AhyLGuKeJFtY6afgDfWDxoujpRF509Hs9u506w0HpVe//I1btbkks9sWhZZ2WExSGb
aVAI6gFN82ZPAQMtFcHxR5J98VoaZCg+CHM+AMGUJXM+f3OraVK9VG2VLhiuPfk4quAy
FpJSLH+Wzm4eSumkgNZsJ0fAr4ajpe6QxVkHv3/grvUH2q7jcaOUmY8m+p0nPN7CyZXF
ZO6MnF53O7vi/RyrciYt2rLLGcs3phgKqusrc8T9PYLBG6mNwmOYzibAeuLbB7+sCCaM
3993vvskEwVqmmpyCst0uFK7i1mq5F2ojbtqMYTByeBlxR4n2VW+728Tkc5RczwIwSEh
Vahsm3QDOM38Np0dxN7GdPhg3QJKWjybbCrEjhq6n71xOkizbvMbed1L8ObFhAxIoVzZ
mHDWd7pDfuCnn35QXa8PrVPM371mZQ+wDdf880ZMvjI/mzPWEVls3r4ocTkWVD+x2ugd
qtcc/cxMShYuofutuuY/qYbVg/G8nHP8/eclZR0YRJY0oNq/2QWLmgzuUvL9L2z1F4NO
ipaQlqkN/WW8+34S3Xm0Q0m8MYmcArUUcIxKW7CfhgjaTiPaQ/n5wlfDOzpUNv5tR7Ys
2xo+IbKpJ6ETWFATSgRpQnrMGtGD7FCez1U9x4d+E7+Jow+m5YPED+kGEsBvtNtAnyhO
FLE88lFacfaYcoT2tABI7Jxwwk8POkNGfMtozriZezzVqtUtJofQX9AtfD2IfJ/Nqsu8
Ounsworth, et al. Expires 28 September 2026 [Page 74]
Internet-Draft Composite ML-KEM March 2026
L1bHkpl38pWxo3CfwVQWx7vAeXjCK5cOSe5EXOUZd6HeN4I+m/lrla1rp2OiqZIoiVHV
Dn1CTXAsI5giAkMD7MZ8+bWbm6UIoCJPEZkWUMEIdR44/qPPhUvLkWkSc5pVDnd/kaa6
W6SeiU+vO6U21bLxH9RgKj6yxDjQ62LG5nf3NAAVKtK21FvY9D5Oh15s9cfBZzlHUeVd
DcMNBHybfutzovtppkNK+2zTybUlsvzVYjwO7Fk7sBlfZfa0+79Q6EcFRDUNpT9d0N4O
dUXNzHcsATHOBgYkqKYVZC5hXyMMB04A7AbjpD6OYBVUfMR3421Mfc4Y0oSfRbE2PD2u
hqgKG+sCKwLwZAeCBA+F/YSsNF0MKlNPhrY1SMh1MJnvZN6SzSs6Qvl4nw5SDONpiCsx
u8Cw2FCmI5uslRvZY6Lx9vvkDDf5VshCzNHlrr8xpAY+ASOL0u8btYJxxiCycpr4rYoR
BprBBPF/Gjw9FHc3gbtwLDTLhbC75y6S6XT/KFJTvKtEgSZXFdDTH7Q9dbkAkPq4HgsH
Tsrzn+iHbBBLWnjUlnCJyd1JHLHXFOlH3ngT3Nfvql8i8wkolv5i2xM3jr0PLLeBSX3O
eUtHjiTwO1NNeU377Ig4ertMJBTAkE1YbicDb7PcXvs/f0Sr1/xmrJBsURyJKHPZ+4kH
0HfaPJPypw4fT0CxUMyrOW/hFjEsnI5QAFtlWIBTMc+1EQlOqKFN5J194Xjd/Qj9X540
NkK6Cbjc3IZ/nGthCrOmqnaUxcrYRuyW4zXZcCOSOX6Y2Ru5COVAP7chSae24J44rgAV
wYaQHE7X2tRVOtrADMDZjw9S8UjS4RFGhcUVXkS6+/Fu8Vp6oR5tO//MB41WcmpD5fWF
LP5NSx9EBA3icI1ws366MBtGj1mWWKGvQ74rvaF8vJg3LxfEsA3VqgKScm7X1c2qOUnO
DIlD/OS8Pd+1yjo0RFHObwpmIZ5I6XAJKhwaCnH0VaA+dxZGso32eYEif8O6rtRb4TfR
KZ5MXop2CjbvlsxRa5AFrGU8rraOdCxYJvoEHtiSicTOzMtX3mIMed67JadOhEEHm+Vp
K/5X/qSX8rWXahNnhsfSXa5NVlyad2knNzO3YecgFF01d25/q/OxERf80EzIq4QqqdTI
4UC8fzh0X/FI7Bo6/SB2MbW4ZeZlModLwbnRvRnHMEXUXh488J/wi+6Ld+GTfTdcwJK9
ggVB5Sh3LjtOsA9WXkQcp4ILbkTH0T9Jnou8ZzLFOYutFH40icfrCjpUtT5sXvCx3koJ
XuR+ZNlmLVK/ksoZkC0rlnQ1OeCGJeCqVa5aT5qGCORX7M4oNpLaU9R5cUUAamTXCcuw
kceEai5+K2Qy7+uEJgXcfPPvj3iu9a8Jl0EWdRq2DH5nvlYZuAlkzQBEaoVi3dev7kJx
r2N7kwP9ByO6zQnj1edQeMCSnVmTgc7O4w9hQBKkvnEDbJ4N6ZqNLlG0immP1VrLwZYg
fL6Nm9MfIjCM1ayFwU1b9ttxl0SvCRD57mJ+X004okJSL18JJ8owsB0FnvTVjygm8qkE
LPq9Ug3pJrn4HZIr0+nP6ljyifG9zXYK11slORYe1HWHH0iXKjbbsZtOxpdlvSeaTFSf
z8jaa2bgnRxEqq510HzhbUM9brvzA2PpJzPCeUeRZWYR1UVAmigOAO9uw7UEPZe1JLYA
Myf9UBANPXBYi4nFjoqBZLOdE/L6w9pwaoy+w2AcnBEhu4MR++316BWfTdMp+Pxwzvw4
WmTghOi0M8GRsB592BeGiJbch7NH7oQGD8uNTJNOlYBOF0rHTi+70jsSPah0QIG8TYAA
bv0KSunZdBaTCShYA7d1OLVSc/t5OQ9+MQfJhx/mI8dIqqaMzGsl878pEdYUSGsPuE/+
7LvT2+oTH0DKRbNkq9ghVBfL6QlP63VdZVLu+KO+fj9UZox02+1a6kKSdQtbeF0Ebw3v
s08yEJ6UZ8CrUUNdFPOh3kpM83z8eeCkXU9xOYOhheSQG9L7PHnrbwgRQLNLP7tSy52b
1TKiOiNUH4gvkuyTnL7a1bDeZGI1ZIL1FPb/85bKG1uQ8uZ4f7glQjZ6X5HOV9hXR09P
Gkuwa2iHCFziXHF/g18QxKL5ADOYASVP1Bq4gS42nEoTMepc0Pql+mJUPF2vPNEcSSmo
wDAauSlwzD+e+Z0saFu8atM6QoZmpoiJxrjJUXaUx1J8n+xqhO4hOyzEFRtjYXr578nI
Bt95n+LqWVPBwWugut1/HaZ7zeuNHqlS7cOoutWTBNKc4W+kdB/jXBbBY4ENo773YNzc
MGaSUuVsz+sgeHOjLWpjxK2PyftjY6+LU1PTRrSeMhIa9du2nTD3kdTVXa1xGiSvwrTk
074yG4+k1xpG/oXloaqOV8w/h6srR9UD2iOM8d2FN7RTtD+Au+TqAGoKmtOfabobVwZR
AUpslypRPs+vunCvqmImHM9a+VW1hGzhQKx2LwCVfbBU+vJEzQIshWItHv1RcQUXEZxs
qZgDN1MXFk0KmowXIk7kVc+nTutvNugjHHWe552jLkM/F0JSCuiYl10lGV/jvCCcWRqQ
0TZ2wLxteDlayWpvAsUwONBeBH0IavwXGzq5a7QSzeANvO4SF7ZCIv4ts7l92nyPbs7W
hVb5RSfZRY8TBmaEj7S1u7fGJnzS21y03qEO3fvkdXxRd3HL08Vv6fVvO6dcJEczjsaG
XF98bS32eHBiyJBFxGjsNLCIsgdeL5Q7EU2AtuD6BDJ/fFINUOfk3AqXRNZj/4ymRb6N
LhSTjBsXe+BMdNRL3X6FIb5VYyEAAXi8R7xkhj9qNj46NeFNoqM58+fn6Oae1nkrokEZ
lwvdP4SHBuk1ODwiOF9fQ9DZbOqrrsVRSgeghAOQFxoruztO+ToeJRGiUC9zpDvppd8u
KDSbxQjjUxwLGPaDpFBELbr4zaGydLllzL8fIzjkMum4OZ0P1pWeuJqPH+LhBV7SB1VS
ieUd/h3bYOwjBN6uAWZ09YYSfevD1BH2uc6Z83niUnKpyLFgG23Z94uzZSlmpNHQHkPo
XDRn7wHGYtWRvmuiBRQdv0S7g9n2Za1a/hn6g/YQmS/A7duO18TtHTTojfNR3XwxL+0s
qQkdDW8Z5RYAMoTllsd1QzpWV2axu+DzU6OTtfDNFjlo3YSWnORksn0l+AYnZ5dKJaHL
wYahWahLfT6KCJEUwiDd+/ig2lyPCdp35x+5TBMRX+C00f4bg1+G1ClphxXH9gk+j5FR
Ounsworth, et al. Expires 28 September 2026 [Page 75]
Internet-Draft Composite ML-KEM March 2026
eLqyB90lIiB6sPnVOYaLIkxyZTanmiIcvtIbnuThggTfKKy7Gkke/YXaLhaJEqsVVvo2
fca1vuveX+VHSpVvqi1sMXbrXPoM5zEZYpyNRsevI/PyGb7c7aKIdoffBvdie3bPQGNd
ddnxngy2jh+GslTO+H+R+R4JhPoESPOJZExqXT5mXOvZChhPm5TiNDvJ+Tol+hzGk34C
iZje1ngjECik9ocDKRz31p2LI5vER6kqhSEzy18sw48TULCtsxBzNVmuBinox7K5x2IY
DxzxoL+A7Q8q95W7CSWr6PliQLTWTknNKaoGbN8PD2jG9nPDFIVIp8PK2rI7O8QHtnc+
iQpZ2+RshU7mZuirL3zBB8rTGOAhd4AAAAAAAAAAAAAAAAAAAAAAAAAAwkOFBwk",
"tests": [
{
"tcId": "id-alg-ml-kem-768",
"ek": "KleSlWbAKsifZ3i7TeAh2ZOoL2yOtMIbKRqTAYYf/Eux4pAHLmkuArQNhky+W
3aSo1CKECK9qEbJi6WexjugwRgZHOQEaGoyQLxGZ7gmWrAPGel/jMeqBMF4VSwEsVx1O
qgEhtFPg4isOZzCN8RswqiTqgwmNTCdkhWILSacIrxye7iskBhu7SUqijalTgrGI6Jdt
3aX98y9uqNaBnsJzPHK84YTW1pPyXWjoNUHy7yNnlQRtrVEXYd+lkBZ2IB1n7KgW3fBd
+Z+ZxmQKVSTLqmZP4h24Ukv/2a1lWtN0iSw/7NxMCpLuRp/ILB07wALkYxcZLUl3Ap9R
OcrBAEEVDPP9tQYMrgX/rsqWAa/C6BB9rvNk/ZWT/ebqMlRmfG0kGbMWQesv3ujK3d9H
Rav6FassGcWYluV0cHKJYFpIHV0k2AimQmatEOLRCSiPlgSgKBoEAXDGZEckjyCtQy0J
iDAAudDZ9DPPTypjQdLZsK1K4ua9MNKAVfBh+GqIBvP9fV5CYKrI0QGn0CRk3NGe0AKV
3MSJfwWoExSzmkZ+cMLRVZQutlPNqQ7NPiY3tmvKFaeP2h0fQmu6dey97S67evOoeVFQ
EBtDzebhQMwixIUG+GyUNgEZ4Cgg+hZfnEiVNMYARaYFsHKAlzA5mhJ/OXGr0KNeAg/+
pyNbJlKJPu7WIpuxXULRPA2YPkLM6EHXGIrh7WTTqtB73iThWs4QcWyN+FVIgQSRtt8U
YiwdPgBKbPM9TCcAeRJ6ol4tZOrcUlRJAG4IoxlNyqLpHqlXuADvIKi2zCj8/xWkfhv2
NtooVoFhFhqialMhPlC53uKkiEedtRpteqiMkmdyRg51totKXCdYMZsstiwEzhqkQZ/V
mcwEWDARusBAbxPWfcSI6KzSNOhKfepjNTK8aINLIqaZrfDGjhcahuaZ0IWJ1FdILdyf
/GS7Gt06hIJFbetOpY+BdAg6zAJEGA39QeP3mInfYwF7zN97NZvOaIYVZSNY6sBMUezg
6aWTkKWmMuz7qY08PSGdKGZjVWQHcKnFqpRFNccM4O683O3GCIJchGM8ysRIaA3x1kii
ZlB1gOIgCam76VzTvJFXSO98Nxnujt31CZqBxSeEhS/k3CrxvNluOwuXRY9OXrL0uK8k
mcH6uUuOqOsKrlKWktorjzBWRNZegImAqBJzuMSm+V46gi431kd0UA41EWOqrMyNslaH
LgjZJcIr+lMuylPWqdJCsLBdZcVH9FLyRoCKmsgf7QLJ0V4E8TGF7uo6Ds8VGwAVKJvj
Ss+vKFC12JoTEJkGCotR+pzf0a3tEUdJWLJg9YDhtd1K2ESFHkoguQ1ZIQu1wJYvqOVh
8E3b+k+hzQn+LbCEyOOKcO3bQRHXkdzJbx7PgyJ3Vptd1kPyvcg3qWTxXssWDczcLaLP
4VFEMmdi0SCvZTBysK9jMtp6DZpQLk0DuZyeMJX7NpV6zlkEVK2U7ShzEtarvgPjPOJA
6EEHIpKbeC1xsvKv4NDUMgMGyGxbaeawmMeugZs8iZKZpEtwqIuQNeL3b5Fqj6zbXldc
G7l7HFQvWHk3etCndmnXZc=",
"x5c": "MIISkTCCBY6gAwIBAgIUI63rPwohrPyO4VdiOGYdvl2gTSswCwYJYIZIAWUD
BAMSMD0xDTALBgNVBAoMBElFVEYxDjAMBgNVBAsMBUxBTVBTMRwwGgYDVQQDDBNDb21w
b3NpdGUgTUwtS0VNIENBMB4XDTI2MDExNDEyMTUzNloXDTM2MDExNTEyMTUzNlowOzEN
MAsGA1UECgwESUVURjEOMAwGA1UECwwFTEFNUFMxGjAYBgNVBAMMEWlkLWFsZy1tbC1r
ZW0tNzY4MIIEsjALBglghkgBZQMEBAIDggShACpXkpVmwCrIn2d4u03gIdmTqC9sjrTC
GykakwGGH/xLseKQBy5pLgK0DYZMvlt2kqNQihAivahGyYulnsY7oMEYGRzkBGhqMkC8
Rme4JlqwDxnpf4zHqgTBeFUsBLFcdTqoBIbRT4OIrDmcwjfEbMKok6oMJjUwnZIViC0m
nCK8cnu4rJAYbu0lKoo2pU4KxiOiXbd2l/fMvbqjWgZ7CczxyvOGE1taT8l1o6DVB8u8
jZ5UEba1RF2HfpZAWdiAdZ+yoFt3wXfmfmcZkClUky6pmT+IduFJL/9mtZVrTdIksP+z
cTAqS7kafyCwdO8AC5GMXGS1JdwKfUTnKwQBBFQzz/bUGDK4F/67KlgGvwugQfa7zZP2
Vk/3m6jJUZnxtJBmzFkHrL97oyt3fR0Wr+hWrLBnFmJbldHByiWBaSB1dJNgIpkJmrRD
i0Qkoj5YEoCgaBAFwxmRHJI8grUMtCYgwALnQ2fQzz08qY0HS2bCtSuLmvTDSgFXwYfh
qiAbz/X1eQmCqyNEBp9AkZNzRntACldzEiX8FqBMUs5pGfnDC0VWULrZTzakOzT4mN7Z
ryhWnj9odH0JrunXsve0uu3rzqHlRUBAbQ83m4UDMIsSFBvhslDYBGeAoIPoWX5xIlTT
GAEWmBbBygJcwOZoSfzlxq9CjXgIP/qcjWyZSiT7u1iKbsV1C0TwNmD5CzOhB1xiK4e1
Ounsworth, et al. Expires 28 September 2026 [Page 76]
Internet-Draft Composite ML-KEM March 2026
k06rQe94k4VrOEHFsjfhVSIEEkbbfFGIsHT4ASmzzPUwnAHkSeqJeLWTq3FJUSQBuCKM
ZTcqi6R6pV7gA7yCotswo/P8VpH4b9jbaKFaBYRYaompTIT5Qud7ipIhHnbUabXqojJJ
nckYOdbaLSlwnWDGbLLYsBM4apEGf1ZnMBFgwEbrAQG8T1n3EiOis0jToSn3qYzUyvGi
DSyKmma3wxo4XGobmmdCFidRXSC3cn/xkuxrdOoSCRW3rTqWPgXQIOswCRBgN/UHj95i
J32MBe8zfezWbzmiGFWUjWOrATFHs4Omlk5ClpjLs+6mNPD0hnShmY1VkB3CpxaqURTX
HDODuvNztxgiCXIRjPMrESGgN8dZIomZQdYDiIAmpu+lc07yRV0jvfDcZ7o7d9QmagcU
nhIUv5Nwq8bzZbjsLl0WPTl6y9LivJJnB+rlLjqjrCq5SlpLaK48wVkTWXoCJgKgSc7j
EpvleOoIuN9ZHdFAONRFjqqzMjbJWhy4I2SXCK/pTLspT1qnSQrCwXWXFR/RS8kaAipr
IH+0CydFeBPExhe7qOg7PFRsAFSib40rPryhQtdiaExCZBgqLUfqc39Gt7RFHSViyYPW
A4bXdSthEhR5KILkNWSELtcCWL6jlYfBN2/pPoc0J/i2whMjjinDt20ER15HcyW8ez4M
id1abXdZD8r3IN6lk8V7LFg3M3C2iz+FRRDJnYtEgr2UwcrCvYzLaeg2aUC5NA7mcnjC
V+zaVes5ZBFStlO0ocxLWq74D4zziQOhBByKSm3gtcbLyr+DQ1DIDBshsW2nmsJjHroG
bPImSmaRLcKiLkDXi92+Rao+s215XXBu5exxUL1h5N3rQp3Zp12XoxIwEDAOBgNVHQ8B
Af8EBAMCBSAwCwYJYIZIAWUDBAMSA4IM7gC0oiNL9qE32Xc9UhvaHqSLroWaUmmWCfkU
l/uRrGkPJ25fMeFoomEr1EP+xyMSUlPc3fQ1VExM5Lj1cm0lFLe4/Am8oCeAibHYSSaO
zg15nKrQhWJ0mGAJbXJF2HeFLY+aD7GMKPHgB0SHILzyj+JcWGCpxGi/L81sGbqU+dUR
UcO/ZQmHQ9OYg4J92aJz1TG2naK/m+bAXBn7kpvJ10996/pFjRAyOXNFnKnnfZSo6UNB
20ZldczGPcVW/tvQv+x+FMw9b5MfV3Px+WdDnW9BYAg5YV0hI2n7ZK0kqClR7uiVdPWL
CwrgCwAThlfOMb2zZmHSYoFOri0Hwr/WJxm1I7hylTp+7RpGUwsBZij8wHMGCjJ004do
i2sp9tF793g6URaO1fHWsvNV72LjZ4M6U0EORv9YYYIbwWrcmfq/76hcRgY2aby4VOFM
TndfylvrIo0DOMLtz2LY+N6/uINSUtYz6yHnoL7xsI2VJvngw6YFEH7BEpq2Z13qSd2r
GmJbQvHsNp91mg8V4GdJX5tWsf5/jp3ZGvLnz6O8452yzg/7ErGRFD9Zsoww8wIuunmI
AI6vRabW6xOj0r9I5a5xYHRE7/JE7UDYtQPJSZRNVzdreKR+eh6RtPP+On0vLzM2IzYe
4a7EITwc9crwKF3ziNq2JAONfEmNXQDkhV5/JCKj3lEQXeqzMehQHC1J0FmF7Q/Iv28S
65XSybmIHkW/DUDhIxehfvVPZ3URDjYk8gxsGtRV+sXR9ttmqygFko+Ket72oJivVyLL
Ve3h0T6IjZBwP/CSBoWKlumcL2OFzP2M4c0DABA+/A2ombppyIbne76xYHKOoHkf1UEh
mGtD3ttwihHE2FPv6dGPabtzw+dHKhtE2B2yNcRNRw1RZaRK0AawMLr6LfRerv+wmNi6
LxlYL5QJkz+yZQ4EHepOwsXkid+GwewhoEl80OAZ4fMtYMDeI/ErtjogGiDMLpI+fRQS
NxFx51X7K9Ahzo9UGExfRW6dmtDgmdvQU5kKgglQ90/mIU5ruaJFFiX/1smic1qpevqO
qDu5sSU6HeYR4IQ7mjHG1ASLbelx0SwfayXbSr+xHPLP+fPnVKIOkFOdnpj4CR0XHn26
kvzdz2D2sV+YG7PdylYePHKo1LB8/PbyCoyjALB4Y2TyuGG/WUMkQdgdqQEK5+ubfMX2
mgq6lsyDVrXIaFvFX8Y+eVZYcCuj8wmSi1Y2wz7+NUsWXzF4klzcqWjkesquJGhVHeFP
HM5wUt3xBQjfUu4XnkxkyijIwXpmCJR1ZI9S5QXdWH3QzH3MBGSBCW9e45+FGZzAnxmy
NoPoJFKsg/immiuraHkQ5YAj5W+MLK2bIPvWfb/SwfpzExPLIELpjWaScasoz/9eOyRx
vGb8I4aNe3M0gNRpQIfQ4CsOGcFv02S5s9lnRhiEZCyiUhqakBTWIbq7eqKSiOuKac/Z
I50M2NP83yAYU9Q2UXK/XvbiZFxu/cl4WsZ3vkOHk3XR6mtXX1Ihy5AUsPeIYJFPzaN2
IFzI+hReBiL6gWNnXUrbRXKTYQ4kmSuTKxt7iBKDJ8yaJmYd8Xwu6BhLN907G8bgj7E5
W7Yx1IDoLPiJ1BplkkTu+znw3YdsN68hU41M/+0N+ksd8agbLit9txmGSDtoTPolGPSW
AHECkG8fAdXycCVUz3hGjDtNQ6uefnTQNWZfcgPOfhcu2ATcQc1EuR2C/jw2A99edkSK
penWaRk09TIM5khad0inCMRgZNM51hFwEF8wHPPtywFzVSMx9XCnNasQ6ru4XpGftjtw
QNFmcsU8DsVYFksYpP6QLfQ9aPz+0AUiHv390KQBVjP6G/DxCCjka60y+W02VOXW76e3
0wK98LnGDZ0T88lGpLffdqR7rUOcQQM5B++feUiScBJbjxpoAAtZKnNmDqPXakeTo+TV
uiqmoZVfE7qoUCia4aWOoJ2+537Y9Pt3j15ELfupcVWbkZDpVpg3dr3CB+fDuJjtpO7h
DiXTWPH5Ee9Rzv1hpJra/aPVvFIqO2YpiHnvqQiuKMgW3Cn1MNZGRuENhRLlmmemaeAB
MzXUfeLJYgG/dcrySDMkZZIjYRy2tCjzfLSsMfdLmkuUtpTZdRe2McAynfX2h4xDYu0G
RjHEU6C0LcNmQc/mc+e7L58cO5tlsGD/xsArAU14Zo8AZuger00MeyeWn1ZlEdnA65Pl
Y6k9sr37Nz40Fi9Nv9qfia694bF6QlU1PnaFSOKwdZIlk0cuS0fif+UxmAIG/KflFvI0
u2Cmgqk3SaS1ZEoR9fJf0Lh3LMzkGFiiy835E9TDPtqsa8FGFo9i/xrhQVnC8YfPXLhk
Ounsworth, et al. Expires 28 September 2026 [Page 77]
Internet-Draft Composite ML-KEM March 2026
hrPg6lLBW2VKVawSM9Je5plIxKzytLfqsJY0SZRiOoePLvVE47ZWhz2Z7hgHyyi9piR3
ku4Zn9yAvtnAQ36C4xwXPTUqG84O8S2FWKx5jrWI9GvBz2cwKEeGosY/ISLkjtMcAL3M
Bm6hrHowTXaW19ji7sIoxJINvl4ehZeSCcXlHEauUAGMhcsfhNSjd0YHok93vi3kGc8x
H9BpgolV2w3aUjAyA1bOKYVET3VtzQgjcOsWGUvHWWp5iSw+GbAtxD3ibzrB9Dac1xB4
+hPDnMhcYwNlRnHLZZi9Bn49ncxxgQcHKxF34+hp0bQ5RPgXXLqWqhs9Kw55HZ9K5QKR
g2gsx2GVmnyywwsSeoLHYirXVVnHEgmfgRGpyx/TgEP1tQDMG1RvLEamQRvFFpuxdSj/
vmGFqJJ3GkiFWZt26z6jwzrgWU2St/SQFWIEje/j05aUU+uYFFIoy/Uk+8ymia21mpNy
1W5OW2roulPxFT8/IV1NZflvboqDJjrDHxK9ljjDtv2s2Idf0CBykjM7wFSmAN55cHKR
WbhUA320LM2tpQKh6Ygx/xsazvFMDQGxiFXKby27y6J1oJ9Yp5IG8kxhxBmrRNywdIvK
vFrQz7KbSRSAcEmMBQ80i2OdbZUzH8X7eSsH9PDj6VMmDBhV06vYKTgghWXfrCBhk4pf
VIk45YH/vsBnkjRRC9X9pb24ImoyjKgCjMl095wAbM07/EddSYC+YugoqMy6N3VhBFPp
oyzyPvUX7vhddH6n3sOP2kPD3tl+PEmi0yme8frfSwLpkmHejeeWl5pB5HMehPB+KfyK
3TwhH6D+80odb4FLbQAR9UTsGuO1jv6qabgm9jvDFPt6LyLrJLG7O/exk9/yiSyjF3rV
XvhEZOqP0FfU54812xwGpGfAChMHqXol6vRnsRxuZePnMNa1iw0T15zcNtfebvbndwyF
ma9izDMJ9ve0X8lfMnpigCvUPanIttHcL9zJo46WB2HtSIly0SFe9U17HgBBtLBytVjB
nVeDcdMHZIbEX0Qa4n8h/jfK15b/QqvYxx1mSm6heu+LEmqfQGjIen7IEmnOBRd4g2Ws
slAQs4bb4pL/mpYTimf1yBMzY22vCuk1LmgyksQu77AOjHMVaniP7vvBVzTSarv1dTGm
au0w/LHr2ZIVQkRF0suQ8shu1uODFYquwmWA8qwT8C7z4Nbrb69AqnedSGOU8GF7llf0
WDMgYZkMexuRjzq7gLYzQloF8OekMdGBCUuv3Q9cf+E9dJ+79eVoLp6QNw1w9aBwSS0E
7eK4oNGa7z2GqYBwVW001Jbzf+KbtM9frfUrzetYO6d+YMxZt6AE/nIJNCEIkrytcHoH
WueVq9pJkF1s8np9AYq9X07sXDCk+/afarF8tEppklG/gh/XaadvE/EYHSy7lhvjxq9K
u0WXlq+CcFvXFmgSzL5Qi48w5EknwzjSoG7FlXlqDBfC4go+/UG64DAwGzmZnWwKDnCB
IonFDQZH5vk3N2IBN/FMdN1e8Qs/oOuX3Lz+fY0A8NrryUoGl0WCVL7Z8m3o5kM8nau7
I7C1J0VSPgAjTDfBrbo7lageKLwCqOPy09If+3DJrCnLlGz7USVBHa/HSvmMeeUe+HYl
eK3+PqwW6kDUlZtoaEvhSC/jx/oH9SzIaaD2lhz5ghpjHCMW3ggIdcOD6PxdD2d1J1FA
JxNGq8YWj4Ne3S4uE80l++6Wz79q/qNTrXyNPsHDTTbrc8xXGetUubr1+44hNpaDXfpp
4Ql1AhjF1uZD0Uel+9H+TynucoKmmVDMqk9P+3G52NsYJbM4w7wDZJfqqCykOH6dhtBY
4IoN0OQ1ptcz4dvC7fKHjrkQ/1bzNjrOS6xWNStpLG6n6/UPmBEefr8AEtuO01HulLI7
0RKv6lwW0XD2Q3kB8tl2s5nen07rGhu9GNyPR8C06LQQv8nXSMoQdaABdGe8AWg/Talb
l7epTrvzpmZFRQAJLkdTdo+lwMXLAGl3RWyw1to/VaW3u9wGGjLCxUxZbY+2AAAAAAAA
AAAAAAAAAAAAAAAAAAALDhMZHiM=",
"dk": "a1mSSJ8fjNQPVNHfGg4waFDSsYJtZc1dxkV9twufIpwYSdvz8gAQ1idWJ7pDd
GdIq/TjcKw260E7ZIm4tCS4uQ==",
"dk_pkcs8": "MFQCAQAwCwYJYIZIAWUDBAQCBEKAQGtZkkifH4zUD1TR3xoOMGhQ0rG
CbWXNXcZFfbcLnyKcGEnb8/IAENYnVie6Q3RnSKv043CsNutBO2SJuLQkuLk=",
"c": "Kk2rWQIQ+gv85OkF6YeBApTiFm8YHA5QK7UN7DraSDhP5WXdpF6BcqSnQht7m8
Qe50l/9l4jeGT2IK7yZVgB46OO4pFNHQsHj362dvaXoq2ssgt5mug7iZd4qQ0fgJxLgx
4+6YgdeIELOle8rqwGctvIqD9D5WMQI/cSLvAVlgieGkfiKXAvcXF0iX6LR3OFDaFVnb
3jlqpR0b6cWX/+PUzm8BBJ1ahe1ggdqaHKF+6a41JERSshvQ6r0wHUAuSio7Gdyrj05H
LJ6yQAeXLhqooll8Q/jxlsLnjIYXg8w7dBNMl0tOQbdVw9fPwHrcaMq36W7r4GlUGs5W
PRutt++KHO6kEjV2Ls4+Y9YSpwdrgbt8t8WmSQRS/Sid81Whwg+nWZrSr6DvRXI0ADr2
FBmLrQkxbkkJA8pYg3NQrRKAgWiwSNHrB3UTHoMH1BsxNifiS5NO7Mc6Zr1CpmfE1RL9
26S4rpMBW8aqRNNT0nnOAyhnfnn8m5eRrPgtA/lPqQDfa/1tDD2agxyrDVofeFpcgsvf
0IaQpbe300YRStnzqTbeONyHWqr/+JotKOGRd7a0BOCGoe0R5FvmIBSE1gG2VTzDB+Va
H/UcPBvYGGGpiK5LfTiRQaJaMd2Riandos3m+q27JGJAszL9aYgkDIxmJa52Xj4aFwM+
7L4XIFTSu/X406RvSNGqa2x7l0adPjdL0lwZ/WEi9UEO1SsNDXiuPMlHPkrGJ+zbsnII
p+whMOaF7hCQvEPUTW5rejZRsH1pj4AmrS3w0T+9pzUo+Ua4Wnjdqj5zkoNy6J8jspAb
RJ/x5AsyT14O+T7WHqnoiPfEpN+rCVV/5i6ls8QJujXd+54jW7GwBom+YAKjRdfBQhQA
Ounsworth, et al. Expires 28 September 2026 [Page 78]
Internet-Draft Composite ML-KEM March 2026
8OD7Hwe3xlQAMV5Qax5N/rAM0v4CMWx0M+yrg0aJNr3/xKr2qC0KNttNLBBQRwrGH0Ls
yL7tvjTyAKozu5zO7vBCOpjELcJFHnW5VTYdh5utymxb4/VfLDSk5UKf1Ol7Xn7BcPU/
KTr+jbnqIJpogBeQtc1T9IYCTYCp6oEt0t5TEbiP3YbP4ZmvBGmxKBeX17SI+r6v8NKe
E+vF9zTVI/AECPIMZw4zAKQTjxFiSoGZPw80wb2vouH6mNKxXHPym3CSiaOC43gu5vwk
5V9W5zR8AQfMklHNkktmGBeeINy6ajrfvSK3ohCrvPqh4zjzFuc/yYBjJbD+ZCPgGFay
llz9u50jhDE4FHgvT+tzBojG1VO6xijIAT6NdZc+MxOVe3fUR2cEtxbnsTwzxQSkCczo
XdOxIFZx/T54BhDeqJ39/ma2JMoBhbMaaQ7vjliZDLPFJ/+p4+z5oaQasz9f/NUXqQ9Q
f9ZC5QFC2H9iE+SE4SJ6Tj/BUedmf2RODwshaR0cMjYyAbe+/t4VBIq9xUce+UYT7ejn
+APQir6mzN9/qv7KXEvuxZJyU1d7Y=",
"k": "w2cdygnxOR++DRP1ECwfnWvrZOvwY/hoGn7nsVTDMGo="
},
{
"tcId": "id-alg-ml-kem-1024",
"ek": "jaAeO7OHQTQAevhwH/QlAbCP0RUi9ZxB6GAXxTZuhKkfiuQyMiK5ojVpl1E3k
0KfdBgulJs4Rvei4sQGVeg6tsg0Ced18lGWkBgwWkyb14wolGp3HLUIlIAa0sJYz7RBe
2Ehu8Zgh1hNwJsKcNS8n0C3+oZNUtSLaBWr0yRehTrIDwkAmpQA1bw0/apnPUHFtQmAI
fMSTuRHGHh1nTjP/9xvQINsb3CcJZbKxGg1NwJsyJpH2bV8c0Z7GggiSpNhTyFFzwp/h
VswHEJrSUvKrCkKc5G8KgMIIqq0KhN9zRuvpYbJBxnMx8J3UyadtPEkDtUvo4yawZZhN
JK9BcZoDCi79bLF03LOmmFTydhlDfu9cRFOWgsMKpIYbYy9tcE6IvRmQ9hmxRU6+1ZkO
PeEJgIyGBqB57Ir5anMqwGcTfykZoF/kjh3WuEk9JS7MHQnxCawzHQlV1Gz8pXMWJO4p
OMaCoTCrcyc0nDN3ZO0HvNMu7ojvSqCammPxAS8ocKPtakP+UV1PchpIzqIoYDERrKcz
eWTMFGd8WIQCHkqYCcZ40dliZXCnMypS9odbQK6d+mnpUSRMVoDy3qL6uMrQfJ4pYPOS
9IThjUHBPNmmklBVOMrapxVNHc/v+yY/0qXOUfJjFF/fAlp3AZDCPCly2PFOJFWV/nB4
pMXJdm0+gKbeEuUz9Vid8KWsMvKKpULPncRW+MbSBcXJjAd2lrPn0NunCrG+BZ/lWZEU
5wAo9XHinWU0vSX7avN2RAqsoCj2rLEFOVAyHNBS+O++IsIhmpWsKvH/TAr0HUIHMlHx
ATKkuE+9KClaVGeY/vIZAms8kZIpAcoQ3xtyFI60nV3ycE9ZJltjjh3F9ei4qrDVNctU
2asPzPATPFzFdI6g9VNRnV16klI+yh3CuK6z7idiOqBIUZ+30ZxYRqKTkKzzquHFsJQB
6EdooSAcNdlbDFc/6GErbR68/fM1Ii6TwF8o5IvT+RUMFRm2ZR6a0Bzcbdr6rFnNLAFG
iRVnxZkOmV0LkM40lJrL2mneaQZUtwVVWd3fwlu7HZ+d7hD2Da0X0uivnMiiFkB9cgKU
veeBfQdn1p2HNKGUhdZbjeswCKMNJIEo1VAmFmZaoCkMchRFLQLf6tQ9Lesspy/p0DFt
0yDjHYqm5e2ifcmoEyJH5wfXToGQWmHKZW6WaJ/+oC92zi9itN41hW+o2EDWSkmU3WhG
VQKAudbWatO5VtIyUEsxhpd6/x9QBCQnxq/4XadY6HEC9CA8DhUyTrHq+mg4fgG2sVCc
MyW0lUVnRefx6FSk0OpUOY8kYobF8qThEQX2TmddjpdW5tBG8Y8oraOujIKRlgK6MujK
mzOlsxck7O1GTp+WSUapwIHKUyQygCMB6dauXHILCaXZGa+yKZd1HmDqRp2WZw+bkBK/
xehShG0CsxvkQUHg2prjfIP2XUgtIEt+7uigqGVTRUhoAmrbpR/SCeSvrt/hmuXOZas8
FNJMzJZypAKb4ujO3YMriiF5Xk+YDMFYPmwyKAkAzUDoptccShBiQtMrHk/CiiZ88GZ+
Zo8tOoHlfW6+1NrtYBi91SxeAmdgYAMBFmIT0inqaJQr7KVfiWFIHo3/BV3DOYbSLwuW
bABlMJj6bJ35GlKw5NkEEZTxgt/Fex6HvXHpyClG8KXVsc941NXupRqYOVXRZqX1iJxi
zafIuEv+BangTaVVMG0VzZXqKO7f1lU3xsUibVY9aKJ+ppwQNYf/LdLbUyATnSSiipld
0w6+bKtbDMgpIkm9RfMrQhOFoxNTwnLMAogc3EAp+CM4mtYU+DAdlm6pgSb+MSOGetvQ
7OsdzNjaQo9R9eKnplJSLeOSBsXDuuaqDUaXuN+qnSnD+swGQwMQVJmeBHK2nI5hHk+E
AuYUhxcDyd6fGGjSSfKwGxCusJ0ypQZHXG2WXaHHPW/5sUhZNCIM5AcZ1MVG/No/uK6/
RocDHhMj4sTywMGUYgmjIJun2nAJlISkbsCKJVp/CJzLncVjntffSTAfyR1wisZSSB/q
jPAq1x7ILYhsQjMh0En4vV2KKfcDDj8OOw1FVFgsaN9kpZDSpXcV82Fe+c=",
"x5c": "MIIUEjCCBw+gAwIBAgIUW0ggc8M4vPRyatqcL7yX+UsMyS8wCwYJYIZIAWUD
BAMSMD0xDTALBgNVBAoMBElFVEYxDjAMBgNVBAsMBUxBTVBTMRwwGgYDVQQDDBNDb21w
b3NpdGUgTUwtS0VNIENBMB4XDTI2MDExNDEyMTUzNloXDTM2MDExNTEyMTUzNlowPDEN
MAsGA1UECgwESUVURjEOMAwGA1UECwwFTEFNUFMxGzAZBgNVBAMMEmlkLWFsZy1tbC1r
Ounsworth, et al. Expires 28 September 2026 [Page 79]
Internet-Draft Composite ML-KEM March 2026
ZW0tMTAyNDCCBjIwCwYJYIZIAWUDBAQDA4IGIQCNoB47s4dBNAB6+HAf9CUBsI/RFSL1
nEHoYBfFNm6EqR+K5DIyIrmiNWmXUTeTQp90GC6UmzhG96LixAZV6Dq2yDQJ53XyUZaQ
GDBaTJvXjCiUancctQiUgBrSwljPtEF7YSG7xmCHWE3Amwpw1LyfQLf6hk1S1ItoFavT
JF6FOsgPCQCalADVvDT9qmc9QcW1CYAh8xJO5EcYeHWdOM//3G9Ag2xvcJwllsrEaDU3
AmzImkfZtXxzRnsaCCJKk2FPIUXPCn+FWzAcQmtJS8qsKQpzkbwqAwgiqrQqE33NG6+l
hskHGczHwndTJp208SQO1S+jjJrBlmE0kr0FxmgMKLv1ssXTcs6aYVPJ2GUN+71xEU5a
CwwqkhhtjL21wToi9GZD2GbFFTr7VmQ494QmAjIYGoHnsivlqcyrAZxN/KRmgX+SOHda
4ST0lLswdCfEJrDMdCVXUbPylcxYk7ik4xoKhMKtzJzScM3dk7Qe80y7uiO9KoJqaY/E
BLyhwo+1qQ/5RXU9yGkjOoihgMRGspzN5ZMwUZ3xYhAIeSpgJxnjR2WJlcKczKlL2h1t
Arp36aelRJExWgPLeovq4ytB8nilg85L0hOGNQcE82aaSUFU4ytqnFU0dz+/7Jj/Spc5
R8mMUX98CWncBkMI8KXLY8U4kVZX+cHikxcl2bT6Apt4S5TP1WJ3wpawy8oqlQs+dxFb
4xtIFxcmMB3aWs+fQ26cKsb4Fn+VZkRTnACj1ceKdZTS9Jftq83ZECqygKPassQU5UDI
c0FL4774iwiGalawq8f9MCvQdQgcyUfEBMqS4T70oKVpUZ5j+8hkCazyRkikByhDfG3I
UjrSdXfJwT1kmW2OOHcX16LiqsNU1y1TZqw/M8BM8XMV0jqD1U1GdXXqSUj7KHcK4rrP
uJ2I6oEhRn7fRnFhGopOQrPOq4cWwlAHoR2ihIBw12VsMVz/oYSttHrz98zUiLpPAXyj
ki9P5FQwVGbZlHprQHNxt2vqsWc0sAUaJFWfFmQ6ZXQuQzjSUmsvaad5pBlS3BVVZ3d/
CW7sdn53uEPYNrRfS6K+cyKIWQH1yApS954F9B2fWnYc0oZSF1luN6zAIow0kgSjVUCY
WZlqgKQxyFEUtAt/q1D0t6yynL+nQMW3TIOMdiqbl7aJ9yagTIkfnB9dOgZBaYcplbpZ
on/6gL3bOL2K03jWFb6jYQNZKSZTdaEZVAoC51tZq07lW0jJQSzGGl3r/H1AEJCfGr/h
dp1jocQL0IDwOFTJOser6aDh+AbaxUJwzJbSVRWdF5/HoVKTQ6lQ5jyRihsXypOERBfZ
OZ12Ol1bm0Ebxjyito66MgpGWAroy6MqbM6WzFyTs7UZOn5ZJRqnAgcpTJDKAIwHp1q5
ccgsJpdkZr7Ipl3UeYOpGnZZnD5uQEr/F6FKEbQKzG+RBQeDamuN8g/ZdSC0gS37u6KC
oZVNFSGgCatulH9IJ5K+u3+Ga5c5lqzwU0kzMlnKkApvi6M7dgyuKIXleT5gMwVg+bDI
oCQDNQOim1xxKEGJC0yseT8KKJnzwZn5mjy06geV9br7U2u1gGL3VLF4CZ2BgAwEWYhP
SKepolCvspV+JYUgejf8FXcM5htIvC5ZsAGUwmPpsnfkaUrDk2QQRlPGC38V7Hoe9cen
IKUbwpdWxz3jU1e6lGpg5VdFmpfWInGLNp8i4S/4FqeBNpVUwbRXNleoo7t/WVTfGxSJ
tVj1oon6mnBA1h/8t0ttTIBOdJKKKmV3TDr5sq1sMyCkiSb1F8ytCE4WjE1PCcswCiBz
cQCn4Izia1hT4MB2WbqmBJv4xI4Z629Ds6x3M2NpCj1H14qemUlIt45IGxcO65qoNRpe
436qdKcP6zAZDAxBUmZ4EcracjmEeT4QC5hSHFwPJ3p8YaNJJ8rAbEK6wnTKlBkdcbZZ
docc9b/mxSFk0IgzkBxnUxUb82j+4rr9GhwMeEyPixPLAwZRiCaMgm6facAmUhKRuwIo
lWn8InMudxWOe199JMB/JHXCKxlJIH+qM8CrXHsgtiGxCMyHQSfi9XYop9wMOPw47DUV
UWCxo32SlkNKldxXzYV756MSMBAwDgYDVR0PAQH/BAQDAgUgMAsGCWCGSAFlAwQDEgOC
DO4AL4eAYadx3gLJGS1SUNcWClPE8sKwr2wqcAWWIrx3G4uOcWCs0Nvr7hVWTG82Be2O
XzH6dSNpuYCkoHX1NDYFIV1k/581n4D3hJmlzV3QiufD3As08ZpzJq+ZCOwvJ5ZyaNrB
Abx9NnFzQDLk35/RPlZjh91ONtsQ7z+jfBOSS+JvI1OgHrANxTckfMvHt+aIeG27OTTx
Rn11ROoDwT7+zho1x0EkSltePcJASWc0lboUw9ARdvw3QMwqXCaFlm/LfAIIiGxPt4Gh
Ck63LkePFoC9SGYgXutG/5k2E7LOCJCwdMrcb4pfTWizbaIHQXRxNYXe4wc6xYeWRKY0
i+Dnwo7BfOC6nSwwp7DpyVwvRFHF89uV431t+Mi2eqJFvPwiUlb8pBnMonweqxxOzDi7
QPv6WphHJhsk7FJQouqaPjtb2N/NkQO+xPTFnEwqgEo9Upg4Lb7SK4eghqcEz3OYCKek
LqGWcsE//oB8tMyM+BQvWHrzhfsNE0GfeEPgCWHW2QREVPEUuxUgNzoBshqC3rys+rM2
x9QTA840E1e1zVBSF3CC9NRbS+ZTOFUqN+ZO8tV//1ojrs2URe5L0N11642l49fF0/nq
MpUAZi1QJkUTBroxSwJloGz0eGO1riQABDwk5PY/+8tf6Nrvcmcf11oqXUAo1zRFca3d
S2uabrtHajzGfJ5c6nSS8RbRMFXEK0ha+HZBy/B5TCUvyIaA0Xo6pJeXOY+JNxVHB1vJ
YLxYAKM6H+gd5RsngeNyy3/VTzyGHKOQbpmTVVP3h9nalbuPMmPGvi7elp7RyD4ZDKzi
MUReqI0ekGEqo1GZCCnyym/UiSfXGcDMoCLunqKvGUxdeXIDu3hSrijBO016sw6SPomh
nz7H7TOsSzr5hLa76mUYGY0as0YM/1661nvAT8P3qRnIFz3CECZHZRy6ThnR8u2Wqx5n
kC/jP0eIm/fvrJqcHwgTQ+xm5MQCJVGOFn8NLN7VblbCy21YU4AFhCbiSkM3mfOV5Mq5
05yBwYSY2n3EqwFCsjkisNN7mBhC/snEKXgbJkDuEtQ1fC+EgUxfHOmrX5tBJ0BB9VsW
Ounsworth, et al. Expires 28 September 2026 [Page 80]
Internet-Draft Composite ML-KEM March 2026
QmfyXQm2/mZPE99p3h8jZ2pACllBiAI3r/IfaM1o0a2lxhy2k/cgqz9936HtZO56Kzi7
9qZjIZ5VYzG2rmUt7JuP0XD3PcMqtonshWS/8mgmHIaPuvz6nk6hpxuU3BYBm3Sxf4cx
EGiUVAjYBlMuNnjyRMUOJsze55/jjuzh5y60bJUm7t3GEQgSw/uGp/JHFWtt1SnE0bWD
3cKbDgRA0c0UbzFenHTEOXQigL078DXYWyx2l6DX2dpi1aiJZY3TBG5030mN9SmKgE8H
NnCYv1Yq5UCm15H+lrKG9hD1Z6UgSUcWt0/liUeeL74RvDKtW0RLZC3zAqI8lec/uFfJ
XHwqY2IWltzJUYDlxhNgAVRsJ6kg2/phSJNdu8eUZvPWfTC48EJ/UvOzwTXnEAUyzNZt
CzXOiU5r96PBNPfgkwLuWUuepXgJMx+f2Wy90c1jQxCI1/lH8b7doaOcpi9JfHZI7Gcz
YbFC5x9t/LFtJ5eIUwjNnRRLaol3yioXFlLQYVq4nukJ1Cv3UPNho8CYYmecl13++5a1
6tNvwW8S8u2RPfuqrXmqlguIQyz5CJUaiWsUkT0FoI3xue9ilw2LaGXp7xtLPcdmBOsC
lbQoZWJ8ZhPg+V03988yarm8tbnOExpdlg4ZzQt3TAOLuxqDSL5gXV3GEfpd/dapUqiu
3CPFUB9IOvBAHiCZ57xnY1wOuIReisnXsXTNxq1VvMHPx2Ss8iCKiRkaY/tXi1hqEw6C
si0fF46Epoiq0s3RcWxRaOmkGsYCOoadMpZhUyXi+mCNKrUc5AX3T4V4U6ObM7u4rWsk
F9GhX+lASf4huya98o0mgbj7hDe03SD7qg+TySm9DQIMrRZXdARrRqj50ErYsEEF0KqP
sL717gIHVHN6B0sGbaevC52Ro8unG9xnt/nACZP1Mg55HHctzffvF0mtjoO2X2iunSdX
B1MDtoM3X+W1h7MjorjUpCHUlSkVETl86Te6f4B8nTlDLlPxB3hbMp831JjAHQ5niu85
44nqCEdq/H2qtHkYawIzk2RaKEG1xtNL9CyUh628ap9erV3WMvZRernX4r2Us6sy8WGN
XbXZoCzGmeDDUPW/rdZswh9PcEv6hMkvn1xxD3tsONpivrjKOlcQCvt9jpyACoXz2Bua
Rx/1VGLj92T/U1kAf5x/5T+n/rxaJOpnO5wx/ykfO2LJ6EvRvB8pwIbCneH319RhuB4S
nbpX3K8GRr9cTU+OsSv6seBJF2nS3nm8c9MrZ8VRV8PLkNeJJ/MbWnhKHiig4eiDoHA7
LRdFKRjdK1D/f4vaIUKBg52EBVffxEfkdDIY2Ye4A7TKVqsbL0Td6F1LzEjQ2B17G29P
4Qn9e/qUNtIyruv1fNiLKbyORs2hWyKDGn/nXalzRCiRgI2Z46tBQgr462+0zObhn+zO
TTyay2nYZLO2RkRqWYZJ37OhrvDgrrPGIMvJRRvR/eaN4lHawdjpJ/UGSpQb+cMo/yw4
Mx9weQ0u5hzAlFbyK7Ye903E4ABZPlDfEyVPGKDiRng+YVRJRGhEPYPzx3X69aM8l+id
HEr4NrR9CW3VQy5sbF5tmFE+GgJIv5G1R0fYaRf/bRAaDrkGuRQT0GN5RaVyxD3u26UD
vyVmmF2deJ5aRRZ/k8Xl6WyDbmxjxCKOXJDS5dA8karDBMzj3hAxe3tx6ImCSvO9LbCo
4/4HmPPRjl2yqbyNRRgz/R8jxQHhpg+i9SwzmOQ0Q3YG6FHpTJo4wqeOL30xGhV/4Tts
iveOfknl7aqRtmxgQAtS2ZfMLDDFvnhxI4D7q3mpCNTA1vRF98XqThvzT4LdhOw9jbx+
uXkXugV9SmUN6fK7xZW4zlRKZszuc2oszbZG43/SS/ZGApRCqPewJrg6cY0ACPoibtZG
K923HQNPeQi4V1BrBZCmuhT8G99e3fzOEb/3cD/BgHYP7Qys9UzepOtQHC7Pev41R40j
ec99QGReXx0WlGNPfdlCuXqSBz48L2EsgXk5dfzJ1ZEr8m2xidt2DELdS34gb16zCghM
Ia4qw1iuiRir05ORbWyvda3KTAGOSbQu55Zd+rAj+HtyeNln/bPI0aE/PPPsOSJ/E+lv
o6VUFo5i/KnyzAmfgxbu8pud0eil7/SsAjCMDIdvS85vtcpQ/qzb0Und9DJVTiQy8bZk
DUXGJCvQXftPskbBLbflg4fR8Ko5ZlL3mSEFnvv1UWTZ8BC5o9BzBvurBScRXFwD5N6Y
PCARlJcbqdWzuhjVQeJmbpR/zvWSGODWe0bVCcxZh2VT6v+w5tCYuwqZU+yGXhGypQZK
BItzyz1U5GnaZq+gXAWOj4xSd1bo7IwcgKuwFd5j0148hvdvjBcshEiCxdKB8zXbwt4Q
A96c2WT/mh+0ImdDYyEiu84At6kEDqXeGsDrcFkMcarxiKO0QzHgk70Dws9XOe5nK2Us
Htf009Rbw1uIZNGYcfzaHiAWGcHu+ajA+nke/x9WHyVYD6YYoeTTJBIy9m6W47tPSitE
hPhlyA/Tqp1d62xHGc9NvkRLxkqnD+NlHBskZeM50r7eXbltukDwFKfOJpDQPEs6gbTl
s96v8ODV30bQXlk2L1o817gIbR0AZyy/AvVxysQlV3sLDj3flctlOfQURpAW71HnjwaH
q8LbcfRWEG8v1/+U4zZ5GRzmnfxi9AKdIs/wlgdgXUtIZYmSsuJC5E3qimstzYj1web+
iy4GQaIoxdtkrnnXegXs865JB48RtZrtAHJW3yHyiXqgY55odpYiEmBb7DpUVbV1zXwQ
rvgSSfebU0kOUn0kjwG4PBKXekk2A+zNVjyA0koiEC+M8fA4ulMi/XA7iv5hA+mQeShq
p6O87JP6q6f4nZ7jGGv0cKc7vtBZG1LPxa5ejJvRfgZJYVLOuhU8Qx84UjD58Q6CtFAW
0rwi9ieTNZwuXAMXSQdBknIJINgQ9YRKmw0/RkoNubh+zlJBq2dCHaWFw8OrY5ag91qz
j7sS36ZD7pyUDZukOyPvS+pOSi45zdAqpTrPatwqOGe8yg68BYdvgpEHufbfbkVZlaYV
syUFjJ8jRMO2HEk03NHMEAPae509Zw0wBIOvFsj6MiPjCxJedKqI6vj9d54JDm8iMgEx
GN+YQ5UYyZ+obzxvVMMgUWTWY5K+67LNp4QnziasMdm+FD9w7pdb+ZF6HrxYab9tZCEW
zO7CFIiSpsfjpoMm/QQT+f77AB2dNyU5ug1YbsMgLGNnuUEdDYtO13J8hqTuDEuVFBlV
Ounsworth, et al. Expires 28 September 2026 [Page 81]
Internet-Draft Composite ML-KEM March 2026
dHyJj6uvwNX7PWV2FFXZ5wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgcKFhkd",
"dk": "lGhOM32ENDU1ikJTm0ZlKghQzlmgObMsOPAFBwdrEdZ5jOx0Ou0eoiI/wC+6s
4ysbr4HMOq6CxcqpNFux6cTMQ==",
"dk_pkcs8": "MFQCAQAwCwYJYIZIAWUDBAQDBEKAQJRoTjN9hDQ1NYpCU5tGZSoIUM5
ZoDmzLDjwBQcHaxHWeYzsdDrtHqIiP8AvurOMrG6+BzDqugsXKqTRbsenEzE=",
"c": "er7Cauw9fVxwoVXpby9LBBGHmVG7U3wa3MCVnIxg7jUmvq0JDMuUUFqt9WW+7F
lzrPH2vV+9GfohXBIoP7tIj4qDlu4WAiwekrixP16EPBVqusOSjKQ8yhd4ddDtuO4fft
DObo0zBgjfzkT+fIcFPzzTQrDoM0tSgND10Aqjqv3Nq/wF1bO7XHDiFlF94ExmGDZF6v
+vuMa3KO/Ycgg4D4eZIlVIvcFQbd5hOCiZUK9GhVWdgmCFcgHXBtd/yraigtisDL6UTN
wPcKfTFRfbu5NmpcZ+q+iC40su2CXRTtcW52KuuExZS9YA4u6tcXT6G7A9IYqAOkukgu
qJuzAWbFdxsRovs1TmtOcV4wJZNvkXEJQBF1gUwmLF0pVQCjN1QYnO0VM1hpnA5t6rvS
VPg9fR/dbNE/S1rty+dt2knUMAY8U08473fAgR7vAXd9YOojJWijsyUrQm3zg52MfiGV
+Le1avbmB4mDgb6wDoCsR2nlOfmvEChBPiRTweiQBpYX125lRb5Fdl/hm9WFvYlNb9Ql
0TxPhmZdBtL9/UQg/R7I49YoNfNyjlMq9/nr9VUdh/EXk7Kse1cih6nb/iRp3EBvYB4U
H9OLQZlYu3jatpKjViwFnXgg0X3kowOiWmmvNxalCdJ8ogD3rPYOkzEEu1CmTI0WGZ9R
hnl0F7Hk3HCQKQ/KzuhumP5rcnfZMwTIOVW2BS1P6RomWT9FhBiCI67e0GPPdwdsCHd/
efJoMEUagJzTThcTxdgMUBPxIgiCGF7kEkwYoeV3BykTGH7ZBUMzqBL1B/WcpJwYCOqg
aBAk8abwRYLoZMbXppiZF0CtEE3rMRNeqj0d1jmIHU1dmU71omNJuQSix2V0l0yOXwMx
nm7L6Oa82wZkfy1Di/LKptWSFfPZWNhgmo9E9M4G0cm79YGWFwPVo343YsMAL3fn5Ek3
oy+fAjU3mMQrtjijDT3UyvSGOJ6hkeL1Dry6hlGt2ogp/Tind660WilebYjnOtdD8Bcm
h3nkU/1Q+E/uiMKRVvoOy7qMeEja2D58lGPUPir69mL8rc1pSzOzaoPqOcHLoCzWdN0u
tjeU5NOmE0WaKAg7AFwqhXB+pZj6YWBTGMdDFehRHwVKegUSu3j2fMr5rKnGTbBCtV0t
Z5RWClU0Axwb8GSiwnkkJjisWDV5nyu1cp6NNx4SV+q6cb2EsX/B9Aebh72jOBh8OQ+S
JWC2Ak+H0ad/0Su4qTwJp6E83k9kIZnjX+oJZIY5/GbUaA2UqZkOO86B+0Q7doI5DBp1
NsWbZWRxfrPfrYiHst6Qm8+rApBqs+ExeSjPJ2uklVNzCwJkrJTLXmFyiPXizbxT6beU
cIMk2pOFf2K8OXSgaJQv+42/7tl5juhMIKYP6aTZjp9eY55xoP41fxSJyogeE73bWqbq
z/jygX0oB+Xzv2+t96jd4YHFjAbRqSwYp+cMmNqXWfgSGIAZDprt5A2b6U5JArNw9FkP
Fj9yRqZEekJbI6qZtvJgvMqcs/uO5gk6v7zcZH05+6JX4yhIJTi3R1Ws5aLnjRxdD6hx
mk7UG5eowfgmYOabUlob0AT3Qd1qR5QD72g2yjnjMtWi2PXb5zE6GsL5pb0WLYHRBAO9
nDyB1QVGbZUvPnKfhTOdDISiL21iAPqtv+Agb53M8IUEcwvy8siRz07CB/3K2/kjyVlQ
XaXWoIROIkApirkSGRAMbr9HJwaB+ixHFBbQoBmGOS3J3xLO8jNCnOwGskuUg/uBhPyl
vf3KXxvgI+3mDo4C2AlZYFfqzF2w2X6K+8xFiMMBd1bXPmDkjYI7hFSSoEB1/KwUtz97
khDVjTz8rseeEh5m5hdy9LKf5dy3AHxJK9KxTthE/50i36CQQnDK3hMmH4BLiv01waO5
PcWnPlqnz2aoi/Nhdwq1Ipz2Dfpu6qXeQp+HU9ybtt6oJV3AE3xBc4EhZrvPVZ47CknU
zymAllbs8GjUD+nrDCSUQO3SYIPdxGQjF0HE5YX5XsahUaXQ20BLhj5lfo29/TJH9Mu+
q2IwX6uCrDzW+yCRWTKNvpYRpdmL+z39sVJhLWf1QTCP4UY+xOqayURug=",
"k": "MuSw3ep7ky0TI/amQG60QsspB4EF1fXhOEkWOzZHU4U="
},
{
"tcId": "id-MLKEM768-RSA2048-SHA3-256",
"ek": "/+mxLivC6sQTbdxajYhuYlV204eeposhbRMd6uKQOWchu5orB7wxXJY3VoQl7
GnA++OjhcQOwXZRRldl2UsWRaDJVCUWRukNR9wml7UAZuNlrWaOtFs9WrkgO/VP1xsWM
OkQsRC5nsdM7kmayIvPp2FFrwa+QpE6XTJvZnMeVdzG0xk2EmqCjrUef1O3WJg3VGGYF
bha2OyTMmA8HuyiTGwRP7V7MPgHAGnI1WVU//EeuTjMg9LJO5KBkLQPPXACe6JxA9FgF
UC2AURPolVtgCal5wqErjW0iSBnJlvNvzRyLved7iFfmHW0bJtj92k/znRkRjZQhVpxG
FIf0TG7Kqu1LGGYBqR4PKMQ4jQfwGypZ5LNEjK8mVcQhPoorJYTGfUN62rAQ8kfPjjKt
QIOV0lLfLWVPqJc8BO4I2gpaOwkCMZLCoK8S0e9FwYF9/oOfVgNKQkhZHaRjCkd6nsww
KWeJLIv1+Ei/mxamUFpy0QPwwdOA4o65uUB0deUNGKlznpwmeTD5hNTB7twNAAJOJnKI
Ounsworth, et al. Expires 28 September 2026 [Page 82]
Internet-Draft Composite ML-KEM March 2026
1S7PaIzOEAddrBXv1BzDfxtRnczp0eWEDcM6cyUDisL+9qpEkdtoNcBKaSH9ZRG6qBp0
6ICckdZVMIGtZcbg5VoVmMRCeyIHAZR0rpo7kO/PUAcnJVME4esXPKdjahuS3wWgZQQP
OqhxipI/XQGZtM9YsFkfFtXs9wWB0Y/CYinhlRcJsfBTIlvThgLMXMLgOvOGjyCYwSYT
tyAEeI3UjTBcuKrqdWQviumvEKgm9SaESY3JMmJN5IrBCxVbinIUvc/mXgXeLWFPiiva
5W44fRiRkAOxicUJiqgfLil80aeecBS4FJFbWAI+mqlYeactTVY/FebFEqdUAp59YpYE
GM28jgWKqUuiuqbasyhTphexbkBpyR8BSaNmyU9E7IqK+sq5ip2fjUAUJurRgtpM8K0Z
niypOjAcMVm7HKjzeZkk+iPGUshqNJLvjKn7qUEuba0cgB9ufw67hPP6dSXL+ybGjc2S
VaBJqoWAiiS8km9/9kMlNGTANycuNENuLurExCW1Ku5pEZgjMMTeggWNSxHZWzB9oUki
JMv0gJJoLwV0vq3xuADfcNCNkteT2m63pR3dRSGkOYQsXI2oYhhx9u03sk7QBOdCeslt
BXKXVRH6fIq2/G/u5g/attT1PpFhpxqrJc1Q7Si0dtXU2plxTt9nCA9CVhQXfWCQYVRR
VtUGeEoG3CNoiCnv3iBXRKdaJwPyMRjHoQASSqtzsDL84jP51O2l2xrabW5dnlpPMeKR
YWhiaqRn+dpl4kfT1A4w/HEBqlRNUcprXRY5SB8RUC7p9w457kkHNjIgmK0J1sa2gJHh
wV1ull+/DsuO/QpnuqIPVkPn7gbKaq5zmaOPbhy3Kprjiqh+qzNgyGljbFHzUEH0DeOk
maGPcQQW9QH1aAIckpUM1tSupBxHkRVLbx5TMCrN2ObvNiACmx7CfJjR1GXwqtm8Zw9x
nEHdPnK3Py+LkVParSY2PQnDepim4AN5+pj4unCA5G1VGOdTsWxA0An6dRYZBZcHrabg
kcl66gVWcWQ2qLA0jtUDY0wggEKAoIBAQDKwOC5Rffw2E81UhAMgxw1lgWPF6Nps3sUv
pwKreE0+bhcFur/7T6iUtqlS3wG96C+rfFgpaii84DD1jhaD0r9Yu7GZVPiKwstSDwQS
RYs3J8CX+0Kd3NIb/s9pU0VA1EZ4Qhh5V0Y7JrJZxxeY5qWq6qvMNHqJzj2C0j1ZsmZK
zFMm2IeEuhVkzCc4/NMvZV0aH3030JjqzrWboyOk7dncsh0pfml0i5mQIWktpsq/B4YW
rbSPpLjvXDBSaROndEkyqxd8I+QQctdgx9nKuvGC9/cwyy2LYTP7MnCUFQxigjZpssuZ
3mewOOMTpZz6ePXzPw+A19cOPms8ALswdDRAgMBAAE=",
"x5c": "MIITqTCCBqagAwIBAgIUT2ts/4VsBk4fxyrx8g+FE14E0DAwCwYJYIZIAWUD
BAMSMD0xDTALBgNVBAoMBElFVEYxDjAMBgNVBAsMBUxBTVBTMRwwGgYDVQQDDBNDb21w
b3NpdGUgTUwtS0VNIENBMB4XDTI2MDExNDEyMTUzNloXDTM2MDExNTEyMTUzNlowRjEN
MAsGA1UECgwESUVURjEOMAwGA1UECwwFTEFNUFMxJTAjBgNVBAMMHGlkLU1MS0VNNzY4
LVJTQTIwNDgtU0hBMy0yNTYwggW/MAoGCCsGAQUFBwY3A4IFrwD/6bEuK8LqxBNt3FqN
iG5iVXbTh56miyFtEx3q4pA5ZyG7misHvDFcljdWhCXsacD746OFxA7BdlFGV2XZSxZF
oMlUJRZG6Q1H3CaXtQBm42WtZo60Wz1auSA79U/XGxYw6RCxELmex0zuSZrIi8+nYUWv
Br5CkTpdMm9mcx5V3MbTGTYSaoKOtR5/U7dYmDdUYZgVuFrY7JMyYDwe7KJMbBE/tXsw
+AcAacjVZVT/8R65OMyD0sk7koGQtA89cAJ7onED0WAVQLYBRE+iVW2AJqXnCoSuNbSJ
IGcmW82/NHIu953uIV+YdbRsm2P3aT/OdGRGNlCFWnEYUh/RMbsqq7UsYZgGpHg8oxDi
NB/AbKlnks0SMryZVxCE+iislhMZ9Q3rasBDyR8+OMq1Ag5XSUt8tZU+olzwE7gjaClo
7CQIxksKgrxLR70XBgX3+g59WA0pCSFkdpGMKR3qezDApZ4ksi/X4SL+bFqZQWnLRA/D
B04Dijrm5QHR15Q0YqXOenCZ5MPmE1MHu3A0AAk4mcojVLs9ojM4QB12sFe/UHMN/G1G
dzOnR5YQNwzpzJQOKwv72qkSR22g1wEppIf1lEbqoGnTogJyR1lUwga1lxuDlWhWYxEJ
7IgcBlHSumjuQ789QByclUwTh6xc8p2NqG5LfBaBlBA86qHGKkj9dAZm0z1iwWR8W1ez
3BYHRj8JiKeGVFwmx8FMiW9OGAsxcwuA684aPIJjBJhO3IAR4jdSNMFy4qup1ZC+K6a8
QqCb1JoRJjckyYk3kisELFVuKchS9z+ZeBd4tYU+KK9rlbjh9GJGQA7GJxQmKqB8uKXz
Rp55wFLgUkVtYAj6aqVh5py1NVj8V5sUSp1QCnn1ilgQYzbyOBYqpS6K6ptqzKFOmF7F
uQGnJHwFJo2bJT0Tsior6yrmKnZ+NQBQm6tGC2kzwrRmeLKk6MBwxWbscqPN5mST6I8Z
SyGo0ku+MqfupQS5trRyAH25/DruE8/p1Jcv7JsaNzZJVoEmqhYCKJLySb3/2QyU0ZMA
3Jy40Q24u6sTEJbUq7mkRmCMwxN6CBY1LEdlbMH2hSSIky/SAkmgvBXS+rfG4AN9w0I2
S15PabrelHd1FIaQ5hCxcjahiGHH27TeyTtAE50J6yW0FcpdVEfp8irb8b+7mD9q21PU
+kWGnGqslzVDtKLR21dTamXFO32cID0JWFBd9YJBhVFFW1QZ4SgbcI2iIKe/eIFdEp1o
nA/IxGMehABJKq3OwMvziM/nU7aXbGtptbl2eWk8x4pFhaGJqpGf52mXiR9PUDjD8cQG
qVE1RymtdFjlIHxFQLun3DjnuSQc2MiCYrQnWxraAkeHBXW6WX78Oy479Cme6og9WQ+f
uBspqrnOZo49uHLcqmuOKqH6rM2DIaWNsUfNQQfQN46SZoY9xBBb1AfVoAhySlQzW1K6
kHEeRFUtvHlMwKs3Y5u82IAKbHsJ8mNHUZfCq2bxnD3GcQd0+crc/L4uRU9qtJjY9CcN
Ounsworth, et al. Expires 28 September 2026 [Page 83]
Internet-Draft Composite ML-KEM March 2026
6mKbgA3n6mPi6cIDkbVUY51OxbEDQCfp1FhkFlwetpuCRyXrqBVZxZDaosDSO1QNjTCC
AQoCggEBAMrA4LlF9/DYTzVSEAyDHDWWBY8Xo2mzexS+nAqt4TT5uFwW6v/tPqJS2qVL
fAb3oL6t8WClqKLzgMPWOFoPSv1i7sZlU+IrCy1IPBBJFizcnwJf7Qp3c0hv+z2lTRUD
URnhCGHlXRjsmslnHF5jmparqq8w0eonOPYLSPVmyZkrMUybYh4S6FWTMJzj80y9lXRo
ffTfQmOrOtZujI6Tt2dyyHSl+aXSLmZAhaS2myr8HhhattI+kuO9cMFJpE6d0STKrF3w
j5BBy12DH2cq68YL39zDLLYthM/sycJQVDGKCNmmyy5neZ7A44xOlnPp49fM/D4DX1w4
+azwAuzB0NECAwEAAaMSMBAwDgYDVR0PAQH/BAQDAgUgMAsGCWCGSAFlAwQDEgOCDO4A
KqYCnb1g5jFL+OQdywOFOS4nznpSRv/oQcwDFN+mTjpHNqSF/hl6JMjYTL04oimLf/39
pSwfQ2QANDhd1zFH6br88GqB0za5R6ytknZEBdBZr8L04vz6I9zivJ/RvDzOmZmAeKk+
SphZ7XMiUdj75XAS0lb+jMIykN2U5ML6Q31fQl/rEvaRcJ3CT2Z8Zz3FxEYYnangDCnj
mFrQnojb+tNfAeJ6czGM4a+bjHmEH7c3F0m+KLUei8fa6HCYnRjgYrrlHsSFJozCBDtM
/2kkEkBLSWALxvvXB1FzUNQqTeflZW3pyKkseFmIj+O8IWv7aowhoayE9dBPgaA6B/My
0VdL6yoIMAEe4RB90HchxcLE28oYKBXvRU3MHEt8XY3JmUtK3H9+7zjvzmOMwGEg+52J
KFc8/I78cJGZ3f5vF7S481acS/FxorWBVKJLACPeaKZWvceCD5JPVJWNBuJ7wvJB+2t+
yrTlBGL+TqUXT2gby9XVqzIG/WBkh4WiE/gBzcoHL/adsmCxjqIVrpkKT7KsFNBW+0Y+
uxITGk4oVb03ihzPejAoSJN/BonAj+yMQEjgx8ru3Z+i//VZ8lsY69/EJGKt5AaNPy1m
LfJ8Qbqc6bNeVHKlBafZvg/z2f4BLzXlLVJUiDrumXLXOfbV3JdhJITsiJim4Yy+aBlX
bx26PzU/bFb8S/o4RVED2fLCIRckMf3V5AiKgSttZJAnBuLrnAkhhPw/OseurdOt4NMh
m2FtxaMLxRqyn0pNfOTwTLKMnuXqj7mqeqfoF4q/3L9FBXXBU5er9gtiUAA46EpcHhO7
DAxxPRfaFQMFvLq3U81uMxQiqW1r1h4MguWSK5pLV4wwF8aJE5y3iJ92GVcc3m6Jumb/
nxQkpu2eWMs6wMXhEd/rPk+S+tJbIeW5WQeFOMFwOOGWtnnH/qJxXz6A3TCckCQuxha7
vhV7Ncs+2Zv1z6o/vj0e+yUPNE6mTvVqnyykGaflAVo+6/NYMLcl+ouQY3GCNCQzLA8n
q7evicitOQQvtEtvpUTyfiI8SAp7W7EZziXA7eSAUOJQR9rX3OxuAxNFXiyi/vkg7HWY
uvlgtYe1xf3jSCfBKFlAkbo68yaUMWfmrIJZbu5NEtDKz/a+snJXf6i68Nru8WDsoq7g
EpqWoI47ZiuR2FmhRj9+nLu2dFvlBRr7l/hC8ew5DmFrjU7/ubdMiRb0U526ERuYixc0
YDBrNKe6BjzGgX6LNd8jtbU2t+bcuC/GksiqbHFbJQVWsMz0Kziti5A1wlfwMePZu1qZ
otGPZM/Q3JR4nKqcSP5ilSKFbKWXexySO+uBTsaQ8yHgF9I01m1u1+Jv5ZN7YflMCAaj
+OhEzu+BDjW2y5aT/8hz6M6ITu1uLVBJ1jcq0HtvN6eBuKsV20h/Ux0cdDpaQ8IEAM6R
idc+66xQlAOvHVi2rRLDtDYzhGqs/+7kbYzhIOMCQIpQwqlkfxbsqwXEwPT/swoeWmvZ
PfFFlBRxBNYSk5WhJvrEw/9I68M+KfEGsicQKO1pdhPZykP4x0Y/29FhYPvTwUp5R2aE
ExYmOhTJyW93uUS16exhyb7VxZmpwyNKRekxQcuq9btmTTE15k8BbbkGOM3cO9HzEgzJ
iRHlKYXbA84NeaXkdqtU2weXI3rA/UqsAQgS/BWqHnluJsn8tEucbPeee39Zz54wiWld
cxx3V12zDqFxoVC2V56Q6t3XJuMpFWu/p3ANTRWgCRcI2w8dGB3qtpyDUJzJ/upZgWUT
hkKJmEFXQZv8VKL9TmlUG9+YLneymkQlgSin1MLy5TTHGUUgFGQRIF84hJpQJZ4ocxGp
gg6X2AyNPJacA4g/0EECJwn4d2XCl3phidAj6xTnfXU9NVKwdPYygRatCN8RoqTfF37j
DN13pyGvUycXJ2s3erYdbfyxrBguDDn7C2oWFZcYSnbUTEJEgb09SuX+SNaZChFW6bS0
xZdmH9YZIxmHVxlWX/APSxXalqMXP1315VkWZZDHg5WBMXwfiZQo2KYLn0qoKZQ10bwp
cxznob/3Nzs0f36wzBztK3RHtxx9abLZ9YdvRf2VZuBW8ULOu4TaiHfnxnIr/I4wHFOg
xC2UQm3iXqAHTrSZ/bzHwC/WiEp7Edm1Z/dn8awRsfts1m/mKlnbXJ7TUqWDvULyfkU3
8aqgo98LH2fsxdQfh06OLOuTNbT6mrw3Y9Bi5a3/ohtcbSSAOBoC1Xc2aENK/Anw7G+E
s6a6yf84cGTuqAH7idhDIfP7yRv/r/nEHQPkx+oXDqbJaDxMWyBXHSyUGdYxkn4g1KJE
nadn/YbkhB8pIWTtf2u77Lt3gU3g/venCD+/OBitqcRWsJZc+YJRt2OlAkpWTq/zm6Z8
3IFvWn8xlAAIu2jrKD9yubUclD9No/C+8uIiIiU/UFv8k1qQ+rEkgteznkBwM48jSp97
3UoiA7d4EqsL84rPIk6xoY4g4JXOkvNw6ILIQFzCcs7UKCeMegtpEVPzRZIdp1uLl14S
RM4EqW+wIMK2r61+EIyLgKl260Dvq1FaxR10KgDNA1jYbwukdegjlZtmqUpnBD8aY7i2
tEP1q4pYkj9NmdbVh56EqiZ0vHqXMisr0zXOatVZ1D7epjprRvAyGAMm0gduPWPzBymW
yIlK5WKxIwZy+sDfb9W4SNGNPJ4oZ06+SyyTNttifB2fhrgZ3bDg/YVWZGUJKvLzXmdo
NrMSEV6M6fVG58bkvxlaabC74fIOVsWT5RacICR6/YOML01VNy+Hu1/Fobpd4sFsGV98
Ounsworth, et al. Expires 28 September 2026 [Page 84]
Internet-Draft Composite ML-KEM March 2026
RO7dSpJqraASTIBeDt92/r676ZCh67ItVrKO6B9xyZRbqVrO8wctA5/BeZskyCWEg8XS
4GzK95AbyE1ai2rqYCVw9/60GxKFvCkttn7vTqT6pWWFVP3HjNHqI4mOoyqia4Vt2oaC
jqTBQ3lJYC2XCYnOWocICbXerGquziodOVrT7m4kyzgDXJJKEYXMNlEf4b9vEZwsfwkV
zSvfup/5vLOdX5A+5uLC3c4bysNo+k+ZhXezWUr+F8JLowvfqW+XN/zYyIAlO5DV720X
/uJpDTCLO/vfsEcNyiuSw0c8HvrTLuiy40Oo0LivbbKM1hYprwEU1zYsFEtJ6B5qq4bQ
hEB7Ocw/CEMa5ndrjI+RuFOJGpHb9FFf70jFMj4IsodE3+jt7MtuA+IY1yhPgiUd8632
p9O7oPeMUQnbPtjiIsdWvnEhcXt74wgs7Cva14HVMW/Tv/dllgLjhvRaYT8XTA0IE1w8
/9qTn69apkOQfbG5FUlZghJmiU8uYEhk9JlCsrrFqFXkZiQlMvplKWJ+1SV/0mXrpgEf
n2h6KeSVMVjNsNAhU/1kC6D8voxwwL7zFYXa9r2KfAA8R+RMieq86F4hwd2EbSiaSV/1
A8BSkhqrIHhqIvIIHaJMZIieF7p/pRvDmfZxeYWsuzRmeaXkV+j8Zkhtis4un4Ukkaef
dc+c7iEi8fWHYiuDfqqZDK8gf2FY0HRLGQzsxo6hQQFRWaGkiOComJQlHWWeIXq5Pq82
33CtcoODJf5gYylXJ/TGWAT8ntvjfNnjTSqvLq2JtqlRZhu1Xm28L8MOoKVD2jr0n/Ob
v67nwVDWO+SXM5j6Ywr+W4ahWi8P62/FPZAcJUWX59DSrM5MI0XNGraa43yskf12SoE/
U6Z/JiblfDQPYQVabFo9x8MEg1eIBFTBK3te82wvXDsk0N1E9+LSe6rZs9Gojg0lkS2O
iXWcjadF4Fm4rezSthmprD7uY5/ggVBNkQrfHdzisuJO5N1onykfL1MW3A/RmYEGEVSz
Px13nJKteTO9Od60c44rrVEO4Cn3O/BkJQFkWSKh1/ftcMPEWIvUJI9SlJrDSW3hWt99
xqTAUcjdcB1rFaFrcTYefuGitgDfUXMCLobU+42RDIs2qrm1QFpdcwtrfFLReBQ1u7Ba
eAx51VuD2v9yHxUSQ52oHZeiia9wu/QWCwPZVCyrRhtFrgqgAhmUrMTldP3RJmqC1Ael
I9IIuNT/nCM3iemFZn1HbOOhQywqnFm1oZcdRwf4Im1OIxk6c4ImhKuA3zaezbCksD3l
hQ7kMpZKUi3HU8o1q+3JXLiI+a6UI5SB50edbBIgdr83+uenJ3zlf/RBKzM/AMJtNhzP
xRsxBjhPUG0ALusREhDemMo9hPkA9VW7RCwLRmryX2G9CB5kRoj26kOiack+O6WMtNWI
w1xbFVEQoD7KWtnWT/z6xT1kIFY2aYIwlIn/qKnypWVUByJpFxnmaJBpo+sqThCyiGg6
lngpZjI7+WBTjmiTGTQROYD7LC4FjX4SRwO9vtrqPuS4oG0bHTdJhI2Ty+Xn6/eP0OXv
Aml2hZ+os/dAY2Z2scfNQUp3jI6dudLa7fP7M0BRdsLQAAAAAAAADBAYHysx",
"dk": "aG99T4ZrOaO10y8o6mOFJkAxBRwH2+NIh04PdBxUpDGhtDKJphtBCfe5CQlG9
50NxWcayyeSxLV4BClbh0c7pjCCBKMCAQACggEBAMrA4LlF9/DYTzVSEAyDHDWWBY8Xo
2mzexS+nAqt4TT5uFwW6v/tPqJS2qVLfAb3oL6t8WClqKLzgMPWOFoPSv1i7sZlU+IrC
y1IPBBJFizcnwJf7Qp3c0hv+z2lTRUDURnhCGHlXRjsmslnHF5jmparqq8w0eonOPYLS
PVmyZkrMUybYh4S6FWTMJzj80y9lXRoffTfQmOrOtZujI6Tt2dyyHSl+aXSLmZAhaS2m
yr8HhhattI+kuO9cMFJpE6d0STKrF3wj5BBy12DH2cq68YL39zDLLYthM/sycJQVDGKC
Nmmyy5neZ7A44xOlnPp49fM/D4DX1w4+azwAuzB0NECAwEAAQKCAQAhiGriWY8bNztKb
0sWNqz4s9oxg1BUkAmgMbIvFfj0QQTbvjKZp0w/noJo6iYWJOhiAPS17lAIu0slmI1zX
6ogZDdneqS3+DR+Bb9hViUjwE1QIDtdCsp3RYYA+RDZk9Xa+NvhDQUrtR4Yh0Qq3EBaA
QRWuzVMi7YhA1bKt3hKK443CMvb0gc4isVDPDho/Mt/QNcpjifh3UPBSejRIYTrqDO0G
EA6YWeDZN9grO/21TuPWV8o98l6Tk/4OfezxKw3e+3OqbQyWHhUCoRdM8jctfui1ZFDW
KBkAoYeqKOssV48rTJfBgF2FcsdkmQodfCXlf6GgQrfib+xsDK4fXD9AoGBAOlQFCKWl
TC4CJlhlFlKCSNSg2eooM+Z6TjvrfAY7nZeD2DL8Di0kXSqoENKz3zS368sVhfkiEbhM
aqIzIIbIg9CMpxf8sr3v4IW3oFKi3rLwbOax0DFF1/Ry0IEuXk9irETzOteat0CDFgIR
Hnw5OhGnX5MF45Y9WJ3C7nV7q8XAoGBAN54E3MY6Y7WJ6hm8kUe/rDQhX5Z6VdFriE00
bVaN3NpHGA2U7rJZMUNB5JPaKaCgGCMV2o6VNxE3xfzhkaOW7UgotllYXDkEnXzLeDXK
FUGgQ3LWA4GcK4bLwNm/Ho6VQItvPzhqwW2QR33Bo0myYisu/7LmULdCOS3QJmosDBXA
oGAck7+nneifq0b4XISibChS4IIyYevyibBQlkDokfExY+N/0HL3yxwu3VBcda8U47Jc
vzI7YnVTszUVZYShIggptMrErxbqx+431avCy9nqPEdZQ6nIs+thQ+3gw/ng0QoqFtoI
cUvnDp9q7/ZNNlWfYrjbNaBEAf7qZNj1le/Sl8CgYBmGRtr/inqKLSIn75eJIxknz40r
5TcPZldmf0ISsAaEko4iZZBqf26RXGNHy57BHdgV+giU2Twthbgyh18sga6iKDUPqfKh
JFIWnNatcPHybVenEzsGt6JuOYJnLEQc0biOhV6xSKU+4DE/MKf8wYY2JVqqQvMWN6lA
Mj//B/n/wKBgQCJIJezxHEm7Z9SOmuS4gqQg5ipiu7vVVhDbc4D8erysbZsBJL2akPsS
nCaxeJMWMOaJa30wgnmBssCBlG8vIpmTNH60kHxbUDfJwXeunu1Eyul65S6uftVy90lp
Ounsworth, et al. Expires 28 September 2026 [Page 85]
Internet-Draft Composite ML-KEM March 2026
3Xc6dG4V0wlflwxF8Zzna0WOfVwVBharVlzxkoks95wfZwawg==",
"dk_pkcs8": "MIIE+gIBADAKBggrBgEFBQcGNwSCBOdob31Phms5o7XTLyjqY4UmQDE
FHAfb40iHTg90HFSkMaG0MommG0EJ97kJCUb3nQ3FZxrLJ5LEtXgEKVuHRzumMIIEowI
BAAKCAQEAysDguUX38NhPNVIQDIMcNZYFjxejabN7FL6cCq3hNPm4XBbq/+0+olLapUt
8Bvegvq3xYKWoovOAw9Y4Wg9K/WLuxmVT4isLLUg8EEkWLNyfAl/tCndzSG/7PaVNFQN
RGeEIYeVdGOyayWccXmOalquqrzDR6ic49gtI9WbJmSsxTJtiHhLoVZMwnOPzTL2VdGh
99N9CY6s61m6MjpO3Z3LIdKX5pdIuZkCFpLabKvweGFq20j6S471wwUmkTp3RJMqsXfC
PkEHLXYMfZyrrxgvf3MMsti2Ez+zJwlBUMYoI2abLLmd5nsDjjE6Wc+nj18z8PgNfXDj
5rPAC7MHQ0QIDAQABAoIBACGIauJZjxs3O0pvSxY2rPiz2jGDUFSQCaAxsi8V+PRBBNu
+MpmnTD+egmjqJhYk6GIA9LXuUAi7SyWYjXNfqiBkN2d6pLf4NH4Fv2FWJSPATVAgO10
KyndFhgD5ENmT1dr42+ENBSu1HhiHRCrcQFoBBFa7NUyLtiEDVsq3eEorjjcIy9vSBzi
KxUM8OGj8y39A1ymOJ+HdQ8FJ6NEhhOuoM7QYQDphZ4Nk32Cs7/bVO49ZXyj3yXpOT/g
597PErDd77c6ptDJYeFQKhF0zyNy1+6LVkUNYoGQChh6oo6yxXjytMl8GAXYVyx2SZCh
18JeV/oaBCt+Jv7GwMrh9cP0CgYEA6VAUIpaVMLgImWGUWUoJI1KDZ6igz5npOO+t8Bj
udl4PYMvwOLSRdKqgQ0rPfNLfryxWF+SIRuExqojMghsiD0IynF/yyve/ghbegUqLesv
Bs5rHQMUXX9HLQgS5eT2KsRPM615q3QIMWAhEefDk6EadfkwXjlj1YncLudXurxcCgYE
A3ngTcxjpjtYnqGbyRR7+sNCFflnpV0WuITTRtVo3c2kcYDZTuslkxQ0Hkk9opoKAYIx
XajpU3ETfF/OGRo5btSCi2WVhcOQSdfMt4NcoVQaBDctYDgZwrhsvA2b8ejpVAi28/OG
rBbZBHfcGjSbJiKy7/suZQt0I5LdAmaiwMFcCgYByTv6ed6J+rRvhchKJsKFLggjJh6/
KJsFCWQOiR8TFj43/QcvfLHC7dUFx1rxTjsly/MjtidVOzNRVlhKEiCCm0ysSvFurH7j
fVq8LL2eo8R1lDqciz62FD7eDD+eDRCioW2ghxS+cOn2rv9k02VZ9iuNs1oEQB/upk2P
WV79KXwKBgGYZG2v+KeootIifvl4kjGSfPjSvlNw9mV2Z/QhKwBoSSjiJlkGp/bpFcY0
fLnsEd2BX6CJTZPC2FuDKHXyyBrqIoNQ+p8qEkUhac1q1w8fJtV6cTOwa3om45gmcsRB
zRuI6FXrFIpT7gMT8wp/zBhjYlWqpC8xY3qUAyP/8H+f/AoGBAIkgl7PEcSbtn1I6a5L
iCpCDmKmK7u9VWENtzgPx6vKxtmwEkvZqQ+xKcJrF4kxYw5olrfTCCeYGywIGUby8imZ
M0frSQfFtQN8nBd66e7UTK6XrlLq5+1XL3SWnddzp0bhXTCV+XDEXxnOdrRY59XBUGFq
tWXPGSiSz3nB9nBrC",
"c": "U4te+MSsI8fGYy2/muXfRQVRefvz56XKlw4egl62Hic2UEnXw7+WM/RvMYXDbN
ryvf2ay6dI0vpz5DNY+IwNyzGyUSMLPc536u7UtraJUAYm7VHBENAKJ7We85IM4tEm6N
VpmImxebY7bjCxaz1g9pv7hnsYYH8Y9ME4pCO0lJMBsy3Kwj5rQCjOVxu3b0/iSwmUM1
kpvZtkFWX5d6wGn/8YpjzmsfoKwkQQ/VqvFLkJka/gB2ZEPYrqwHwkJxRhfONxNzopPd
P27GdM3JleufB0pUMHwdfhoYBWAZyAqz2ky2NSTe3FukdTC5zCpKHJfESuIjRJXoXbcA
zjBTOKWebipPGwcBQuhCE8lhTPj14dg1T925j4AoAzqYxz9HIjGle/qUQlD5JCWL3A1Z
sbWBLc9S6ITqYCpXWtptrpos+EzlgHAx3z8IkbUpSk98NexQLoxKUsyIE+GkIsviQzXp
JSYD0EYFNBpCgSO0SyCjHntXMDunONAGvH+Rf4Fc+c/QTYgg5PMS3sGpi862cnrgqmes
Pw7e1ZsfXY8PwEuj1c1UBEbxR4ZOodGtq98YWZLvBqg4/yQVIa2GbQtxIEDNGcaH3+Mk
1TDfvlIY3Qt6bsLmdpwc216g25spYCKc6gaAWZTdfPN4ZsX51h72leuMq+Xy/b6P4y5G
DbqSiE8sXxTZ3oNkh8apc/EZlPjpDRON8j1Pl9HZfSnxv1d4D98ls6Q1SeA8FkbcFFat
zNKWR6ToWf4ASqM/AQ2FPoM0F7nopqttNgnl6pzv6Z0lDexuADwYwypU3xOaeKWYlr3O
Yv6bvaKagry7+194ladAlFooU8ktGBzwigiKO3OQGYNPunOrhgW95D2b/NUnbIZGacKP
DRiwPGYSC0PgOOfbmzvsS8x1tvlaBLammEi8MIR67biJ7b2vxAwBbxJsW43Z5cZ3vU/t
1Bza6HCRNRmOMlnwaRiy/tJJmVO7vBdcGnw2rNKJup89WKL4+CCGwP4VTVrrjDeB/MJv
J/iP5evHyn3mpuRc1UnPZa1MtizF+xSFxE6YIgOTLsFrhuLkQb9Y4KCAAjYAjxuGZaOf
U6gvFpaW4P97IScwFDBwO69uWp+LhaRuxRBoRBqL+kFc7GH58zs5dqkNl7nrXo2JP40f
BnAiHF/1uE2XpYQAb7PnP+AQwUmvAXhXeOB395lRD98wv/lrTk3veix9snv4ffPkCPRd
FzXjxmRgaI+ImlXudu2RZTNVJmNht0BWjJfrGttTxBOoo/3s4U+FpW/WnPJzPm9FHVy4
+vnM7tRKaWs5N+ez1o3VStZ5dQ/Fg+OUKr5ktqQ+mb3FXbBfUSSqmvVDEWps9H6/eLrb
A8sM2NAcfmlPdYlH11WELCV3rCdr4uUTvSCpdsofrubxQToPXzrFDZ/GwxofMOJ3xfSH
Ounsworth, et al. Expires 28 September 2026 [Page 86]
Internet-Draft Composite ML-KEM March 2026
P46Y1kobyAnsfclqVsHD4sxj3k9FFOa6YboKhgrzJumWKPHbq8h/ssWqKHhXc7y+0wzK
3ZEWV0tDNwUG6T5UDPrWARdM5DVFM/mlp4GdtaQydIozrnJCnEQvmFbXwC2dYqav18ev
6+VMP+xq/TBqRVy3fvpXGfeOZT1rXJg3dCf7t6lEdXVCQL2+p68IVEpakrC/qHEShq7r
TktcqxaXhJgKn7wKbrJaIw5GG/oQ7my0+oNDJGCtUNJfHPC6JXnMa98RwmtrqPztxA2I
Os9K/oozjqI6avee8KAjwr1rza6FlgdVOpJCG1H2l3ved5XCrt+scA1S7RM9nxmulImJ
19MRCi5hs01RYEsxJEBcUooay/7vL9",
"k": "Mp+uhOs8AWbIOnF3n+z7DTN7deFlw+jmeKlPIXq781Q="
},
{
"tcId": "id-MLKEM768-RSA3072-SHA3-256",
"ek": "xYekBzIosaST5scoyAABX9QmoyTJDueyDrRDr4EOTldUVpsSrmtXCZeQrbJmT
3R+YvQd61Sn/OR27JpiODwzMSZ3r8RdKsxlHwBw7VzEL3hwCsWOnrNqnPVcdwi9CElGA
YY2FiRCgscPnplq7YWWHdVNnnW7M0e7iEQiUGAAnJXDqixgFjkf7GJR8wBZKCGmEgzMT
rVWyvVbxaqGaQKxuPKYP8gMlSodmoYUV2E+M8CJKBOCG9F9EvMWfEwFZUwkXuHJsBYE5
tUjw3uQDGEO6gdh1chsZXmlH9kK9wLOFQxqw2kMP3ZVCtvAP4QB1oub7ic2jFOViGnD8
+BeD6RqcXh+e9MscXwYWCGbkMddn8LPwwKSxdmx4cLHEqWfAGAY8oGvC3Fh/6tFskNcQ
fpuPvxa7KOLbXNoigh4kqA4cIUZznyBKHDFlKFgQLdUySC7qryhWQxI6WCieoYyQrOyd
7iSzvQ7/QRPMmCs51cL6ws5MUo9KVNeIvkaR2UMtJcg2+ooGhA5NffETaS3J9lM5doXF
sSeq+ozucwRK4NY4sQ+NGvBmINhVUXFOpQm7+ZjDgJEqCWj77JQ9cyaJZRsdOrNsYtMJ
7d+DASidBFumlCL7quJ8aw3u7nH8CBrmnMgioCROTtvpZzOPWqQ3dpr+KZGxGML3wlfX
PNf6mOnp3tM/4yd/TSylacO80uZW2xKWcNfAkUjlSRImjiPFNmun/e2JeQBCep9vKRk4
mg1pVQbShNXdhccXDJOq5g6p6dUGPSlt/aZIqmJZdoeG+RskEeaCbUc9ZV+F1eaOCJd0
QVOpRE5HqLCQ8s2TBEzpdyu6UEyX5UxH+ecfRpdiDvFFPJC1cwFVOGESXOZMFihHYgMT
vFdXuCJ94ZUs2Z/PZuEqgdRnJmnJ2AcEZsc+rW0/XsfR+xbBgg7w2Fkr6UckwgbLDTB4
JGfm+oUpdlIwsKrzlXBmvq/gXyYIUYqV6C9WGY2XDWCCRJjlFARKKowZFhSCWS5hRZCq
kW9R5ybYlYWKPqo1IHA10MGfaZ3WjpuOFzMrKiLEycDVmYDRgKub2kNDCsQFFRZHPomK
1ejlzSYKbkcfimlWjEYAF2q+VkEuUCntyquaQNhNJSWyTxTMFkid/JNO3iFpcpZ3raJv
CnJ+GZZ5DFI87ymQ+acq2Zmu3mXA/CYl1dk/wmJGyinPGGI1nOPNtEnJClIwuWiwjmcw
cdpSZcsP5FB6bRJAwAYLwtHkWOyEtiiqLqZRVRhT9wefzqXAxtwyXGjr9dctKCgHrJix
lwFQPufgftTQaYv0vdEhacckaJaoQV8uCW9YvInzKuqytQ57bpsZqVDLtKxP8pOTmBAd
GUfezwujqdoPLpGdzyw5nQLHYoTcvkfvLUUOqlq0VaeNGiVF+FthIKVC8sW78MMvrtrq
bgtjlSJSVRz4no5r5jBK0ImkzYJirlh+zjKheUakHIq5hKek6gcUlicv8QfCzBGtDBHi
CNzD2ogkzENW2nJ/NHDr2rDTVXH8zyZjSQ4HKy8TPJ2JdPK5eCBaM22yvpVUsRWS7jqb
+bVhagod0EsVcVEFzHYu0AwggGKAoIBgQDf6ZyrXehEmj/3Jnu2p5Z5AD2ADDcAxKDYr
k+J+7qKpSvI4/Ao5mTBTaxo7CaEWWBA4L46ldMPkP5Ey+j9cxD1WxE2n7jSYYif/IKVZ
IgFZBAtGoE3hSys88/Wiz8RUGRw5OpoiLqk3TxgNI5K8ED7YWGxQjK3unUhmw1VP0ZDn
WOXuR/ePxIfPJ84mImEvac7KMZI6Ex4vALqzStrLjQhWRigQ/sYpccL+6iwAADa0BQJp
v5TyHAZNu/Al/xv7CZdouYUkEictaYA6llub1OfOeyfCD5zCpY4QvXjjtIH64im6X4nl
AMmnMmeTQ8pq8/ucE4AvrCtfSAYRt5mTyIerLkmuZ458AgV0vuR16tKjhfYn9GaoTgTO
D/bWMcXD6FPe12HwQmNs0APNakmeVtxI9UKpQFQhGGzdFbOLWHKyWETEwfItkgRi+B7L
wI+bbbxeXXWygZZG4ylGN0284ASgpAR17sP+FTh/XQapJHrfN/xsKokR7AFxM55FsVpP
LcCAwEAAQ==",
"x5c": "MIIUKTCCByagAwIBAgIUeZhX+5dJGYs/AiT/ed36IiXNvcQwCwYJYIZIAWUD
BAMSMD0xDTALBgNVBAoMBElFVEYxDjAMBgNVBAsMBUxBTVBTMRwwGgYDVQQDDBNDb21w
b3NpdGUgTUwtS0VNIENBMB4XDTI2MDExNDEyMTUzNloXDTM2MDExNTEyMTUzNlowRjEN
MAsGA1UECgwESUVURjEOMAwGA1UECwwFTEFNUFMxJTAjBgNVBAMMHGlkLU1MS0VNNzY4
LVJTQTMwNzItU0hBMy0yNTYwggY/MAoGCCsGAQUFBwY4A4IGLwDFh6QHMiixpJPmxyjI
AAFf1CajJMkO57IOtEOvgQ5OV1RWmxKua1cJl5CtsmZPdH5i9B3rVKf85HbsmmI4PDMx
Ounsworth, et al. Expires 28 September 2026 [Page 87]
Internet-Draft Composite ML-KEM March 2026
JnevxF0qzGUfAHDtXMQveHAKxY6es2qc9Vx3CL0ISUYBhjYWJEKCxw+emWrthZYd1U2e
dbszR7uIRCJQYACclcOqLGAWOR/sYlHzAFkoIaYSDMxOtVbK9VvFqoZpArG48pg/yAyV
Kh2ahhRXYT4zwIkoE4Ib0X0S8xZ8TAVlTCRe4cmwFgTm1SPDe5AMYQ7qB2HVyGxleaUf
2Qr3As4VDGrDaQw/dlUK28A/hAHWi5vuJzaMU5WIacPz4F4PpGpxeH570yxxfBhYIZuQ
x12fws/DApLF2bHhwscSpZ8AYBjyga8LcWH/q0WyQ1xB+m4+/Frso4ttc2iKCHiSoDhw
hRnOfIEocMWUoWBAt1TJILuqvKFZDEjpYKJ6hjJCs7J3uJLO9Dv9BE8yYKznVwvrCzkx
Sj0pU14i+RpHZQy0lyDb6igaEDk198RNpLcn2Uzl2hcWxJ6r6jO5zBErg1jixD40a8GY
g2FVRcU6lCbv5mMOAkSoJaPvslD1zJollGx06s2xi0wnt34MBKJ0EW6aUIvuq4nxrDe7
ucfwIGuacyCKgJE5O2+lnM49apDd2mv4pkbEYwvfCV9c81/qY6ene0z/jJ39NLKVpw7z
S5lbbEpZw18CRSOVJEiaOI8U2a6f97Yl5AEJ6n28pGTiaDWlVBtKE1d2FxxcMk6rmDqn
p1QY9KW39pkiqYll2h4b5GyQR5oJtRz1lX4XV5o4Il3RBU6lETkeosJDyzZMETOl3K7p
QTJflTEf55x9Gl2IO8UU8kLVzAVU4YRJc5kwWKEdiAxO8V1e4In3hlSzZn89m4SqB1Gc
macnYBwRmxz6tbT9ex9H7FsGCDvDYWSvpRyTCBssNMHgkZ+b6hSl2UjCwqvOVcGa+r+B
fJghRipXoL1YZjZcNYIJEmOUUBEoqjBkWFIJZLmFFkKqRb1HnJtiVhYo+qjUgcDXQwZ9
pndaOm44XMysqIsTJwNWZgNGAq5vaQ0MKxAUVFkc+iYrV6OXNJgpuRx+KaVaMRgAXar5
WQS5QKe3Kq5pA2E0lJbJPFMwWSJ38k07eIWlylnetom8Kcn4ZlnkMUjzvKZD5pyrZma7
eZcD8JiXV2T/CYkbKKc8YYjWc4820SckKUjC5aLCOZzBx2lJlyw/kUHptEkDABgvC0eR
Y7IS2KKouplFVGFP3B5/OpcDG3DJcaOv11y0oKAesmLGXAVA+5+B+1NBpi/S90SFpxyR
olqhBXy4Jb1i8ifMq6rK1DntumxmpUMu0rE/yk5OYEB0ZR97PC6Op2g8ukZ3PLDmdAsd
ihNy+R+8tRQ6qWrRVp40aJUX4W2EgpULyxbvwwy+u2upuC2OVIlJVHPiejmvmMErQiaT
NgmKuWH7OMqF5RqQcirmEp6TqBxSWJy/xB8LMEa0MEeII3MPaiCTMQ1bacn80cOvasNN
VcfzPJmNJDgcrLxM8nYl08rl4IFozbbK+lVSxFZLuOpv5tWFqCh3QSxVxUQXMdi7QDCC
AYoCggGBAN/pnKtd6ESaP/cme7anlnkAPYAMNwDEoNiuT4n7uoqlK8jj8CjmZMFNrGjs
JoRZYEDgvjqV0w+Q/kTL6P1zEPVbETafuNJhiJ/8gpVkiAVkEC0agTeFLKzzz9aLPxFQ
ZHDk6miIuqTdPGA0jkrwQPthYbFCMre6dSGbDVU/RkOdY5e5H94/Eh88nziYiYS9pzso
xkjoTHi8AurNK2suNCFZGKBD+xilxwv7qLAAANrQFAmm/lPIcBk278CX/G/sJl2i5hSQ
SJy1pgDqWW5vU5857J8IPnMKljhC9eOO0gfriKbpfieUAyacyZ5NDymrz+5wTgC+sK19
IBhG3mZPIh6suSa5njnwCBXS+5HXq0qOF9if0ZqhOBM4P9tYxxcPoU97XYfBCY2zQA81
qSZ5W3Ej1QqlAVCEYbN0Vs4tYcrJYRMTB8i2SBGL4HsvAj5ttvF5ddbKBlkbjKUY3Tbz
gBKCkBHXuw/4VOH9dBqkket83/GwqiRHsAXEznkWxWk8twIDAQABoxIwEDAOBgNVHQ8B
Af8EBAMCBSAwCwYJYIZIAWUDBAMSA4IM7gC+VRULlik3YdQMfMIUeWsOo0vUSiR3Eobx
9pQsz0Qzebykssha9W6EVdOBdbQuIN4zmb1WhLlevza7nG5piVMsjAhSPxiWJrPAo5qz
uqqt5QjEhmmfQqDjNB5HdSwPkJyT+2LTJTjATYqhQOk4YHFMJaWekspGjjcVMDJ3HbQx
YlvpXuV/kkl8n2Mi+IQknBH8UtWfl46nS3M8wQawJehL5Q6JUzxmXghGzUA3EAZXXwaO
K+FLAxzub2CIYWNxBi47GXAgeu02S64BkqmQ6rlmpeGizD0Cp8M752rrp6YzixMPeHUy
BLNxG6m1OAgkp8/S2SbTdDOcGWnWTIHakj1RWhC0Wp01kDIT/FoWvGIYKK8MepUMbVBN
gVFz/ly4vk+LTi1TCiW1bqsKtHMKD2PtuPJsMah1Hx4zqlaDQNve96zw/81Sm2aegiJI
JcYiZj6CzSRAwnHTUtK49jHTMCF/7XNOaByfSUNK1deYmXZBeLpPbzWxFp3pMUpLzwFd
F5+KIjmbhZFSkm2ixQmrOcp5pVsgasYAFhWi6jZW9cnj2BlCqhbIh7oQER3SoZjebXHd
CNLMELY/nm2X/fqYiV1kwUSJzDb4BTAuZ0kJuEeRv+0zSMLiDIPAAN4pFdnltTmTWsSR
GbigPBu9UtcvnIJVXwT/850/f6jAe8dFWjae1Jh2ZgTHPNqlm2iBghJrnh71i2amzCOH
bqNHYOH44s1TrAQUi/6wjOi+VogKAa35OZRD23BoZ+I1LJohmNfXysQhcTlCR8c/n2x2
9MK8Ff8n9Etc6AB4hPUa5juaNKvYuS2Dtjd9bwlvJAEnPaMGKzZzNfj3flT9Fa5H6dK5
xDuT5bdkwReDQ3LC/472hjUz2w/NNqzkRZZgmC3OS1HAyNbGEN8G0oNxeUmV7DLOKPI6
QmeKjDBFM2L3teYC/5USU3H1xVIjyO8zw6Ht6pMKaq0fQOzm/phVTM1lk9pkAM7qfDck
Egr8rgZvzEqhhIkMll8ExDxH1zaLS3P+5rY8gjwDv6CNiHRJzSNPqoL4FHpqVPzGnG+T
Scoc2iaoKSGNO7Qw5tIISMCNcfG6KSiHGMwcd97xS1yMp5Fk5/1pSuD6G4JY+NEYskQX
aVFD33Oi459TC50AvCRtNFtueru4yrU6jrK3MT1U+N8/x85wkt7VrQvaOJj1ZXxDv3T8
Ounsworth, et al. Expires 28 September 2026 [Page 88]
Internet-Draft Composite ML-KEM March 2026
vP/XJwoM5I07nVi8zcgWRwdhloLhgrONKMc1xgrlKms42oPoh1pqlej/pzhL6k+MimJh
Jhz0ard1rUNaDR8Ng4Ris4j3pV0IZuxiopwUMILme492ky3u7Ia0e4imHCFZelDjJJj9
tHGBx8sLyBTAiuL0CJFuYT4yTjWLMbCmDKoCcBiUF80bEiuEftzw/WkDUnSw/N5LyFEC
/w3D0dxcdyx6i5ME8kluSYdVaI4AiFEgANn344LtCdDw81um+AjlRIrKu9gvDBuNznxO
yagFJ/UvitJOqE7naVRflwXruuLOfcsipN9ACwab0lhb6IZY+l6u9nNwyY9vDwanjJc7
M2/xwgvHHBtpKLsw2aJRtY9077PLH3kg6GlbQcz8sar/F7LFRpRhtDchiZX/TlL/GoLt
50Yvp+Rn8cbty7pms/9IGxCsh2u3O2cL1N2m/i/epdLGTot6cQ4K4WZVHj113EN4/CGM
z4bGlksjlaoWuHqc8FV41Y8jVrBUF407HJnMwhvLyz6Ry1f0Aw1SpDmWzu06Jwc4s40P
VlV4JrnJI50kQ5T8tgpqpw3fUFi8BHf8i6AXMp5H/PzSIz9LxBn52pAwDJwdJXrbyw1D
rzMajhVPcHuRigaDpKGXJFeO/gDSp+sK/kP1NsEWkv6+Ncj3ycaiSO9Xc98wWqtRPhKQ
bx5w5FAKuhq8e24MlG9qDTSZhR00NSomdQNrQNxQDZP2mdFPfzNAWv4PYsSX06XmmaJ0
6tVNboSmJC/sobrDQUin/JOwGNA7Hm7tQSNRRVzmnm6hE0Ml73AgR5CtN9B3I8KHImJc
smNUOc1PLHH8Qc12gGR0WTo8dzDRJ/QacZcu1j6IaQUiOVHf8aQ29K8RyJggeiUwmBL6
h5R8u0LtmVbQY2feWBDqPC2ZWdrmyV3R0ellsXwcxCkz3mYii6lUYjD26WjgWBE7kGpQ
/l+UwdMRMGWcfa3tFhZaNB7K2G/50EcN9DHHOWqqzeqHbjDP7KAMw3eGEqqMn3v4erV3
WpHwAMSlFa696UGUcxRPe66pZPGf5EASHDaiprhupKsIfS72OO9le66vxbG2neJ7StvC
qSC6H1TCTiCviVhCpfI63jyVr28Tsjn8UOjaOGaKdjalWbarvQGt/tykHdnqYeF8Kgg9
VRrN19JMh2RWJRD/9OcWx/B+cO1Tvqk3IfigXiJC6iGTvutw7zVdVNVYqGK89d0q8WfW
SNx95YaXF6umjCTZ96l0z8+fshPHI//RziD5n4s2N9IygPXIxiO+oHSdxRoI2H/GkQm7
F6B8BvwEanr9NcL9blzIx6VgvSW9nmggU8ZPZrwDVIO8GnqCibNT6h90x1Frfb84gZ4l
0fLKrYYFFNi0jT3/Ef9i/BmrPx82wdZGL6fwdfkq4S+4WJmejIZSg4XVd97tilZmy5pM
EsX0+yEWScqc0QBtr0sH6lnhpScJb6wSNGeImlERHYeFc/B8HBVWssao9Ai6XIIz9uo+
P7jDoaCYP4EKFETa97mQUiVJjetOaNNi9c6YXABqOvATRMfTvtzHLuW+3oZxcttp2kkc
QZKztvGyo4KZCqlhiSEN7MhqpMHmq1AVvZejd+hrEfq5Uq3V+C6WfmsVJPjBC7+lWGVm
LsJIVuBZjfB4brgFHybQwafO8XuR5Yayw2MWUO/coFPDaGwPr+sZP/lrIC5kbysS4Zl1
ogqNdBVy1Qzv9ZxcNHyf1tuWW06aJpceJpEYbpbQZS/j23cnY2mwIAgepqXm7uJ3FIaU
qnY8HQeqfojwUzLt9oZ9/Z9X942TT0jDeP7d15oZH/KeBYIq/Cl6yXYPPQ9zs/OsQ+Es
Sq89AsOoaS+2KcUbOot8wtt5bmdSqRc5CTMzmHZalwYleR6dfbhWWS8qoZukTy2S0V7T
Ioyh5zvX414jlb9A+PgpHfKxww/BWtCo1qkFLM3+mc+NSWTY6xhJ3z+BWZzn4Hh2hf7v
QUiq4ihYzaTCgmYIC7W4augBBZnABbfqjn9XD02m/uiZgEZguRz/RlKJVHNNAsNW+xlB
3Ngaqa1d2hGNnSEkF0pu7fcisCHK9B01nFdhH8LcVZPFYJGvgEPb+lAynnNY5rX52Ttw
lRXVrotjbdVOa/IhBM2OeSN+WtLX5C2FQTta+mtA423axtdx7noYnCrOSjH1k2ui5EN4
XBwtijYSuIlUsvK/6ybspDZ4DPAXQ8BlYSsqLlzTKt9Pz0FK17HMO1wHOg/4AwKcjr4t
lXa4hTDl/Jiyf2AY+iiZXFY9lyYX8YsAIv+5IpvIptm0KJVrAbKwXiTyEvFP8o2sNLnj
AqD8jPd5CmrzcPdqklWQHBxG6eZq40NC21hJ8eCUoaNnPVnRAaHQnECXQE013gyG+9yV
JdMOPtPLrEswb8YZa0EXqxnUPMcNxZCc2SB7if4/uGiExgQe5GtINc6wSwLwX60FsXxx
ggy43uYsSVd8bVqCCl8qOWday4pa4G7eMlIMfGKqUpby2LH2gj3o8ksp1I0hOSKRxZN0
QuwswEku91jCIMLPEGD/6ZeC7MCsPIf/8BVm4mCuoXVo6JRvVvV6gimZryNIWhKJN08t
/YJGOZJ8SiSooYVLA0uU5iaR9W5J2naudYfhM0KrI2+8qUSUPhz44LuBrwB0w3R01J2b
QyBssQusPTKYlHofjW6WntcJTLwjcg6PfHiOkPJjBbINm6Ypmc9g5TipqwqwUvU4tRU3
Lq2zTUWHm5qoqSLJBRAXwo6+Rfa3sutQ0QR1tGX0xwg620AfwJYrZnxbyF94vTiWK2y9
maeyW92wfdWkKilhdpWCFtSz5GnRbty3Mkvwl/LoTRZwFvYADeTg55oPShrNEnyIGAcR
dmhLxCYTa3Im0wv34w/W4tz6lITnd18RTlQFdpMAm19wn27tzuiWOpKdCisTis1Auxwk
pHAnD/jH/Zv/vn6ppOKiljnBsO2uljwueE1S154gdmv9/6rkbDBPWun6orHVZRfONTFC
FzgAJcwVWslsNcCxnHeMlcYZG6BofWFFmkBNNT2ktVTFVfcKSpz6I8pFbC+DznvRd/Xu
5JGZv16Gz1epAFHYCFq47BT3goiBABDKfZCYX/P37R8LJOsTE2Vq+2Og0nviOZyIBBjW
OYLxaElh5rH5BGKvtsoQHk9+hw0oKzU7e+wtRLS55/cNI6u7Exd3oM/SAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAECRAWGiA=",
Ounsworth, et al. Expires 28 September 2026 [Page 89]
Internet-Draft Composite ML-KEM March 2026
"dk": "wkSq57PeL2pKyA6bJvhQGBCQ56iHZ5Tf36gtNQN13+VLisqpJ2OiMzAJZc1GM
4VJlkqtc2m35kS6c22SdWRuUjCCBuMCAQACggGBAN/pnKtd6ESaP/cme7anlnkAPYAMN
wDEoNiuT4n7uoqlK8jj8CjmZMFNrGjsJoRZYEDgvjqV0w+Q/kTL6P1zEPVbETafuNJhi
J/8gpVkiAVkEC0agTeFLKzzz9aLPxFQZHDk6miIuqTdPGA0jkrwQPthYbFCMre6dSGbD
VU/RkOdY5e5H94/Eh88nziYiYS9pzsoxkjoTHi8AurNK2suNCFZGKBD+xilxwv7qLAAA
NrQFAmm/lPIcBk278CX/G/sJl2i5hSQSJy1pgDqWW5vU5857J8IPnMKljhC9eOO0gfri
KbpfieUAyacyZ5NDymrz+5wTgC+sK19IBhG3mZPIh6suSa5njnwCBXS+5HXq0qOF9if0
ZqhOBM4P9tYxxcPoU97XYfBCY2zQA81qSZ5W3Ej1QqlAVCEYbN0Vs4tYcrJYRMTB8i2S
BGL4HsvAj5ttvF5ddbKBlkbjKUY3TbzgBKCkBHXuw/4VOH9dBqkket83/GwqiRHsAXEz
nkWxWk8twIDAQABAoIBgAh9JxznbFkF62JXnTaIfP37RdmeMkRNdy/aepZ844BQrU9U7
yWM620SPPTPXrTmzzRvW3p3dG8qQa3/BpyKImdmdGX/svZecs0RD0jD3uMsGbbl0PSiE
Cvs3UhdssIEOmYooVzd+NNIC0JSr1BWx8fnGxGpCeHCEtowlfKmsoP5Yy2ZbaDsjYsp9
XskFqTSSPi5CGdsMyfGMIc8AbVWlrPq9PkbYAPrs7OmNf8LEBmtXimNhLRNc8Wh1mNqO
JOlBWgSVl7u73MJngaVmCRZnR9NWfrN//+iGo9idoCF1/D7X9rehQW670n666UKL2zWq
JTTlMahRhFthR3nZ5bU+R9OLv7BCXTlXlrTk5+0+EZM75zzaWH5ItxuYEswzanOjuW0b
YYMoR5fjE2vsQxbo4QHUasn9OPFoKTUN7VDttvUGpfzKSdRfU1SVsmrmS3y6rZ18HYSe
cNFPHDZrfwmBOj7Hdyqeqv25akxnc3RIpUuV7CZVf/sfUGq3OmDTJbKEQKBwQDyxFv1m
Q4T2tQJ05zrxNzxLzEtsQ0rNTivQ+gb+NP1SL+IO5W4JWgUL1APBlx80WUre/YTK+0AO
GMxwmoOJKg+rmukkd1WZc/jLWGO1jzt9EofP4YbcZ64uvdvnvDSz54JykUkE78xZwtro
S0CZ3E2PBQWrP+iQBo9fVEHyTYyXQNRRGvYB3MT1hfDqHCAk/TdjrHgRSfG6RkSMItDD
8BE2e/Oe+0hQ0MRe20OM4vbb9eKvA5UL3qVUdrUGO2b80cCgcEA7B4m5NzqXYQq5yzBs
8OSjD5ha6ck+ihywuqVp5Y4KvE8ADSf+3Fc4G84IxRBPlchjTGk3fs84yV2YCoN2MTlD
yJlkU849ZDnAQI0tKH3T+lfQpwGsALBk1/KvCyZCp0pzv3QqDC7v9t8MewdQLG4/bnHt
zv/q8CGMiperxRHBtb8b4lh42TaOx2LoMorZSavZTrQXyasThpfBtwwxT5LCXSzllcmd
7IXcYEyoKO+eQztCRJNC4j2DSPtf4XHycMRAoHAczPzX6zuHUXu8WrWQJv/LQT0FXa7h
RGQgLt83ilKjE+ldISyG9zEcy+wkjC2mxTTKbt9nsNtiHk5uVdE9Mk4feZPdp0xp9pQu
MHEVgAckd8nfYSro0Jby9YNrY6DQcb8fDDcdq5YQJ1hsgWeUlG8S7xe3BPki55X1W4uk
b9OVMAG3v3VH4MJfRRP2q2IFbwgqzMX/hFTOvVKzHL04zIKT6IMRrRQZ0SAAz/LFL4pV
EzSwCdVtWWCinF5osThnOvpAoHAHgWzclQ4pI1imyRQuNe8MYLZBkQpanlsJiaHwthR6
fvkYi5OzTzbz1m07JjttsyDYp2WVfdVBZjE1XNjcVWPvn3kJjbJikfTZ4htRS528L0+t
Ix8OTMQg/mhII4XI4daQox5VHll1f5Fa1+XVJuEZxaRM1Y4qxD+vzAt+9r7MP5y+IeiX
7R6Hxwhnd8251Sk5p0003RqYj/uJ0QmG15RUjF5iDsqk/ucCX2g/1XyqRegqA+gpj/S8
VbJIvbSsW/RAoHBALJgdNZAivJ0xIrbz6narV2eO7lRTdvheaH/hbcsRsSEH5yRapvN2
H9MHfbe2H59NKSDhMijXNOG3A0jrAKdKXjPLIZflgCJlE3RkPKvaCQi45wsksY4oGjVd
sdWgCo6LJ1j8a4XrW1zXYy7o5cUXIhjS8rqUR4wiLuGFKh1FOCQHWTbieVR7llruOYjl
nOyIRRKKufCsxokOIlYbYZpBxLgL4JJOUr20HutziKPUZpqhUXEBIVYO9N6MlQHVpLpT
g==",
"dk_pkcs8": "MIIHOgIBADAKBggrBgEFBQcGOASCByfCRKrns94vakrIDpsm+FAYEJD
nqIdnlN/fqC01A3Xf5UuKyqknY6IzMAllzUYzhUmWSq1zabfmRLpzbZJ1ZG5SMIIG4wI
BAAKCAYEA3+mcq13oRJo/9yZ7tqeWeQA9gAw3AMSg2K5Pifu6iqUryOPwKOZkwU2saOw
mhFlgQOC+OpXTD5D+RMvo/XMQ9VsRNp+40mGIn/yClWSIBWQQLRqBN4UsrPPP1os/EVB
kcOTqaIi6pN08YDSOSvBA+2FhsUIyt7p1IZsNVT9GQ51jl7kf3j8SHzyfOJiJhL2nOyj
GSOhMeLwC6s0ray40IVkYoEP7GKXHC/uosAAA2tAUCab+U8hwGTbvwJf8b+wmXaLmFJB
InLWmAOpZbm9Tnznsnwg+cwqWOEL1447SB+uIpul+J5QDJpzJnk0PKavP7nBOAL6wrX0
gGEbeZk8iHqy5JrmeOfAIFdL7kderSo4X2J/RmqE4Ezg/21jHFw+hT3tdh8EJjbNADzW
pJnlbcSPVCqUBUIRhs3RWzi1hyslhExMHyLZIEYvgey8CPm228Xl11soGWRuMpRjdNvO
AEoKQEde7D/hU4f10GqSR63zf8bCqJEewBcTOeRbFaTy3AgMBAAECggGACH0nHOdsWQX
rYledNoh8/ftF2Z4yRE13L9p6lnzjgFCtT1TvJYzrbRI89M9etObPNG9bend0bypBrf8
Ounsworth, et al. Expires 28 September 2026 [Page 90]
Internet-Draft Composite ML-KEM March 2026
GnIoiZ2Z0Zf+y9l5yzREPSMPe4ywZtuXQ9KIQK+zdSF2ywgQ6ZiihXN3400gLQlKvUFb
Hx+cbEakJ4cIS2jCV8qayg/ljLZltoOyNiyn1eyQWpNJI+LkIZ2wzJ8YwhzwBtVaWs+r
0+RtgA+uzs6Y1/wsQGa1eKY2EtE1zxaHWY2o4k6UFaBJWXu7vcwmeBpWYJFmdH01Z+s3
//6Iaj2J2gIXX8Ptf2t6FBbrvSfrrpQovbNaolNOUxqFGEW2FHednltT5H04u/sEJdOV
eWtOTn7T4RkzvnPNpYfki3G5gSzDNqc6O5bRthgyhHl+MTa+xDFujhAdRqyf048WgpNQ
3tUO229Qal/MpJ1F9TVJWyauZLfLqtnXwdhJ5w0U8cNmt/CYE6Psd3Kp6q/blqTGdzdE
ilS5XsJlV/+x9Qarc6YNMlsoRAoHBAPLEW/WZDhPa1AnTnOvE3PEvMS2xDSs1OK9D6Bv
40/VIv4g7lbglaBQvUA8GXHzRZSt79hMr7QA4YzHCag4kqD6ua6SR3VZlz+MtYY7WPO3
0Sh8/hhtxnri692+e8NLPngnKRSQTvzFnC2uhLQJncTY8FBas/6JAGj19UQfJNjJdA1F
Ea9gHcxPWF8OocICT9N2OseBFJ8bpGRIwi0MPwETZ78577SFDQxF7bQ4zi9tv14q8DlQ
vepVR2tQY7ZvzRwKBwQDsHibk3OpdhCrnLMGzw5KMPmFrpyT6KHLC6pWnljgq8TwANJ/
7cVzgbzgjFEE+VyGNMaTd+zzjJXZgKg3YxOUPImWRTzj1kOcBAjS0ofdP6V9CnAawAsG
TX8q8LJkKnSnO/dCoMLu/23wx7B1Asbj9uce3O/+rwIYyKl6vFEcG1vxviWHjZNo7HYu
gyitlJq9lOtBfJqxOGl8G3DDFPksJdLOWVyZ3shdxgTKgo755DO0JEk0LiPYNI+1/hcf
JwxECgcBzM/NfrO4dRe7xatZAm/8tBPQVdruFEZCAu3zeKUqMT6V0hLIb3MRzL7CSMLa
bFNMpu32ew22IeTm5V0T0yTh95k92nTGn2lC4wcRWAByR3yd9hKujQlvL1g2tjoNBxvx
8MNx2rlhAnWGyBZ5SUbxLvF7cE+SLnlfVbi6Rv05UwAbe/dUfgwl9FE/arYgVvCCrMxf
+EVM69UrMcvTjMgpPogxGtFBnRIADP8sUvilUTNLAJ1W1ZYKKcXmixOGc6+kCgcAeBbN
yVDikjWKbJFC417wxgtkGRClqeWwmJofC2FHp++RiLk7NPNvPWbTsmO22zINinZZV91U
FmMTVc2NxVY++feQmNsmKR9NniG1FLnbwvT60jHw5MxCD+aEgjhcjh1pCjHlUeWXV/kV
rX5dUm4RnFpEzVjirEP6/MC372vsw/nL4h6JftHofHCGd3zbnVKTmnTTTdGpiP+4nRCY
bXlFSMXmIOyqT+5wJfaD/VfKpF6CoD6CmP9LxVski9tKxb9ECgcEAsmB01kCK8nTEitv
PqdqtXZ47uVFN2+F5of+FtyxGxIQfnJFqm83Yf0wd9t7Yfn00pIOEyKNc04bcDSOsAp0
peM8shl+WAImUTdGQ8q9oJCLjnCySxjigaNV2x1aAKjosnWPxrhetbXNdjLujlxRciGN
LyupRHjCIu4YUqHUU4JAdZNuJ5VHuWWu45iOWc7IhFEoq58KzGiQ4iVhthmkHEuAvgkk
5SvbQe63OIo9RmmqFRcQEhVg703oyVAdWkulO",
"c": "bRT+CGVJjWlhms3c7z1cr9MtPb5FzC3yG855tfRmHVXKAz92BekSaM1dynXs2X
VcqYUmAyqXfNfZVQwbaap+iiJImFoVo36nRbYLVcBjGB/q9DHl2FUFTTsHrvMUpuRDw7
1i/xAwxhPZJn/++9iOYgib+Oc9rc0SiLfMFZIOzV2UPTqyeRTTNkCCqcjrovFXDMIVhX
Lii4A8vc8fZcZPKpnVC+xxep/0nBnePOh5Dfsw69KMR8+ARCJxvWHypLMVu7Wr+EzJKx
qRMCJ7T3qhHGfdk+OvST78mMbjGMWxDzGS1Ao/B6rxLJsB3SdQ/7hOg4a6C/XAHuaLsg
q+zBhsuX6OdKulwXgduhhOuDxOyEiemtJpbRkoxc1v+ukhLt4LFFEqMBsOfx1Or55O6Q
H3CNiXQZK4A5mQtEFIHc8l4cLF6aheCjkUJK95GjR48NOb8B7Nzasm6brmsUDpy46dZT
N5Q4MFUU0cUcuuH1ew+f3BMdg7oMpFPmVASC8FzTysIcNkRzoik3H0wZ2YqDREwb3Q1s
45xUjOgURzNhTVF3mHUftsZMc0xXMxfRiYDkK7tM8WvTg1kYHmJQmyc720rRO7th+DEx
MdHccDK4r8IdyYAoOSCe2GHDuP7nYu6jBL8G+4FhMJ//6nDHcwoHYlJW75AdJ1hdwLuf
Em1Y4TtPbqEFJQs4jm2r/zB9gNpwq1RCL12tfcC17TQArxOOJh5oUF9P/9xNL8ckXHlP
D/uWHTi13vwAbd0SqyJ1JDKGbjnLoAWCggA5Aveq4SjGS+acGZBdk8e1zY8chYx4OJ2A
XnEBEKkIlcxM4br7OadLlZQoXCJgFrg6CKYgu5Mxgo77i2w05R6dLe37F6CNxyDTMM4f
JyxH0WJcovDVj83MP8JGD5eKIqqJhBnMI2/28n43tXqivRD3dZilyPHsvygMnwT3Ua2c
OIHmCAqkfFofeRnPKEyhvT3IhGLXUMxCR3ZripQ7TiibUFJULXqC9JLEbCrARcS8D8GP
S/TP6gz0kRIVaVX7Zu8QhSG0+bjEdSmIfFYNnwPOIZwNPOCj1a990tgC+cgwoksgkEGN
XyloYU8u8SR0AnVL09vXJ5RQgPwUcfL/Nul+IBWYZy3VPksUehnOO6X3UHZq7HIywyGm
MX/QAVPezWrX200y0aocbSR/MOKN2zCw/8aQr8p7EzGMpGiXortp6srcGKwlDxATX7D+
mk/3sXPxJGBkdLgu3/VA9HkMfgG8yB2mAnpme9zCEPq1eVizFbR0R0TeZZq5RTvikTJ4
jFJlANUca4sVZL1wtb+Mx9X2dqNSdEGSzly/H4eG6nOl+PHiK3VhQ9JERnpzNu0BzfrD
zTICBzsND4xlhwMBWI2Gv2eLS4yA9Rj8Pah5B/gPaQBBAhEyq8L0BcOZ7dHhpYKYrdy0
AFhwEXUR46KBsa0Ytdd893dtR1Gfx7VjVZSbcpKjM/YIvptorouXA/XKL76zNO82EHg6
Ounsworth, et al. Expires 28 September 2026 [Page 91]
Internet-Draft Composite ML-KEM March 2026
YvDmSWGUakpax9GQb9ndCdAKVXxU0HDu5HZwdD+zmqHdp3648FlUul0NH7TldoowHqgM
I3EDl5cZM4i80iP1/sS0J5mUXeO73Ykk7dPqxoJBKTCxkCR5JNX+yjrngs/VxjmAEZbG
onbV+OxsBHBdKJ1jFPNStcYCEbErgIJyFHgpH8ktp57FUMoFtGnQjkY4J7Cws2Ji0AGf
8b4CjWr5ndD7ZJYJ9WearFL7RE90FZmzdwMyNIzZxqvyVeDhN3A3gg+ZtLRjZqAck+Vm
QSACtPWj9NEAswP8L1dT1bfXun8N+7SDkFu8mlzgsZNb6Q0ZmzSdq3Ht/5YniZLempGq
PmNnTWX7xNPXc+MfbpPxe4u7v0XwdoqFSla1Bmd/4jrYhWmPSWn8ackvYein8QkaGptn
2QBC6VDqtiGkx2bI0jlXborCDZF+u7Z43cCntWMnWiwbAGQl6dXfQ6B+2gmntN0do=",
"k": "YBCTYQtTL9H57SRVaJjGwKKhM8AJ1LzIsmZYBeDPyUk="
},
{
"tcId": "id-MLKEM768-RSA4096-SHA3-256",
"ek": "w6hwUIIuKmtN9AEiwEPEOIbLCok+5mQBTWWMQ3UT4PsDUOUaK3ukLMKMZBS+a
7F2qaeRmEx+7zMmjbzCBSoQ4xBIlNcySNN9ajql3EnHlZWms3qR2aeKwhuxbhayKnxqY
HSQZxIeXoeb79Re1VwsGgPFWJN7o3p1nlBUn+KDqtxA81uUU7NhqYlNpDFp6hdob5TDs
TlQxuV3wKECExJI2wlG59DMzTUsZcgzPmmlgBaEt+FSvINX6LpqhlZVB3J38ZJx2CSYV
/ZhTERhx6V6kphsm5dfBEJTYoopptGevKwrG0I8YVy7OgIBIHog1oYPiWYkqDMORrevm
aQmJaqOgYip9ndH9wNDcUYZ9OCYHppeRKO2fILGN8u0JFijqnE5tfe3FoMkw9GQuSCHb
oFPUiuAL9R7pby6evA5XbRG6ZCpF9sCCJgWGFgS7/No0fVEgIStc0mCdaWTJaGOE1ViK
qS26ZBvfQJrAhZzdhi6nafKEdSVq+RDPCedh9kr1icSBdBN0NIEp8QwpuME/kI90LloO
+ADRNcNX5JT/Sotf3QMvsVYx+Jk4IgZifm2SFMsKGx0aCBIJSuj8PWv+cduj/aS/Td6W
ZYzOZuXqwrB1hCtvKp9oGNrhFtBWjEiMaUBjyiNxax5Q8RyPkKctQW1c8CNK8QEMgGMG
XhutvCfKstiw1nDnGpW9uCgKqZxS/ZY3reGWMherrGOtAIavWSEhhAHbvt8lQoDhhF/C
nJ6ZbgKMQe47MknyqtmqOEHChlj4jylDXAPT6I6dXuFoqQ1pcqhgBF71wxreSJ+VhonU
ckW9epjZ7tsQhMQq3hSVbpV9sZl/2SFC7kUdQqRvhcMNzpTGbi9ULEXMmLKJXIXJraXD
yOwcxUaUjK6SdAkdQNAuOdH1YGYzxBy5qMO+qIki2Vkh7aRvlAa+MFsieWd45UXRLKGF
QiCWjCRBsR9UIM9bbmeO6RSwKWBl6cI2oTBv+KgVXmxCUgFjXIowYmEe+mJFUp/Keefc
XEjVINh1aOOS6W/COZb9NCgTnW0a+JriEiuWUuJcdZAt6VTlnRt0sW+zRtcs0qDbDygd
IITCjAZRLgzWJUEyYCNvPBSyvYcD5S7EQo52GID8twVGamTKUkmUzxYD6V/8EZJ8VhgW
eSFWCIKIeE0ZYRvaltR/Dt6gIyP2AYXvutoYqY8LlQV+TNehOKftxhx5iKeLCEK9fSn9
FimkSEn2WQDKstWYWNPRpip9LlffWswetFThERbRvhLjcVMUrswgBAywzY5A/aEBhUmH
ZUtfqukHPi/OVVU43K858K5Q6uTqGmmAyo6EpoOh9DC6RlKPsaRi1slQaoDVaaz/NNh6
vNwyEkd0UuuVqEKScF+iPeqsTyhLWS0YQlWM5Vd/ObC45OT94S1koU8kBbG/ldXiIAY9
TCChfGB0lZz1OyunfqrQpIK55R/RxWwuqcka4ODGYTLX3icZbKO3WkbTlxfXUQKQZo60
hZAyhie9foCyopdLPdMESsbeTuXm5hmfVK4zrRpfultraJYW+zBiVq/0zVscIHRYggwE
Up1a4tcNJe+3BUty2QuZ+gwggIKAoICAQC2HySTUvw9phSDoAXFE+K8dsDjngYrn2KrM
nyfPl0HSo9G/HHbkpXycqp5rTKLJpWVr6cewF5OwG0qsy5R7DTpIfa+P6LHwq7vR2MGE
GS6qFFyX0RoidBoyp3k1SkVZGHvrb+QL/Gep2XzwFB1ZMIEe/fmZvL20OJVGxc2e4tLL
r1Zs+5dJs9QRGmmj38B6/7q6SuaZeT4dLE+KRpQFbTJvrpCSKfZJOJpnLgcW8CRBSNk1
VSo22e38LNoQOb8wrvjXxrwHFJJ+yN8vd+ksQs64LsMC9WCdZFj8WbbB8hUFfTPLaX3H
0jRvZJLm0qruHbVjucRSEqvlyUBwHgR5JlXMqsDTWwphu5S15JAecsfl3XVDo3vuoG1F
cXjVLBd28EC5qvE3PEd7Pb+XOdbNCzlw2iX15pxMauVWEiqfE2SfPy+PVEaD1reFantY
mmeuD8TNK6NalOQIYJ+C+S/dSmJdmMD+6jyeEZn+QTO20ECMrxrUwTZs74NocFD8Upyv
leCzKBuDa8Ov6WbEiX77gSzV3XiAjn/tLXIPXSvA+1kwmBmCoICIMUlFcjelna7ds5zB
LLF3RqAVXyfRJC9FwdDhiXUkPdaND71hYPor8c8GOLNkADrvhTWvK6dJmdvueGaDrme4
wEAeev7HO9dq5qCtkwGIgm0DQ37f+H4SBoYYQIDAQAB",
"x5c": "MIIUqTCCB6agAwIBAgIUcWxgy0zLEB8bl044z0oAsDyYd9owCwYJYIZIAWUD
BAMSMD0xDTALBgNVBAoMBElFVEYxDjAMBgNVBAsMBUxBTVBTMRwwGgYDVQQDDBNDb21w
b3NpdGUgTUwtS0VNIENBMB4XDTI2MDExNDEyMTUzN1oXDTM2MDExNTEyMTUzN1owRjEN
Ounsworth, et al. Expires 28 September 2026 [Page 92]
Internet-Draft Composite ML-KEM March 2026
MAsGA1UECgwESUVURjEOMAwGA1UECwwFTEFNUFMxJTAjBgNVBAMMHGlkLU1MS0VNNzY4
LVJTQTQwOTYtU0hBMy0yNTYwgga/MAoGCCsGAQUFBwY5A4IGrwDDqHBQgi4qa030ASLA
Q8Q4hssKiT7mZAFNZYxDdRPg+wNQ5Rore6QswoxkFL5rsXapp5GYTH7vMyaNvMIFKhDj
EEiU1zJI031qOqXcSceVlaazepHZp4rCG7FuFrIqfGpgdJBnEh5eh5vv1F7VXCwaA8VY
k3ujenWeUFSf4oOq3EDzW5RTs2GpiU2kMWnqF2hvlMOxOVDG5XfAoQITEkjbCUbn0MzN
NSxlyDM+aaWAFoS34VK8g1foumqGVlUHcnfxknHYJJhX9mFMRGHHpXqSmGybl18EQlNi
iimm0Z68rCsbQjxhXLs6AgEgeiDWhg+JZiSoMw5Gt6+ZpCYlqo6BiKn2d0f3A0NxRhn0
4Jgeml5Eo7Z8gsY3y7QkWKOqcTm197cWgyTD0ZC5IIdugU9SK4Av1HulvLp68DldtEbp
kKkX2wIImBYYWBLv82jR9USAhK1zSYJ1pZMloY4TVWIqpLbpkG99AmsCFnN2GLqdp8oR
1JWr5EM8J52H2SvWJxIF0E3Q0gSnxDCm4wT+Qj3QuWg74ANE1w1fklP9Ki1/dAy+xVjH
4mTgiBmJ+bZIUywobHRoIEglK6Pw9a/5x26P9pL9N3pZljM5m5erCsHWEK28qn2gY2uE
W0FaMSIxpQGPKI3FrHlDxHI+Qpy1BbVzwI0rxAQyAYwZeG628J8qy2LDWcOcalb24KAq
pnFL9ljet4ZYyF6usY60Ahq9ZISGEAdu+3yVCgOGEX8KcnpluAoxB7jsySfKq2ao4QcK
GWPiPKUNcA9Pojp1e4WipDWlyqGAEXvXDGt5In5WGidRyRb16mNnu2xCExCreFJVulX2
xmX/ZIULuRR1CpG+Fww3OlMZuL1QsRcyYsolchcmtpcPI7BzFRpSMrpJ0CR1A0C450fV
gZjPEHLmow76oiSLZWSHtpG+UBr4wWyJ5Z3jlRdEsoYVCIJaMJEGxH1Qgz1tuZ47pFLA
pYGXpwjahMG/4qBVebEJSAWNcijBiYR76YkVSn8p559xcSNUg2HVo45Lpb8I5lv00KBO
dbRr4muISK5ZS4lx1kC3pVOWdG3Sxb7NG1yzSoNsPKB0ghMKMBlEuDNYlQTJgI288FLK
9hwPlLsRCjnYYgPy3BUZqZMpSSZTPFgPpX/wRknxWGBZ5IVYIgoh4TRlhG9qW1H8O3qA
jI/YBhe+62hipjwuVBX5M16E4p+3GHHmIp4sIQr19Kf0WKaRISfZZAMqy1ZhY09GmKn0
uV99azB60VOERFtG+EuNxUxSuzCAEDLDNjkD9oQGFSYdlS1+q6Qc+L85VVTjcrznwrlD
q5OoaaYDKjoSmg6H0MLpGUo+xpGLWyVBqgNVprP802Hq83DISR3RS65WoQpJwX6I96qx
PKEtZLRhCVYzlV385sLjk5P3hLWShTyQFsb+V1eIgBj1MIKF8YHSVnPU7K6d+qtCkgrn
lH9HFbC6pyRrg4MZhMtfeJxlso7daRtOXF9dRApBmjrSFkDKGJ71+gLKil0s90wRKxt5
O5ebmGZ9UrjOtGl+6W2tolhb7MGJWr/TNWxwgdFiCDARSnVri1w0l77cFS3LZC5n6DCC
AgoCggIBALYfJJNS/D2mFIOgBcUT4rx2wOOeBiufYqsyfJ8+XQdKj0b8cduSlfJyqnmt
MosmlZWvpx7AXk7AbSqzLlHsNOkh9r4/osfCru9HYwYQZLqoUXJfRGiJ0GjKneTVKRVk
Ye+tv5Av8Z6nZfPAUHVkwgR79+Zm8vbQ4lUbFzZ7i0suvVmz7l0mz1BEaaaPfwHr/urp
K5pl5Ph0sT4pGlAVtMm+ukJIp9kk4mmcuBxbwJEFI2TVVKjbZ7fws2hA5vzCu+NfGvAc
Ukn7I3y936SxCzrguwwL1YJ1kWPxZtsHyFQV9M8tpfcfSNG9kkubSqu4dtWO5xFISq+X
JQHAeBHkmVcyqwNNbCmG7lLXkkB5yx+XddUOje+6gbUVxeNUsF3bwQLmq8Tc8R3s9v5c
51s0LOXDaJfXmnExq5VYSKp8TZJ8/L49URoPWt4Vqe1iaZ64PxM0ro1qU5Ahgn4L5L91
KYl2YwP7qPJ4Rmf5BM7bQQIyvGtTBNmzvg2hwUPxSnK+V4LMoG4Nrw6/pZsSJfvuBLNX
deICOf+0tcg9dK8D7WTCYGYKggIgxSUVyN6Wdrt2znMEssXdGoBVfJ9EkL0XB0OGJdSQ
91o0PvWFg+ivxzwY4s2QAOu+FNa8rp0mZ2+54ZoOuZ7jAQB56/sc712rmoK2TAYiCbQN
Dft/4fhIGhhhAgMBAAGjEjAQMA4GA1UdDwEB/wQEAwIFIDALBglghkgBZQMEAxIDggzu
ABaGMW8qlMfG/mWrzi7Nf37sGfrUbRgKntjusZfBABn954hkM33OuwWLFwL9mlTYyCZY
tej80haj0wqukEYAKrnM9QBao9S3sH4HzhqlMSsTZzwgGh+JmniroPMt+amyBbihfLxa
yHrqoDtBVmdzXy3yERNYl9z55QkManuWF52HAC+SDUfEa1aTbj2Ck24bUxIlZMaHq/2i
ZyBDtB8aORmHsrITUc6wRU6A1TRUkUu7/MDCD9PZJC1bzrmSFAcvBxtbQaathzcf4GHb
TBzYdl29PL/QyZd9lbl2omekbnoHTnIyjaiY7cArx6uvfa87n2mopyjKn+oXiondGJaP
ahJ7ONvnRig4hSrT1ACAmn0i+5+xrsPVMseARea6jOJC9QSBZLHuVRZ9PTXWtn8zSMo8
b46EbfWVjYzwi7MOx+NTvXKdQdCSMRrxfM/Kkx593vO7CepBVsuPw+aGMAGBn7kYtDih
iyYz9j4ZgP0UCHd2UXYqjqC4PyXOrpMokaFO26pEs98XhwTcr20UYxd4vCznbRrdD9wO
UkwYpVZnf1pJb2W9U7X4RnVnkdsirsvt7JhGpycYah5ZTjYBGQYU13Nb3pFlHV53RBgU
Kz8YpG0apXIMy9j70eNnj6Bc1XNmBz7PP8ikBMs/nbnKvswU363flg8BAP2h4q+iichi
3xK44hOHpsWW+D5u55MBwu0WH79TwPDWh1YO0WrOUJvNUbIKbi6TbdzzixqPvM8J9m6F
lKv0BQTG3pXdaQT1jLkr5PYceq26UM1d8LU8oMABNPuxpvcahmdn6bVBuCQVLFpSYxfS
Ounsworth, et al. Expires 28 September 2026 [Page 93]
Internet-Draft Composite ML-KEM March 2026
sbKU/ANJlmAQxt9W1gO42lvLi4z85e8ML7O53R7s1hgRPUhy9Pwt3ocgrsFkaSKp2En/
nQZkPWHyULNbo3XP0HZOtRgoBU7oBJou0QGTrilrsqliLzIAq47ONjfh/nN60hqNYsu2
vsXak5967ogExkPLNxzNXEdJcLkTSclOZMFAHpG8i1Vp07DtlaCUlQmyy7Z/czUj28u7
vt9PvndEoF9RpkWN8ViyG2udJMN2lbo/S0VxwsPjihXwUHf0r3yTp6tx6LnRHh4Y9PGC
TQNsA53vOK1whaLFSULcXiCK9WFOJ+lszLf/Ei4R+z5T1cFHX/GocNYawqRBe/iBUPdH
JJyUHBHtK6lIyWzOWc3tOGOt1HD4MUSHfbEzQq58I2PBsmXsrHPlkXcKFDASbtZHHDGC
xiDC+BnYt6zsUnSB2jTvH9OdCzS1/+0REKek/OK0XymsA6EBCT0J4ewwE0WeV6RsB9j6
8LiCs0l0iJuo5/VzgsfZozg6qmlARLBg/2rOYNcjRVMOqd79+MtKZh4ZojKMihy+TWYW
+yHh6iWgseWQ5rfV6xxQjocqzpffNBuwYBDM6vrbTXbhwJKS4/mHy90rICi1baGw9mKY
rT0SxsFfjb9/l+Fc/En8zAuqwwqlmHdzG5gj/A0ELAHR8myhn20dyt1z0Q0hvzQqplbs
pvBLdW4Y8xhOCuZivu29UJIbGTOMZQAV3dz2I9rOjsWRuW5GEBDqV6g+wm9xkYyxrw+p
AUvt4N1c+TMA0OvNpIehFihqnCVfoeUFlN9KdbOz0eeJH7JE5x8+bsqcx+PTe8ts50AS
tmbTczg9Zer1S6EaErmfr6yyJ3vdNSVgpcvllvztWEdYS4UMhdFZEtg9r74EIv2SZ2GF
7GpoC1KIZbsEQ/cDEZxgvwDMjLIHjLnOYmzoZL6swE/apZmkdLKpuI8nrYo+8Z5oh2J5
yNbZzGiYBKZh2RnOcY7ltFeGsLyNmBGbn2eXyOe0iCLiiQWAyWlWkbubOYgEAyf+dKD+
hDG+YaZ79MH8yMwFoei/tnb4aIs+f4Jbc5xqgy2ZopFLjrKXavz9hWpSvVHCkrTTE5Ua
h9K+0GBop8Ei+tf+c9iSUs2Q0/BX8rqLr5gnTei/jMcfXDa7V9Tu3gRajmtYaP8Kfp4+
sWzBqCsZEk9XnuPkCy3BeKQH14UDZs3OUtj3VuCjYCD17iabQSY6B/Tj5CuU5wW40Nkw
GKQqQ7qyb/5jlH5ntV7SQHi/EpfWXAacXgyH3b3IZHBUhFu6711h4OU5gF3PpD9tzwxE
Xn3oeQt5hHJe2LwULEwI0U+Jx4metl583jhhZcPHmXRyItQW6WbmWU8xkogwavP+Xyfj
6GMnWO/cUyc5b396RN0ihgrCBfcvRX2rhd7wwyY1qSHQZo02dUCuHmleMI9D5FUfb5ZZ
tRl8MSOtapT5yNY9R970QpLTEKKqayKNCp9okJYZnWsJs6eBYrYG8WuY+LSh8+sflFkC
YB9ajy1aOyaIpWMccbzAD9BP5rpzCLzvBNzL6dXC2WZNH377cAMzPQc6UDu2Dlgl2Kpo
E/WMienNWeTTTDf6/u6ldrnNh2xoMOQ3emuNNzdFUY+IVv8goKTf6lYJI+JxP5j32ig4
87xQ9KlHlsZAL6j/chCEdC0C8RRBf1t3eFukenLmhuiliD+/UVbWqxgqznqhD4zYt/xz
CV5PbtEZX9W53kzxMv28RKDwRBGiVNPZHyXLyrGJF0Pq+zOoyqjH30VzrHZgbdXNm28v
X5mNNUADOmQ+qwRM32Qw34TTPmH7cK3WA5UMedo1FSDMkpgtVBwn1CW33J5VUZAFAYEd
jA2G/MzCSI7vbKA2gpqPNsa9OxtaXLXscqwlvqpDKcCX37+IyUFxqg/mksWlau+Cfu9D
I4jwnF+tz8C2WZWl/e4YukfkdviMzR2n4LWDGlmC4e2xDlSKQ/xoiH4vKw6j4Xhy+yCX
jdSJxa4Ko0k0Qus7ArGzh1NB0OaZhDefkkQPY+9KeGWMl1Uhpztl1y4jmNJFXQeNdAHr
AcHeHutLyqWLaNnvOM6paLRU5CLKY0zZPXOfBHc2RG/6J+lbxC215mlhcsHp+lsrdkiW
0jF+f5YQz/cTmof0NHgQ6s50BvDPqitHhNFZRO4IuEqIaxdVeQNzOMiX3Kao606qcduA
uVwgpgcZAEESRg8e8qEZCYmp/FqyZ08EVcy+Ni7psz/PwOFX7FfzWZMdKsC3rVFUCIKg
Vei/MPqbD4dpRSkwg39Z0qEg3yx8QxbMHUJSpw9VQIStkN9twdSArhvM3fkpIVHG9ayO
h6+ocLD4xPmq2/fFeqIHNu7aiqzp+FKuIV0cSs43RHRFIDDU+w3dSpIJFlm0X4jmKaC4
ezFi50XunTINsatTROoD1aAjMLJGX/7UWEqHZSLR86zUbBOVmWCa5lZngIqfd/Bljidu
OOyMpJtR1vnIam6PgcrxCe0TQMUcyNPKR6SfVyJQBjopl1R+CdL50bybJQgH0kwm7fn7
GN8PBvscUzg/SnB4OyBN86JV40mN0O04n3dLS9j2H4jfwxkgaevrK6pQo5EZ/whFHm0H
iKEMytQnYY2lkyCjKFfwiIzkMWu065z8NCrjkNc478tm3EMTDPFissZgJphh8lnvakcA
xtAd/RwLnYCEMsYb2VEPrYhsBy28fs8aAzm5WKpWkU/MpxTNHjZx6DihdwhjswXSAxB2
ZLTbjBFLmjdvy1NLpoRsC+yyv4gpVIYvEBg+uPwFeSAkrrcW1cPvpFr1FtfcMY6nFi5o
UX9kasBdk/oHYZGkezUdCwaOZU/5fj6eFEOeqL11JruW6VTIw2iVRm98XOPpmRgeqxW+
ENZSWfbMBpM3O9gCzVs1ofPs9HGnQCoABNtPtDWQdoi4dgXPDAe5DNqcmr9k09EfcZkV
dhaSYX6LSdkp+JIGfmMRSx15d+t8Dhp6f9CnqY6OPuL1btOajMTHv0ucMdaiuoug4tAL
p/QtFsuQq+7BsitsbMCAz64dyVBh2RrXClXa/UhDdCXQb8BE7i5LIwtAIpDVVfx0vSHg
FDHk27RFRJ/VluDyT/2ducBCgAz8/YhG8iQLU4jc2ChFM8DmubR28dRukN7wuL9t66XP
rW+7oiu8dCyDINSnxKtK9ZE2UvAJs6z0LAf7xZAHn4oIdk+KL1+OcnL12T+2BnL8unyH
K2hh7uEeZOCBmmS6q4bxcrb6q3/Mx00PxGBvmMlJTN3ZTeeNkkVl0bkX7dtdJEwNDqXW
Ounsworth, et al. Expires 28 September 2026 [Page 94]
Internet-Draft Composite ML-KEM March 2026
rKdZMu8yq0KiFL1CxENZNu+DI9AywvUfTt4zSrP6ODac4pnTlOCU8gQdBsLCU/kphGBs
lou70XlLrIoFawDg4dS9jHxyGRiQxrWyQgewVVmBrNURnHSLBOnUU+QEUY6rlPJ4CXr5
/pJq9XJNCc3t1Yre6qJ5fOk9b0OmM7zNH7YWpMcntiNAoodewiK3tz0f58k4mCZIy+OE
3My5oUmmP4f5BqBxQis05TugbKuhdFeeCNauJXjlHqWQTpO0QXN8q7Lo7AoYIjZZgpmy
/zV9jhCImM0UgIe/ITh/gYbL0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAcQExcbIg==",
"dk": "Mr599rJc8qQUkqjwcG2I4Jm/0frDRgwU4QifrdrVxm/4DMivxNnb54HGzTWZs
wrfCF2k8hR0T4Gl8SY9jodWyDCCCSgCAQACggIBALYfJJNS/D2mFIOgBcUT4rx2wOOeB
iufYqsyfJ8+XQdKj0b8cduSlfJyqnmtMosmlZWvpx7AXk7AbSqzLlHsNOkh9r4/osfCr
u9HYwYQZLqoUXJfRGiJ0GjKneTVKRVkYe+tv5Av8Z6nZfPAUHVkwgR79+Zm8vbQ4lUbF
zZ7i0suvVmz7l0mz1BEaaaPfwHr/urpK5pl5Ph0sT4pGlAVtMm+ukJIp9kk4mmcuBxbw
JEFI2TVVKjbZ7fws2hA5vzCu+NfGvAcUkn7I3y936SxCzrguwwL1YJ1kWPxZtsHyFQV9
M8tpfcfSNG9kkubSqu4dtWO5xFISq+XJQHAeBHkmVcyqwNNbCmG7lLXkkB5yx+XddUOj
e+6gbUVxeNUsF3bwQLmq8Tc8R3s9v5c51s0LOXDaJfXmnExq5VYSKp8TZJ8/L49URoPW
t4Vqe1iaZ64PxM0ro1qU5Ahgn4L5L91KYl2YwP7qPJ4Rmf5BM7bQQIyvGtTBNmzvg2hw
UPxSnK+V4LMoG4Nrw6/pZsSJfvuBLNXdeICOf+0tcg9dK8D7WTCYGYKggIgxSUVyN6Wd
rt2znMEssXdGoBVfJ9EkL0XB0OGJdSQ91o0PvWFg+ivxzwY4s2QAOu+FNa8rp0mZ2+54
ZoOuZ7jAQB56/sc712rmoK2TAYiCbQNDft/4fhIGhhhAgMBAAECggIAR0LVUW4hs8+l7
EDzsQMQb5T58bZ2DKCff4RQPhEtXnp+qJSDyppHYOgcK2MpSUhuNHVYK5Cy9haWQKR+5
eBKbcRz40pMG+TiBU+GACvu9hiBUgLT5iGysiZB9PWxTyUJqzptn/IalW1D18Yy1VR5F
D8bp4Q14nymaw2gHhnmTaM6xPxCMyHJ8crrGhjA5hQdGXbmMFJZbxxd9AgqOxbbOCuQf
vol7zHfA9smMTZ3mWcMy9ord6zuHwuob40htNpPoW6nwDccvcTuRFOZTDxYPBAOMG76+
sKdAqHFEMQxTzGOKnjenV0Y5bTLJxla9OlHWlXBtUH3s1AtU0unz7yGgO5EjgJ6qEcqR
f11jxE3Cgzk3Hk1H5Fc0F2BW5DIdT5oVMxP7AM0TEuO1kn6BDlt7tjtJw+YGm0ry+8Ys
T7VNfLYHGVK/vcUKPtfbUQNE3CtY0kRZn2KFydg8vzwyYQSky6KLLH+CG0Dbuyh88Di7
cLM+2a8hVpfNavHhFW6JTn0Z9HLyO++j0oRhdIMyj9/ThGQI/n3qvGbIisO1rorFa8P+
VhlV9soGfF/a9OA99CHkKi2YoukDSgbmzhg4aeUA3skW0YNgkxLcf2ZnVnhgILudtOiY
hAVAof8s3kiyEbMRkLXj2tTRXKmVUTD2VkJKQgZMfKuWRIKsgVHr8tQdKcCggEBAOZ+h
LDMHdjRq2XY6XnaqiiYuyT3OEdq9sUvmLij9aFTYN0TcprJFxaz2f1JrCS5vL9KZEuHZ
6uBW1N1T7X5gKi8duukftXEVQdVP2se+r0f4/R1Bx8ZUZ/E2EzhvA/ZPbGLjX23pYmG6
YI+wNmQJPL+CcEzdVfekM7IfFeZxM0+xqXqE3hy0I0mdbDsnx0/owiwx0QJFjctGi9mH
iIpHcrQYsEt/U0gJ0Bkzma38bL4prk6lfiQWP00pid1tm41U5I+rN3f4Zp8W7YTarF/H
7IPL14EfuXl/htWeZHf0TPXeOBH/OBaA9CIBhIJg0g2J3fwzC/4U3wEeFYA/cIKmEsCg
gEBAMpGUWNpJXaNAvisl1uQAoyHdotbnog0Qs+72hbf4KZjmROGo1v+jVwdDu6KP/WtV
B/OUTWUZvUjny7aWWqxzXRp0Mvgr24MMeD4AXHBS0TnNcZ1sl6b2KzWKDm8SKyoEbyDI
kDhCfnV6VoHWtpGqcoFcsc2hjeorifH4vn07xcPkBQ/Zg2cXok4nzjWKwrOPhD2fsHEv
ytnFthNnGhBS9egD73X5Gq0B60EDZoFkI/sr+9qW6Xri5PzvjGnljscHFX1PKt7VoAi4
mWCJIU2wGOApXeH4FGPnuIm34MyWFJzo8X6aa6l68lA5chTJrb3BYL8ypYGvN7tWX6gs
7vkPoMCggEAF4kru3HcSlt+iPPRQ2QUo/iUg33K/V/qus/VZGU5m7OL3Icz2KJX/TV4O
Ojg7w8YOuA5xYyaBWU8EhWUghxsCs7TxdQSL3nQxOLriuCq8czj1f5tL7vCHfJXs+II9
gVUy2BYnlG2UYi5J1eJEa4qV7WhAV1jygkr+DF4oOlOszaJyj9Qpafzq7YVpm9DABWTb
DvA3S2gWxn75oMi6JISPLdyng84Ijv6RhUFDnAR+hhxzdAxqCP1MkXCAZ1/d1lyoyhLN
oy52LCCHOF2r5Evh1sNlygWXRtTCy+VUlPsZMLH0P8Iz0/hu9Vn6UeXZDRDa3fnIa7Vt
4AtWXrYbovuaQKCAQEAgunf4yc6R/Ab7DZH/8rE248Q+kDh6eVpGGnMTOG40/fCKxEIy
ZGGjAeCkoCHxMnZmHw/sx3JRP85F2naVWOeRan2qP1SjTb3UVMyHB2uSXobI8cpGnJjW
fmBL1zc7GIamJeGo9cCTeBUlyALfRoe6dF859IyK/PQQ47rKDuOQq6f4Xrm4ghCZy1uX
6q9UNEK+o+Omnpr//tIndYdVJxuKbA+f/AqtaSvExt8ciMH3R6i/6Emj8xTGf63Kgv8/
2TCMh/2lEXPRj9Np8UDPfShr8SjUylt1VvOyS+/mXoMD9EoPgpEO/THFgoarfyjIefee
ViDBXZ25xFWys3XhdPDYQKCAQB9+7tp/WALCa3LZNhXTAd+PdQknarVTmpEMPmEDt1rR
Ounsworth, et al. Expires 28 September 2026 [Page 95]
Internet-Draft Composite ML-KEM March 2026
fLaEHzkvfEXPeaCHukPBda5U9KvZTC7eoRXRVjpuQE7zHCwq4sZeCH4/XWlfGIAAvZ7l
DxOKEQgW4ZihHmsJUqluG1v0m6HFBGznQyXF2SSpZwg55jUZ8KK8gixOcYBcOTcd84rs
+iYzRV1T9cgCfMZcLW1mWqdRcJTiYkraMArkf3sYSYAg5qKRStIWt3olVjH6Ikh3m0yu
s7gsNpHF2AwFV+ybAP4x86t04+xEu3OUkatPuMBHCm0n4AXs1Zuohc8ZEf603/oufpkl
vKCzUFvRum+dVzzVqDRbaEZTrep",
"dk_pkcs8": "MIIJfwIBADAKBggrBgEFBQcGOQSCCWwyvn32slzypBSSqPBwbYjgmb/
R+sNGDBThCJ+t2tXGb/gMyK/E2dvngcbNNZmzCt8IXaTyFHRPgaXxJj2Oh1bIMIIJKAI
BAAKCAgEAth8kk1L8PaYUg6AFxRPivHbA454GK59iqzJ8nz5dB0qPRvxx25KV8nKqea0
yiyaVla+nHsBeTsBtKrMuUew06SH2vj+ix8Ku70djBhBkuqhRcl9EaInQaMqd5NUpFWR
h762/kC/xnqdl88BQdWTCBHv35mby9tDiVRsXNnuLSy69WbPuXSbPUERppo9/Aev+6uk
rmmXk+HSxPikaUBW0yb66Qkin2STiaZy4HFvAkQUjZNVUqNtnt/CzaEDm/MK7418a8Bx
SSfsjfL3fpLELOuC7DAvVgnWRY/Fm2wfIVBX0zy2l9x9I0b2SS5tKq7h21Y7nEUhKr5c
lAcB4EeSZVzKrA01sKYbuUteSQHnLH5d11Q6N77qBtRXF41SwXdvBAuarxNzxHez2/lz
nWzQs5cNol9eacTGrlVhIqnxNknz8vj1RGg9a3hWp7WJpnrg/EzSujWpTkCGCfgvkv3U
piXZjA/uo8nhGZ/kEzttBAjK8a1ME2bO+DaHBQ/FKcr5Xgsygbg2vDr+lmxIl++4Es1d
14gI5/7S1yD10rwPtZMJgZgqCAiDFJRXI3pZ2u3bOcwSyxd0agFV8n0SQvRcHQ4Yl1JD
3WjQ+9YWD6K/HPBjizZAA674U1ryunSZnb7nhmg65nuMBAHnr+xzvXauagrZMBiIJtA0
N+3/h+EgaGGECAwEAAQKCAgBHQtVRbiGzz6XsQPOxAxBvlPnxtnYMoJ9/hFA+ES1een6
olIPKmkdg6BwrYylJSG40dVgrkLL2FpZApH7l4EptxHPjSkwb5OIFT4YAK+72GIFSAtP
mIbKyJkH09bFPJQmrOm2f8hqVbUPXxjLVVHkUPxunhDXifKZrDaAeGeZNozrE/EIzIcn
xyusaGMDmFB0ZduYwUllvHF30CCo7Fts4K5B++iXvMd8D2yYxNneZZwzL2it3rO4fC6h
vjSG02k+hbqfANxy9xO5EU5lMPFg8EA4wbvr6wp0CocUQxDFPMY4qeN6dXRjltMsnGVr
06UdaVcG1QfezUC1TS6fPvIaA7kSOAnqoRypF/XWPETcKDOTceTUfkVzQXYFbkMh1Pmh
UzE/sAzRMS47WSfoEOW3u2O0nD5gabSvL7xixPtU18tgcZUr+9xQo+19tRA0TcK1jSRF
mfYoXJ2Dy/PDJhBKTLoossf4IbQNu7KHzwOLtwsz7ZryFWl81q8eEVbolOfRn0cvI776
PShGF0gzKP39OEZAj+feq8ZsiKw7WuisVrw/5WGVX2ygZ8X9r04D30IeQqLZii6QNKBu
bOGDhp5QDeyRbRg2CTEtx/ZmdWeGAgu5206JiEBUCh/yzeSLIRsxGQtePa1NFcqZVRMP
ZWQkpCBkx8q5ZEgqyBUevy1B0pwKCAQEA5n6EsMwd2NGrZdjpedqqKJi7JPc4R2r2xS+
YuKP1oVNg3RNymskXFrPZ/UmsJLm8v0pkS4dnq4FbU3VPtfmAqLx266R+1cRVB1U/ax7
6vR/j9HUHHxlRn8TYTOG8D9k9sYuNfbeliYbpgj7A2ZAk8v4JwTN1V96Qzsh8V5nEzT7
GpeoTeHLQjSZ1sOyfHT+jCLDHRAkWNy0aL2YeIikdytBiwS39TSAnQGTOZrfxsvimuTq
V+JBY/TSmJ3W2bjVTkj6s3d/hmnxbthNqsX8fsg8vXgR+5eX+G1Z5kd/RM9d44Ef84Fo
D0IgGEgmDSDYnd/DML/hTfAR4VgD9wgqYSwKCAQEAykZRY2kldo0C+KyXW5ACjId2i1u
eiDRCz7vaFt/gpmOZE4ajW/6NXB0O7oo/9a1UH85RNZRm9SOfLtpZarHNdGnQy+Cvbgw
x4PgBccFLROc1xnWyXpvYrNYoObxIrKgRvIMiQOEJ+dXpWgda2kapygVyxzaGN6iuJ8f
i+fTvFw+QFD9mDZxeiTifONYrCs4+EPZ+wcS/K2cW2E2caEFL16APvdfkarQHrQQNmgW
Qj+yv72pbpeuLk/O+MaeWOxwcVfU8q3tWgCLiZYIkhTbAY4Cld4fgUY+e4ibfgzJYUnO
jxfpprqXryUDlyFMmtvcFgvzKlga83u1ZfqCzu+Q+gwKCAQAXiSu7cdxKW36I89FDZBS
j+JSDfcr9X+q6z9VkZTmbs4vchzPYolf9NXg46ODvDxg64DnFjJoFZTwSFZSCHGwKztP
F1BIvedDE4uuK4KrxzOPV/m0vu8Id8lez4gj2BVTLYFieUbZRiLknV4kRripXtaEBXWP
KCSv4MXig6U6zNonKP1Clp/OrthWmb0MAFZNsO8DdLaBbGfvmgyLokhI8t3KeDzgiO/p
GFQUOcBH6GHHN0DGoI/UyRcIBnX93WXKjKEs2jLnYsIIc4XavkS+HWw2XKBZdG1MLL5V
SU+xkwsfQ/wjPT+G71WfpR5dkNENrd+chrtW3gC1Zethui+5pAoIBAQCC6d/jJzpH8Bv
sNkf/ysTbjxD6QOHp5WkYacxM4bjT98IrEQjJkYaMB4KSgIfEydmYfD+zHclE/zkXadp
VY55Fqfao/VKNNvdRUzIcHa5JehsjxykacmNZ+YEvXNzsYhqYl4aj1wJN4FSXIAt9Gh7
p0Xzn0jIr89BDjusoO45Crp/heubiCEJnLW5fqr1Q0Qr6j46aemv/+0id1h1UnG4psD5
/8Cq1pK8TG3xyIwfdHqL/oSaPzFMZ/rcqC/z/ZMIyH/aURc9GP02nxQM99KGvxKNTKW3
VW87JL7+ZegwP0Sg+CkQ79McWChqt/KMh5955WIMFdnbnEVbKzdeF08NhAoIBAH37u2n
Ounsworth, et al. Expires 28 September 2026 [Page 96]
Internet-Draft Composite ML-KEM March 2026
9YAsJrctk2FdMB3491CSdqtVOakQw+YQO3WtF8toQfOS98Rc95oIe6Q8F1rlT0q9lMLt
6hFdFWOm5ATvMcLCrixl4Ifj9daV8YgAC9nuUPE4oRCBbhmKEeawlSqW4bW/SbocUEbO
dDJcXZJKlnCDnmNRnworyCLE5xgFw5Nx3ziuz6JjNFXVP1yAJ8xlwtbWZap1FwlOJiSt
owCuR/exhJgCDmopFK0ha3eiVWMfoiSHebTK6zuCw2kcXYDAVX7JsA/jHzq3Tj7ES7c5
SRq0+4wEcKbSfgBezVm6iFzxkR/rTf+i5+mSW8oLNQW9G6b51XPNWoNFtoRlOt6k=",
"c": "qCcCJehIVpExYNTj0cXSx9AIAu+653BMEzeTiGM/1JRftLHv5EoJyHr5NhSEIg
UNH6BezPJ8RMSM+YfjO5jhRxJrpacJhe8ZUNUh95e36NJwhdi8+opiUzNwoBJB37qydb
K1wndOxa6g7TqIW0u2uG16as9SEZnaMoyPOMxoYvnzd8nB8KFjxq4Ba+Tnclxc/TriUI
390eL/lcUk6dnCxedBHfbskpQhC/jRqm7KsYAzf3hHzH5OHatQdH/Ip18Trhv5hpCnkS
wHth+7Zlo4k1XvKJBNpm9VTUmaNG8peykqG7e/OsYZnKBGaTqEEF7O2pUosURXRlhVIl
zhYNo7NqUU2D6d3ZQ+N+7/sv2SVc2WEWxlnoEpDUz2iZbCIp3M8VltPakDcNoapl//vD
9rc+QHBLwg04tR2ZO6Hk2zfQmSI+V2UM4zsN9QGGNyE5MBlXjyzOn2FHEXIFq9yWA7Du
pHiocXxs9ZyKnXECDkG0VJYwbMjjFItyKoNtW6Dd5H5c2xU6wHzTUEdzSqf0dJMkFUX7
yMBxoUrXAqcgkBJdIn7NJIQJcoCzYcdRDvdNWJvRi1KXgrtn/ElbHy3rXdsxfW3vOppS
54vXOvdJDmtgnsZ0dhqjTn4kQupyScRZ6tfvuF2nowHkQc48gVWW5mHgJkv4/hrOd9TT
bL/tKRYtFtQdyAAcCgKu2d48FSsC3PEvwHDsOZp8eBjX4gY0igntD36Pvq6YLZG5+hDh
Ykuiv10BkoJWGWaWfdLhbCGx1BgFxMq628PsJuQkNdHFj2+xsen2IUFMWOoJUNaOPuVA
BgSov5GKJxly1qSUSLJVUx0vhilo0Py4m6Kzap7FER9l+IFndS4flDVcfoou/FKxliii
OoLw5SjEc3OZURSGbIi57RfYXQsLDMnx3XCo+8uutZMigtdTvqDdQkZKQJEcJ9RpoQ2s
Gg84kjge873rpVxpQlbZU0JQ2kvkA5LliOPzx9RcWFTETfpkP7dOx5faWi3EQymT6vO8
bIe+sDfvNWF7zRSTGW2vrptowBMdAjVbpfoEp7M2tq7iDUeRbPm7d+Td+q8k76ZYo5FG
55ZEXZRE3dMQU4Yf2TDXjJTP/V7axKbGuHVuU2k2lSKaPiwYk6HI6O5EyqCXD654q0+u
T9atUoK2d3K00vhguuh6FSSQAnHLjnfWETMjEZ6K4iwalJXe2pXIsH9ZKtm2UaPcUXNc
f7Ef5Gvxm9+d1+/Dikgnv24PXDpog7t4k+FI/oyVocHOBbqBHrw7YKbBJ02PNt+aJvNL
wR2gof3h7NzJ1CasAHciTPlhbFci95OoQ5PECPkdBsTsuGRYg081mXfXrrWOFBuqecSr
/J+k+wdMJ8zVhTi+JLaJTQ+9PM5u6voG2QmsbCk9gyoy1te+tOIfxBqbq3z4fElv2fT8
O+ZXi5SMbFBxHfY1H2c+9OG5Xppwm1TLxSIoPZRoGLg8FkBQ9auxALwSy8hFhFJXFh0H
qJkzoQlxSgujuhxrt8VLQqUes4n0K7Q6U2bDFoQt3DZsTjqofyjmYwNinaDJBpBCVyRi
9ubIirtboly4gxGpB8Y3ewK/CJc5ciWKHzHF/N5dxZVS6RLNqOefPgbSJinUP8CUhd0e
Jtlh7ZVM/+UEBxQlY566oK8+sQ6e4rT6w6nTCXO0Ns1A9GHXUeelUZfLBBXfDszn1fpC
ucyeoHlTYyNxbm7xdFs1A2ke1lsyvBhTvF5v3NC6jrTxcSdMo9xGcg3AJATHHVmH+Cyt
doTw1EY3PRUwdwhkSb4f8wcJKHYqi6jQ6mq1q1Dv/D/b0Pum6/qkhpLZY1Z6dLq6tCHt
MUydBKphQ3MrVuWA3VebNJpqhTUSFiEf8+J5KM8ugeFhk3/ouNYhev3qHFEMN0HlV5CP
pIfP+zuCLXoXv55lfEKZTousw45AHGNVGyOm1YG2QOp749udyetDC9065jsydGV64afz
Qn+xxKRIvZ7I6Lb+Z6622INOmzvsp4RwFRba604QLn1onlErsx2/GYLWsgEjxOsBDOZr
byBczItsvzZ2gBdZ+AI4bYmBzGKqsXW4/m+t1cnMdS/jDxYXUQsWImSEwcGBFQLyQZYn
HwP3+51QlTbIySxRX+hZ6AxFau+DbVLg==",
"k": "t3uqJRz/Rrb3C7KHKbZ8dECpFBDXi7/tul8l7LCG8BA="
},
{
"tcId": "id-MLKEM768-X25519-SHA3-256",
"ek": "yTKnA+IxwKxL//K5jBRDhGmEbYkBysYYF6mzXATNdaooYtl1NtSvtaqtYtICi
YOGXfW4SYGWZtwks+m+bEio8HyhRnW/jRBqdnyaQlbKLklrpfaB7+ZQuAklFey/xDC5I
gBdroI3qPkxrog+5mUD0aAr6LYGRgEWtRKkpKFGVGyQMgi4oUuJh0drb5dRH9QzZtJaO
ssLFsCbelS/IKXORfuoofRxNrS9JfkryQMtVwGaevos21wDNqJB4hUQfaIGA+VN+ytxu
prB0eyqOFILfglqweWLwcV2cXhH7wxX1xRvJjbPfKF8krihxyeRYyWt8DZBWnU6pkK/q
tF36Wg58AIicmOeM1YgcNam4IokMVMVYeOda4kWqaK4SOdAHnOorktmbWB4V7LEj5PHf
YjJG1Cm38Uh5sm3Pjgo2iSCStNw3+lQDoBSb6KsOLS4gdcXOwx8KBFy2CGyRVSCcypNi
Ounsworth, et al. Expires 28 September 2026 [Page 97]
Internet-Draft Composite ML-KEM March 2026
7BnQSBF5JaknDJU+IBArdletNui6WXDj+Al3YWjVUWbb2FuEVU44nUYukRqcDYNiVk2n
2hPmfGsGiKTAxcv0EVdSUK6EUacIKBkkuZ2cLZCztpSdttJyNjOuhSf4JKBYuLPWEMl8
rUAYQKsBuKFd6xNWUSisNItLrK8bwcz2ZFnUlQWwIq6JBye+iCyFeFn4bGVVOxmNBA9V
Yx1JLhgY5VgJ8anULth2tt7ALBAQ6Yu0LEyW7gobFwDUFtm3uwVaVGqtqdv9VcuHfiQl
4VvbljFy9AdT7sE20lrpDKnDHyVRnNKkhTOHIOHjpULd6qVMye/fNsUdGGQpkCBT/mGR
RFpHjO1faMybNk5WaVtOWR08jlaCzoZHRhs2GM0T7aPPqy9JMQ/oyFM+OEe4Ihd++odT
ydYR2CdLuuf4gikjYAXY7UncZHBEmdulPWxWFSibWO7IIKJqHfP40hSkiWXRtQGQfSXi
BktLynNxbJi/ixMnTNaDoGLBcbLNymsr8s3DxxfSwpdwIiko8WbBauHzDpyDAq4L6Uoq
uMbGNmycYJ+tiy6b3ia9ssri9K/4HgU1UYARAlIZllf4QQnMiC0XOxK4/KvDAKp91rO/
/odHcm4IvFViySsg9w03bxUFLNEf2ADCDnFS7QaLCOHtucN6jpTqKtW+cZUXao5keB60
zOn2Nm8eyo0WqsVJya3voXB7Qg96jPEDhN5zrnLIfAj91AjIcUKEUgdDpmyzrqcVzGBH
ytvwlBQANdNx2lnLBsSqpdVqhEzuhRC55cV0IIdqwwIASxV5tK6iDxIehlRVaSDTEEri
zNVG/enxoJYH0PLp/eOzXqEs6bDwwZMZNQ7LINGBWEDLVqcmmXHqFkJDlVK8Km2PYWgs
EZcMxZjX9FFG7xOAaDLtWYE7vGhVchAmzeku8EpPUOM2ZcNE2hAq8FbGrJktuGPRskER
sdEMdU7DsUq+2gEtOxauKhTrEWfIhNaOPkWzMEukax2hltYFGXMdxEKBoZfXVPAEzOXT
kZIuBWc+wlPE/G9fAqIG9xPtmituIFDzvKxvifI4UALu6ydgqCdRGYCtQKJWZA5Tuf0j
FimbVHgZqwEAEWC+XAmo6leQfVNjbdU2H6QrTXlMVR7zgbeHR/+J/ds9DBOyPCoWA=="
,
"x5c": "MIISujCCBbegAwIBAgIURHAx+XL1507qW/pajcphiCdpX7kwCwYJYIZIAWUD
BAMSMD0xDTALBgNVBAoMBElFVEYxDjAMBgNVBAsMBUxBTVBTMRwwGgYDVQQDDBNDb21w
b3NpdGUgTUwtS0VNIENBMB4XDTI2MDExNDEyMTUzN1oXDTM2MDExNTEyMTUzN1owRTEN
MAsGA1UECgwESUVURjEOMAwGA1UECwwFTEFNUFMxJDAiBgNVBAMMG2lkLU1MS0VNNzY4
LVgyNTUxOS1TSEEzLTI1NjCCBNEwCgYIKwYBBQUHBjoDggTBAMkypwPiMcCsS//yuYwU
Q4RphG2JAcrGGBeps1wEzXWqKGLZdTbUr7WqrWLSAomDhl31uEmBlmbcJLPpvmxIqPB8
oUZ1v40QanZ8mkJWyi5Ja6X2ge/mULgJJRXsv8QwuSIAXa6CN6j5Ma6IPuZlA9GgK+i2
BkYBFrUSpKShRlRskDIIuKFLiYdHa2+XUR/UM2bSWjrLCxbAm3pUvyClzkX7qKH0cTa0
vSX5K8kDLVcBmnr6LNtcAzaiQeIVEH2iBgPlTfsrcbqawdHsqjhSC34JasHli8HFdnF4
R+8MV9cUbyY2z3yhfJK4occnkWMlrfA2QVp1OqZCv6rRd+loOfACInJjnjNWIHDWpuCK
JDFTFWHjnWuJFqmiuEjnQB5zqK5LZm1geFeyxI+Tx32IyRtQpt/FIebJtz44KNokgkrT
cN/pUA6AUm+irDi0uIHXFzsMfCgRctghskVUgnMqTYuwZ0EgReSWpJwyVPiAQK3ZXrTb
oullw4/gJd2Fo1VFm29hbhFVOOJ1GLpEanA2DYlZNp9oT5nxrBoikwMXL9BFXUlCuhFG
nCCgZJLmdnC2Qs7aUnbbScjYzroUn+CSgWLiz1hDJfK1AGECrAbihXesTVlEorDSLS6y
vG8HM9mRZ1JUFsCKuiQcnvogshXhZ+GxlVTsZjQQPVWMdSS4YGOVYCfGp1C7YdrbewCw
QEOmLtCxMlu4KGxcA1BbZt7sFWlRqranb/VXLh34kJeFb25YxcvQHU+7BNtJa6Qypwx8
lUZzSpIUzhyDh46VC3eqlTMnv3zbFHRhkKZAgU/5hkURaR4ztX2jMmzZOVmlbTlkdPI5
Wgs6GR0YbNhjNE+2jz6svSTEP6MhTPjhHuCIXfvqHU8nWEdgnS7rn+IIpI2AF2O1J3GR
wRJnbpT1sVhUom1juyCCiah3z+NIUpIll0bUBkH0l4gZLS8pzcWyYv4sTJ0zWg6BiwXG
yzcprK/LNw8cX0sKXcCIpKPFmwWrh8w6cgwKuC+lKKrjGxjZsnGCfrYsum94mvbLK4vS
v+B4FNVGAEQJSGZZX+EEJzIgtFzsSuPyrwwCqfdazv/6HR3JuCLxVYskrIPcNN28VBSz
RH9gAwg5xUu0Giwjh7bnDeo6U6irVvnGVF2qOZHgetMzp9jZvHsqNFqrFScmt76Fwe0I
PeozxA4Tec65yyHwI/dQIyHFChFIHQ6Zss66nFcxgR8rb8JQUADXTcdpZywbEqqXVaoR
M7oUQueXFdCCHasMCAEsVebSuog8SHoZUVWkg0xBK4szVRv3p8aCWB9Dy6f3js16hLOm
w8MGTGTUOyyDRgVhAy1anJplx6hZCQ5VSvCptj2FoLBGXDMWY1/RRRu8TgGgy7VmBO7x
oVXIQJs3pLvBKT1DjNmXDRNoQKvBWxqyZLbhj0bJBEbHRDHVOw7FKvtoBLTsWrioU6xF
nyITWjj5FszBLpGsdoZbWBRlzHcRCgaGX11TwBMzl05GSLgVnPsJTxPxvXwKiBvcT7Zo
rbiBQ87ysb4nyOFAC7usnYKgnURmArUCiVmQOU7n9IxYpm1R4GasBABFgvlwJqOpXkH1
TY23VNh+kK015TFUe84G3h0f/if3bPQwTsjwqFijEjAQMA4GA1UdDwEB/wQEAwIFIDAL
BglghkgBZQMEAxIDggzuACNSe3+fWqBYY4TkMwl1BsmXtB848mA4ZxOX/AUAyAsJ0qEr
Ounsworth, et al. Expires 28 September 2026 [Page 98]
Internet-Draft Composite ML-KEM March 2026
CIc0yVp7Poco6xvBKYGxMNIO777b8RGvpgxf6yIAG5fAfYBkugDvDH4i1VSt4W5OYYio
CxYAPvOUyqnMs36RfkqS51XmnehGaHWb2O1QoC2uoaHub1j8baYkD8xnV4u8rk5ZvZ9p
wLRB1k4jbAzSwFNFq68+6cVa7ftXWZjZj39Ebmt14gkmfKQxDxxoL2TM0uVcuBq5a8t1
DV08yPphna5S+meEZSy+sAWgHF3Hkuov/s28sFUnWIb5vq49w4xTWdAiRgH/KRQm+X+u
QjYI/1HvXikVL/eU9xsGNRs/JD9hQL4sZAaH4Z8/v/ugm4ZQ7s2G1dwrJyfspymO96f3
hkdPeqCgxEZdLfaO8wWB7AspcUZGgbQhCsWWg74TRm5kKuL7UuHQTpe7u2LX58BaMozA
jNg4K9nMZlOfYwFmTYmsm5W2RF+MUKjzF3OsRTUzeqJhmHlIi/aBhpvgAnJLl69n3LZ8
09nx0y0XsC+N1K/pAYcJR9yXNu+vxDc1BIDxH4bRW62vxujybaAKBQ674dHOIqZ/BnLU
cyq6bxP3fxAWEjVr58rZbO7750QC5p7YJHQoTBl18VcDoczDO+O6AHR6gWgam0CUgIip
y4sWPJpFQ5dQUCBZ9T7oiRPgmVj51HRJWjJNFvwasl5ln+Tj6VYSHTMgcoV3rEUKXn4j
+KDlsMzjeOgW+ROtGKng/IAm1/8Mdp/XxM1zcByaUpwAYirgsnoRQghUDRZneH6bzfGJ
PqcZ15QSHocINc+5MQOfqHc8od8uRCZgo7x04yez9TMZiHy5jWjAYzOnd7GmSw5EuKOp
+vnD2lGlRwn+YjkfaWsxMD8JaJwbZYTlK6MfspLOqgFwaNTj/4Zdq8JccSKD5/QkofPy
2Dlh1TH4jcBQIcM5IAL6s98jxX+HyehcAQjv8Su4QW2KFfPXvjKhVwd2PmrIO38Vd2vD
EhRC8TTCT7jeagHVB3wIEHErZUXr0qpKTi6DMFZHVof9+bfu0ml4Ui2ks544zS3+rTpj
9+dT9m6+b3W26M6weMdED0E6Kj68ivq7gq1pi/ThkTGNuBhSp4jQiyx9VuNF4PVZSF7V
+mSedm9Ih/KQYtIJ/NJXFrV8Eu7HU+1OmNnBQOrjDFFgXc47FUk+nIjJO8faAD/fUlpz
Kx3nnJ5nHgX1Se8ew3a2gsJSdlywsywNtj8+udtzBbxCjA+vAb+aVLxOoN1UItOLtsCX
Ka4596YVcr//JE8PNlrOe+6unp72D+8PQNfebWOu2RQqICraT2HTRAXhtdVRupCkITid
PR18WUThOEtxmGbkxprl2ZwHSIG7ZWXoSf+LV2VqtnKM7k5Y2NfUAz+kuNpI7YrpO4k/
sTcHoOAyKxpUvtNhqxmtZZ/LPzuLx8+pCTPQni7RtDlc3XYdu15/ydeYtr2JIQcZnJdJ
65upaKyumiEdznDDakIsKJAVYJNddiSmLHqWs+O3pJvPBw9UoYPK1GieBw2+ZCcM2Luq
Lpy/g5nF5aDAs8g6LZ5AU2JYqniHvWqiIhLe9imTdFDcLw9w0wDRomQ1ZgK5p5vNDmGl
hpQzI/mhnCsAQq0m2O9mq7kdEVVIhs5pwV7/nLsks8v/Dub+A9uDyPkoheIFW7l6k797
kO7f94oaRR2qK2J5PkZVBPXSkH05zIL2u9aPpYNE483fSLBfO13I+ll6WGlnatodpPKa
h7PrUmjB76VlDxM2fK3gWp1yGhElLyZReoLBU0+z55rAQBu37u5cEPRnRY/KHqoiesBb
6Y8v5FBCtsrbvA1J0YwsJhV5Zg3w8JCWqJSGPIj2s4jg8nH9coWloWWGwyyDv8R0wXXv
s/PvXvm9ibORqWai0OXcU+pskhMZztWmKfU+vJ4xSMew9vgTm5IsdltPOVEAujcPU+WR
Eyh1PkyuYp3F5O4n828Hsge1uYwqHUwmKZYA+UiLq4JH56RZjxQPtGtSqXnDcgbPyhtY
CnkV6Tnv1bpb9lywECtaBYhAjDv6uiZtDK2ellbXw99AmmE5E6pb0SFgE9WkLeLEjJyM
jxWKKNcbcD5+bnAxi68KqukdsCOkmByattmvuWlk+C9BdRTqg+rKK2pAHtjXOtY12lCz
x0eHspFa7lOA8rTaxUgYdqsao+QxHusVl3zcwRGmNHyu5sgkzg7fOROduQwoxv+39Ed9
QVC8sTh2Z7ErCRCdg94oVA/Nh7ONODiexlElkXk8SfpS5rSYFZquHrjh+CLMXdPlVPPx
CtA1K3Ac2KaR0llOMMFtQA55C9U4yK0ePN7dTV3c6rjY4XUzq7xkSXF6Qvmpn6VEjxyZ
8IK/jMelUloIQZzDNXruFcLiWCmaI332kQaS6mzh9hCFmbT3BSZNzTGREZ8l/41X1Uzy
juAyXRUb87gQJXUsDjuu4ZRqDJNtDvIxx9HosPa90Md3iNwFok4x07rOy0H1h3oYtNFq
q/M90XeAlDIlTvyJfisXnp4T6KtxBiIJ79NM+fo1R0VPTPqI44OnyvWJPG9CEo6uYgUb
ArE+ug+Iag2F4hsJ2ftSUeC0+x/x7hTffXuX1on68Kg4lFm/9L9ceilLhX802uA0kcRq
IvGLkCducJoM3fUfIR3C6qkfmFQGpGNOJl9TQz9SRLP5PU4hBP2vZuULVs+bBcP7FxbT
4OgaH6vvuS9OgWZJA6Tred6Wy2juSoLx4zH+Ovv5I157L0aQ+scorV16lFdt85LTi0KH
IoJKYGEgOnboardRHqr5b+ijfQk7NO5MPA8G+7Z77WFXESpXGXDCIepXtXI42GwJo3rh
rnv8eNq+oKyZrkcZbzK99dOLVBfz4if8WyFElWGceyTtrqcH9hcm5EvkjzgTYxUnjLar
byoRGTUJqKO8bepnY4Z323H6kufkEYOeS5LRd9J7lJ8lQx2zJ7sTkvcKLzPEjvXxyCjI
v2K4RuFxHT/E0icU75DN6PkQ0LVtHt0baozj/TqJnnoCuaOQqM++/fdlH1tLa9qms63q
cPcjBEov0JReqyfcUxfA7lw/mQstbgYJ78DsVQWKSiQd867RyzPLCAfF3j4c720wom5Q
deJzAwhy8LsiklvRTUl9dw6ddbtENTda+h4Pf/I0pCSHoYEVBxHiPXTIy4mQCxazaL1L
7glRn5R/wAu4hjwF/57QbkAz7Dq7x0ae7BQmWPFwfVaExLdBBZ+ula9aFB7Z6CVhYelK
HoGrbaON7g6HZ9SzY/DxOJ22wXY5wd9JxvFgpL1/w/vBZ/zZs8aWCEIKk2AVIArhdNpH
Ounsworth, et al. Expires 28 September 2026 [Page 99]
Internet-Draft Composite ML-KEM March 2026
eF65It/m94lOjLKw14jXrHnxD0UKF0VsjvhhlKt6vGA3XqSNTfSt24zfwIBAHp4pcs5T
4OmtrPPCEyAYuedGGXrZD8zjoXLblbE1w8rPBwqJ3BhIVrnenhNWqagobtbcyU+777fG
fQFBDVNAU9SUm1Cp4T93efBa/ebw8N/JKQU6Fqhmm0eih5CWE1odR8gk6PHHzZUea53+
NM6cI2lKpJpWv+CB1kS5ZDAyiA/66BPLSOTJBPlAwr22f4K1X5F0VMLosjkQVoMAiXIL
1QygLdHk8vm3Pz9haswJNgdzpZqsowrLhTDwZzRWjM5khMFHWjho2uIobB0ybGN+HEfK
iYzEgKIepNW80UPjpJUwGp7+FRbuRvw+to/f4AgjYAV05h3vEedd6Kitd2HxxK08/Lcn
8ILXUzuk9kc9PFatwZtEy9UwYBKBY6XeY+aCb5KYS99XQgxTRiTnpDK7QY5nPGUfHMSH
HkzDUWPR7Cve/fJvcnAU5hCVKSS/o1rBiMp43MVcHWyNh9taGFt+uyWeadRyYIBFlDnE
CdqnZ0GHMHB8Nnc09Nb7YvNiIrwQKmouzi7TPx6y7S31YS7LkeBoxW0QDNDg+FeJNCsq
nqaUYNB+haNGGS46oPKsOvJJAvhEdQQE5XiStdTdIUvLqnTkDeA0GSOMnZVdxjXBlqe4
sECzsNQNZHHquyCobcevwkh8UjvHk+Q1dbXI2Q0UHLXyIksixWZWM9Ub09M+enacBfEw
j+UBtJ64rHYEQY3m4UDxbsKVYEM4BTDpxoI6B4KBHK48GSJAIdOlK40LGhTsuDe49C0r
2ZIgy+qF+ehiu0r/cdz3+P1M4YOvxwUzwtKscy0cdc1LibRI1EBS8U3USjKTUTrLsN9u
HyAtKQ3cFv1yWlG/rTu7NXxMOaUcGSB8gmfC8RoBdHRHZEDjI0SysCdZVgnoc4ZRdoxc
SvHsDkN7hLQh8lxyGSM5X3l1NqK3oUIRNUrSMe0FXKCr7BXrg+vrWnZOHjBosehUdvXF
AwhYbnCJ4SFWtOr7DhQahZqtvMrfLVBXZ4KRncNFR4ySlrnnDxdTXWSSmgAAAAAAAAAA
AAAAAAcMFR0kKw==",
"dk": "2Ov6BBGEv4OnW8evCZH4CG+rlvXqDZDqCvVvG3UVnLqc2+yLnan2JQGlyKLHZ
UpkJkybxfGls7Q/Hj0UkzvfjIClCBG6rtKEZmde7iVHNvSL1WDv7+3ShnmO6ZXiv8Ja"
,
"dk_pkcs8": "MHECAQAwCgYIKwYBBQUHBjoEYNjr+gQRhL+Dp1vHrwmR+Ahvq5b16g2
Q6gr1bxt1FZy6nNvsi52p9iUBpciix2VKZCZMm8XxpbO0Px49FJM734yApQgRuq7ShGZ
nXu4lRzb0i9Vg7+/t0oZ5jumV4r/CWg==",
"c": "j+7gq1b2DzYXkOg+BcK8Kg5xm57QAHEFMFHhbfBRjhikEZLsfDUtOTwMDd3Jo7
t7HRg1EUbPB9EkejLcUBPmeU6/9T81W90yYp/ibNvLpp//Xv4Gb1UhVj0zYn+iiryqnD
44LRFdF1yeoxxmsxdfQ0eB/x4xRsQmNLvhefRIJR4lbfN/wzGdtOukUtpiSP4RY/GkvA
xR5ZGMWho1hzJdEDxQpR83PVtFKvpPSsAJok9pysVDmDnKinTzdZFFN6/gbZ0shaxMEE
nf5tg2rJAjwbasVN1sN3QqIHRb4kcOeG3wjNefDxBrx9L8/nN4+pyQ4Ae3Q0ixHi3Icy
Ddn3ELPew5bq6KmhaNLtGKDJX6SlzzzbqN7BDel1XYv2LRRsI5mt6KkjP19omSiEN+lq
/zAMoY/uxeDF1f6KF1KUjIwP5dMMV+UITOWft2IEYiwfVMuTXB9Gz4j38L6rPGuyhWU2
h29kBfhGfAf/6S4LQOvUWXWvTmMb8vWTeEJ+WM94vbj7Y3pOjpm1XvedvTrWn7uQwx+m
xo589d2w2P7/ApbIEkDl3Aoo9S9l77CFVwh9mVjC1Y1RywR15lUXQa4TPattmg+cKXFg
WBHcXTEV2PbeNQvLpp6YcenHf7DwyyOoeGyejDh6VqXwli4YpLkOs/ZJh9lECXWjxjtQ
Mz+Zg1hgvAckp/lPP3rp9x7qVIyLPzaDqp6VEcC2YOAYBLDJquSxYPeSWguZhl4NVYet
iyaA7DwMSHQukZziL/Ucz8+P69lEmdw/acH9uj1F+3uUvfh8s5Y/k1xioP6+jAAGmEoA
Yeoss1H4juylyBytk123k0L8TamEwzdLvbG3Tn0PbwYPkAWHtpd/N4NkO3Dvlv0n3XE6
XAub/OmHIdqHjKi2mwd/FdVOZx5ADIZUxwLvc+G6MR5mRR8tpnJN96m8AZXsrFhQPQyx
ESypJ3D1HKAgXCjAG9IRmmF8bc2p3rFmjLZg4ETM3Qg5nM8eKMrgVeE9yvH7PN7GRQWw
eYNLM+xRRJswzcuXSXgsvfcxBN0AdUgbXmsSC0nduqy0PHSbFG8YlAT5ZV5eAYSsoeGy
c2KYNIWvf6JdAj2KNwD6vdI6v4CIWrEODBdmjAN8AOSf9wsUvZf/O+iAXMNsLFQp0rb6
1NZLpvvfPKK69d9tg3EbFqqkuHNw0/2mrsnauVH8fbz85ndby2tFV/rqxNb7cHzsNvAm
hIkB8WUzps8gabGN2kqYL7Fgsi5uBm588ElRX0Ac73zJGHBWNFESh3GsAm8qc5IcXqao
dN3Iz43gwUTass6OLZLH062ZBvEL4+LY545nv+srprnCtQJeMoYIwvYkVwqj+Wilse4L
niitRJExaR3pYxWamOCiUjPY/lvfl1otCRz7UxV2xRv0YY4qqMvzsGCvlwmHn49dZ+Me
FkC1Ts5iMkiOekEW5b+5zixwhlCIV2tdy62iaN7c0ICew29mW2mMe2OPGSq0Q7U5q5h+
D8LQ==",
"k": "xJj1+/ivgv1L0Yud93pC1kTXxn1Gh/kdrClfry0lB2I="
},
Ounsworth, et al. Expires 28 September 2026 [Page 100]
Internet-Draft Composite ML-KEM March 2026
{
"tcId": "id-MLKEM768-ECDH-P256-SHA3-256",
"ek": "18gVTXJY9LZ4X+MLsDMbsfgd7GEvA7J2fFFc7pxrhKSkQkNrsNaGCtaOfrAqN
UaNYTRDjQxClORcg9ZY03W/WQEuTOAp0wrFkbpVMeJBuIQIbrEEvMCmmgcPDZUuZJQPi
picxMOHvKOGEWvAr/obaQHH2QKWTSbOz8gVauuGj5JPmPPMiMxNQdEleogRetAY6oKUy
+qpr/crSXIL79qmWFQ4lrIF0GZi54alZLKJvEcW8MyVHeukF8wpbGQJBlpzNzJtz5cQc
qJ90ogHrqohnddscZIQjuErImMgnScVmDA9vEOJ0eWcN2aI4QKpRnG6ZVOKRkOCHSILt
nQjffBrsciw5MEwwlsdGlmbKmll9zozOlkDbGcJeXcBlvaHG+mhjMjOfNzCriwObXLI0
IgOm1cfsfyEDCA8TUw3sqFbUaeQfVU2LANERcxkunhEqusP76AiG8UWEKwT33hr6LwL5
3YX1WKvTMGQdxi0HSWIZXtBB6harNODGfVvLKsoFGQBEfAQAOlHnCRfqFhdNTwF16t2n
1cd0nydcfXD5gIqKhufZdU/hYkvysiObAM2FhgUtnbHsEt/VeMTeQEQURJDJdY9IjMaT
vjKDgCGNlskorpbgxKQ8+GRj7sTqio/okWn9BOBrszGRTCAGpgXFaN5jEOnXGerpkkCB
GJIL+Ngx7S03bqXcAMu7eqGp5SxP+VBmnpnYKwzExhiscxNSTM0bHtpWYtjOOee3/RfI
nFgodl6D6eKTWE5FzrGpyuV/yG9VCE5P4GrOixZv2AYtDSeqWuj+Et05VodNToQ2VAO7
Qmrjct15EgDCigKCXXLstuueDmnJqZHg2YFWjMz+Psaa6IU0lm+zgXFuoi66eZdAPKeK
oqUQadvmSU8LygBizAmXkaIGzcI1mGOJ4MuMGRPLaR0rGCcCYUiK3Ys51WD0Aw9c8lDp
iNCUXSeNDg4IfO8WIOkekbCrUG1vQEq20M/R1GRa8aMC/K19XK7bre9YPsPkiQXy8XPO
VuyJZqBwZEc1gIij1aVp+u+WClX87CaJSWqnoFQTySuRYRA4Zg+sySgmLU5zzwfRAV1Z
dF0XJwKo2jAfDpGDQgiAid4pKS7cGOqu5atcEyeLedRPxACOwiGqQI6Z5Qo9EYvhLacZ
NwlHekmAmwOZPaZ15WpCnors8wmBiknyQiarkI8SgqY4aEgXAtYV1rCdKYBdGyGsqA46
qYje5YPdYFkt+aCHvqUIumFu9qmuYo/FHKVh/FcvIU4sfNxZVvOuHpO2tOIiZsZYqcN2
9YkYmS15oKSHCCXz4OZbzzKvZpfc2GgOxScdReYMDFjf4EnESzN2vaz9sZxLiZrJyERJ
/DJOPaCysZQZzdlWkrOssQE88F2MWzN5nZ3ZJwHT0mwDYAIoEAvmGZlUNG1J4O7QFVjk
tXPawvPBOqMyBxXd4wu4DiXCOJ7S4SCV9B1ABotCfddEKc7ACV8EBF4YlYI2TAC+YuTR
rS5WyF37EsEu9MqyFwgITpTuyVVLrtLlCJXeskJJgpAmhrA7EwPDJs9EpT50myi5NdEy
bFi4s/1IwQMpfqdRSPNQHIEGS3j2kYt2ylsgHtZXCtJ0UcjiQaQ4qjfx4hCFK3T5lxLi
Lk62H+OWzBS3tDKhxYzp1pPCUmVt7x5MQ2yuXFi0A==",
"x5c": "MIIS3jCCBdugAwIBAgIUFaq2KNh6iYus/IIVGS9mvmvYbGwwCwYJYIZIAWUD
BAMSMD0xDTALBgNVBAoMBElFVEYxDjAMBgNVBAsMBUxBTVBTMRwwGgYDVQQDDBNDb21w
b3NpdGUgTUwtS0VNIENBMB4XDTI2MDExNDEyMTUzN1oXDTM2MDExNTEyMTUzN1owSDEN
MAsGA1UECgwESUVURjEOMAwGA1UECwwFTEFNUFMxJzAlBgNVBAMMHmlkLU1MS0VNNzY4
LUVDREgtUDI1Ni1TSEEzLTI1NjCCBPIwCgYIKwYBBQUHBjsDggTiANfIFU1yWPS2eF/j
C7AzG7H4HexhLwOydnxRXO6ca4SkpEJDa7DWhgrWjn6wKjVGjWE0Q40MQpTkXIPWWNN1
v1kBLkzgKdMKxZG6VTHiQbiECG6xBLzAppoHDw2VLmSUD4qYnMTDh7yjhhFrwK/6G2kB
x9kClk0mzs/IFWrrho+ST5jzzIjMTUHRJXqIEXrQGOqClMvqqa/3K0lyC+/aplhUOJay
BdBmYueGpWSyibxHFvDMlR3rpBfMKWxkCQZaczcybc+XEHKifdKIB66qIZ3XbHGSEI7h
KyJjIJ0nFZgwPbxDidHlnDdmiOECqUZxumVTikZDgh0iC7Z0I33wa7HIsOTBMMJbHRpZ
myppZfc6MzpZA2xnCXl3AZb2hxvpoYzIznzcwq4sDm1yyNCIDptXH7H8hAwgPE1MN7Kh
W1GnkH1VNiwDREXMZLp4RKrrD++gIhvFFhCsE994a+i8C+d2F9Vir0zBkHcYtB0liGV7
QQeoWqzTgxn1byyrKBRkARHwEADpR5wkX6hYXTU8Bderdp9XHdJ8nXH1w+YCKiobn2XV
P4WJL8rIjmwDNhYYFLZ2x7BLf1XjE3kBEFESQyXWPSIzGk74yg4AhjZbJKK6W4MSkPPh
kY+7E6oqP6JFp/QTga7MxkUwgBqYFxWjeYxDp1xnq6ZJAgRiSC/jYMe0tN26l3ADLu3q
hqeUsT/lQZp6Z2CsMxMYYrHMTUkzNGx7aVmLYzjnnt/0XyJxYKHZeg+nik1hORc6xqcr
lf8hvVQhOT+BqzosWb9gGLQ0nqlro/hLdOVaHTU6ENlQDu0Jq43LdeRIAwooCgl1y7Lb
rng5pyamR4NmBVozM/j7GmuiFNJZvs4FxbqIuunmXQDyniqKlEGnb5klPC8oAYswJl5G
iBs3CNZhjieDLjBkTy2kdKxgnAmFIit2LOdVg9AMPXPJQ6YjQlF0njQ4OCHzvFiDpHpG
wq1Btb0BKttDP0dRkWvGjAvytfVyu263vWD7D5IkF8vFzzlbsiWagcGRHNYCIo9Wlafr
vlgpV/OwmiUlqp6BUE8krkWEQOGYPrMkoJi1Oc88H0QFdWXRdFycCqNowHw6Rg0IIgIn
Ounsworth, et al. Expires 28 September 2026 [Page 101]
Internet-Draft Composite ML-KEM March 2026
eKSku3BjqruWrXBMni3nUT8QAjsIhqkCOmeUKPRGL4S2nGTcJR3pJgJsDmT2mdeVqQp6
K7PMJgYpJ8kImq5CPEoKmOGhIFwLWFdawnSmAXRshrKgOOqmI3uWD3WBZLfmgh76lCLp
hbvaprmKPxRylYfxXLyFOLHzcWVbzrh6TtrTiImbGWKnDdvWJGJkteaCkhwgl8+DmW88
yr2aX3NhoDsUnHUXmDAxY3+BJxEszdr2s/bGcS4maychESfwyTj2gsrGUGc3ZVpKzrLE
BPPBdjFszeZ2d2ScB09JsA2ACKBAL5hmZVDRtSeDu0BVY5LVz2sLzwTqjMgcV3eMLuA4
lwjie0uEglfQdQAaLQn3XRCnOwAlfBAReGJWCNkwAvmLk0a0uVshd+xLBLvTKshcICE6
U7slVS67S5QiV3rJCSYKQJoawOxMDwybPRKU+dJsouTXRMmxYuLP9SMEDKX6nUUjzUBy
BBkt49pGLdspbIB7WVwrSdFHI4kGkOKo38eIQhSt0+ZcS4i5Oth/jlswUt7QyocWM6da
TwlJlbe8eTENsrlxYtCjEjAQMA4GA1UdDwEB/wQEAwIFIDALBglghkgBZQMEAxIDggzu
AJrk5omVw4LcS39I/pkCKMRHXrRl+DRCoHYUFCc/d5yyPGXtpxxfO0+4yKMKlOPO30yl
3qu7b8f4xT1kavrIFct3WJb2pS8hJZ4N5uyO+spyXfPAJXbhJUyBFMGnMDkqYYUtG4sZ
zovZoR6esjn25wGN1/txsCGOMZ7W+6j4r0u8NCSICKGCab9Cw6a0uHgEgAKWCelAiIM0
G0gXTDXuMC3kIDNbDzAWRUn7hN+ERoluU0EVliSuH8c5PZoa+zvT5DwhsXWxUHCIURja
sc4dK2CitYcdBdyi0p1aNNaAd8BQTDLA3oF9oqJT/JHSBMqvYHDNGiGo+rCmTOiQV3bx
Sm0brYLUgm1OBosEp0WG4rS/ZDpBuyPEAomN+cDVTB1llBui1Q/x8Sg3D5tZBqOENZPO
Rrp/siCwVImrtsjckPkmOPIaujk/fxHFQh4REyAu4Pd5n0wyIk6nANi/2NDo0soph5xo
4GS6WBUKpyIa36xC21SGjZzVSxEQzh7np0AfqG4tTYMen1tre4TZbxsT0vrve5czTigy
Tt+I3WV+JTpbrRd8cPrswaUMRgyCqtIPhxcJj6h7zsqL3mNtvo+mte7VttEQE9zI/Rqy
e4YZalXqx4f4xbLtHTAsVsgJbeKsG1zx3cZt7+ifgi96siQpxR95qDjikC8ptheVOYKB
W8qFwCxgIAkMzy7yPigf0uD0C9adFWOghidGyMrQSupRLaegE7mo+W6KvNH2q05jHA10
jvIl56QilQYzK5CMobAGARIELTtguPvoTJ0bIDweSDkm+niAt6PghAr/1+EaW9R6cpcG
jXyM8RJzg1usdPMUPlgmo/ZLHssFkG4hDxslY4gu+SHoD+DGYD7wIwPJ61DpnEweEDQC
whrrEshQ41wMuoyg0lm5SbIhLmd0BHuR8BeTpCnLOcwcrT1hrVPubm6/pFYSNTpppNrO
ZC5XT5Uij9JtGzn+yFCsg7VzM3HOTsgNGMjDL6+um/u4avblqgIQc2W2CzBOI2xnby6Y
h3Vs9748J/ix7IP1lq+/dC9VhcnC6m1GvHTv8agVPTnFVRTJHA1DjLtbKorloLo/oyPW
+K6ZGVObDakw4O+ER9SA71R5nyS/CocFD750KdHmIcfr5LurC0VQL45Krp1qIguKwshT
qdQpb1HlHHK1lrgPRABmuJ1qq82IcLI3UliHQrk1EI2DMUjeNazqvTNvLEc6bWrQ0nnj
pTmaCeH5VYLtajZE5BDqYQCzj4tJRrWGK2wFBT9FubVr7Lh9/ckzl9KXp2xNYthxt5zn
p13EpRtAtDPJ4HzkjotRhwx7F8YY8GLnzSxNMYCskiF2NqrUbaaiviKs0qHG9jMtX/m+
Ad6Do61XDPnlKaDSP1ZXOcbNdvqlM4NR85xtd3UlMud1ycWXxYCgdhaBSr6DXjHpSbbI
Jgi1z+7JmpHiCAMtp6s0EoUNRcLE9kGo6CJDUteV4DYCYspp3HY0516qeXSCkWzNuhxC
pG0mwtgFB3lzEq+q9xFoUcAltnyvZRQWV0+zCF7DVtWLV3NbPGNMUvb9d1rs1SjOFur/
MS5bsq4flT06Pf8TgPTpwHQ6l/Phyhqv0aweoLw8TBaOkSvqO3I0mg9HsS0qpY9E9rsd
A7QtAmQ7x+hk+mYNztrZ0z8PO8/gxpxVcd5ZZS6E5LzMYepTc3vvk4tbzz3TqUrWLTq0
k8W153yx3jlrGvFiP8qyLU3AbFMjsiS+01IRel13qInp8rfVmRmBS8xVpKveoxgSg9xb
+DgTasNkwA6i3THxemZQSMJcGoDCJ2WIF472Qcxcw/SZuWdF30apzyJMv2tCogyvqGiE
pf8kcc5My223HDV7Tcbxli8hlppz+eWwU4s4hz2unXzp+n8Gnbg/3kIl9wAsPx2hkCBr
S5saN9XMUhqClTVaMBqBUlCkbJzTORP+UDPsNOU8Ab12v3MG5YkOyLbvS3Uwrq0TGIA1
UyHdpPGwZ1VFHnt4tgstyVw8DobfGIZjYa038nzg9sl57T2MXhPIlT0h1EC2UnrFYctK
G63V/H2NNiCuvBxTCwv64UR2cm6Hm3l51Ojm6Fvaaqcha4U2LZrKmuNiXO5ufTI7mxtB
TcP/lUgfRJP0Oe53qHEoS1akRj64cW4WIaaK+yJRGoVDzQLmCYmX8WCY3yza1G9uDMls
g6/cYXX/lkxSblrZvtZANss37Ya1hupHuusAeQtS5tIH9SwrVxFDfBh5XPpqBb1bicW2
wHYJHgGeiVbegMPHh4A1xnBejWLwaak6fhYLZr2ub/uAcpf+haAfneSK+M6Hw02mL0C/
fYC8QkIZy+f828NuBv6FKrLiJ7mHPEVwBCMSh+SODK6093+cU3nKDUkLoFYY4gNQSkF9
2H+AC+75C9d13hYmXgbrczVphU38CENR3Nr7DCHRFtGA5E62fTlFVsC3cjUGC1mVlK08
W0wR0kOyXL9migIH3R6Ng2fM68AGkLA2xHA0SEeYtRYiMJz0LLR889ITgbZf7WAk8VL7
CJpriYjlBrHeBY64Yk+Hqm4pk7C+kXTErv7bVrbvHp/2yAh3IT42rr5EGGqnCiBngXkL
dRiijvgZboqH3R+HnFAZy8ZftVjAEws+vSmsw0IoWfgX7p7+gjqk2JM41cR3FsL6PrFs
Ounsworth, et al. Expires 28 September 2026 [Page 102]
Internet-Draft Composite ML-KEM March 2026
zQ05T1A/eCVFaWDFNa2koVkhxXM10aluwyVl4BeE6N9Y+Cs2UQ/zju9YGPj1kKH2OuhC
bzGCdb0Ixis8EQsEVtkGlVfsm7vSpOM4lRAqOp1UGEIWTHkxMOcU7liqEF1j8R1sFybn
kWO7kLvxHCQEDen30q4T8IFH1BN7jr+qvUo9QCHMAPLDTTSATs0/iX7DfCbADGS0k/dc
meQtIMrD4J48p9rMTkNO1FKRrxbCqKwrWfRiV/NtY2BdJkN/s4x7Jq2ubEu5/qjUv/Wr
CkuBr6aNmJLQOnW+oOluTIxW/jfa/bQbZ1BlV0QS2obdFwRNEq51pKS7m2ZtEqBLkIy0
ae7wJ/e+pZvaDzqnQihN3SD49d9t/XiPMNeH/nGNhCc+NgBiTcbaH9Vci/vo5qobW19u
3CKwgzw6Q6u6iCXj483dox8R+KfJXxKcoElx8fXeYdD1o8ubvrfkOnPB09asbP7yCgCd
10oOuzJJ2VttWdYL4YldOLQ7MnAFCle/rVhbWKu4UEoNijaByxnxbQSnnDVOsN195A7m
eR6y07Gp5CZQx1LOiCETgR7HRF/p3kN8f4vIh37Og6lsnmepyVewP8oWQgNJlysk5sZr
/xRN3nBxjHCJImWyxoZu8eBpAjnJkxAcp7fjfUe5v4oEG0nbDInDKkrnB94WggqP3pjg
w/DczkS9Q6/z+LP9No2AX5STSikzucPW7YnZQ4fybnsQLI5/ZcYR3e/d+t9DM7dh45UC
iE3PuHkgUd/93VqRJXlN00s/2EJcDA/2NCdsvWUcoQN4dguJVQUPEtNHZnWL8T5m/nyr
tGLG/lcj6USPH9PUQ+vmeCJ1IQGMAW44cN+yE4eWCf9uAU/0aYG77o7MYpwcGCdZ1QOE
TjNnODWBW68nkFt4C+mZmSqypM/QS1taTMmUbVT5uutuEKMjpeaQR5cmRBK3fdUWR/KY
Va93laTaiodkcN5W3zo3Y24Gg2I/ixdo3psthgUq69QjMIy1nnJVTf/koP738wuele0y
vzrjBvzljNvsnDuUPz+UUMv1T3kBkOBs5P/12XOH+1rz0hcedRPtq3k6/te4uJQF63jH
N1RFcmYMRDQRzik9BpKaCU4H7a1kHazxPw8NITQcYCZr/C3TE+lsMOOHpsUDMJne8Kg/
5nnOnF02PjwGtz7Q3WHUPLeHZM6OSu9UBJnMMAWs81eyKdU/eXcaMzVnPkp2iteWOBqh
fIwpIPKIZg5DWhXnXmK478YpNPQZBxRcfsWsDlkuCzvHCe+Yz3gGYPnyBesTaiGCPQXN
OTV7myTRYG9jywzc8ugNxgyM8SVFZOE19k2yxTmKxqq60X8nqjnNMOwctrd9UB/j2Et/
Yui9YM9vE4Klxfd701/w5czuA8e5FGAHKZhDaOkc77dM1NI0YYFeUAIMUNppxdnZ3zAg
KUeEVBHQN3rq+/0WUJUEfBLw6P2oA+c2m8ZHASzCrIAVB3RlrQFuGz8iHQvotJc7+rIU
IGfrpYmt9kJX0JTo1UIX4oPmQdyKd6YGyX8rEo5VrzVExpbLcMjqwp+/3AAEgsdHL2mx
PhdcHu1pkyJ9MEoUHbsh+YktF6QIj9O7oP+ObLcJFb5tK2023DW/dF9PL23KH3MQIuil
L990wQXlI7i+640Ptd5oj17QTHbKK5Xwvu4H8Sj8uSY7UVyhAwgfS1dpms3X2uT2DBZF
n6Gp1FFZeI6exMvN2ewDQYzGATaKqNjk8YKL5QAAAAAAAAAAAAAAAAwTHSEoKw==",
"dk": "Tak6+hscMcHksvD9M1lJH3URy5ZL4o5kiJjO4Yc+DCn4gWlIgRe9RvZjoXXyR
88ndbPF0WX8XzsFiopwet8jtzAxAgEBBCABe1PuA0S6EJH6s2EjDbZdi5YzNURL/L3xz
Z8cmhKvqKAKBggqhkjOPQMBBw==",
"dk_pkcs8": "MIGEAgEAMAoGCCsGAQUFBwY7BHNNqTr6GxwxweSy8P0zWUkfdRHLlkv
ijmSImM7hhz4MKfiBaUiBF71G9mOhdfJHzyd1s8XRZfxfOwWKinB63yO3MDECAQEEIAF
7U+4DRLoQkfqzYSMNtl2LljM1REv8vfHNnxyaEq+ooAoGCCqGSM49AwEH",
"c": "E176afESSgFAigXPnBlt3vZ2aZWkYFO7Ym3cNxF3Cec7AigPN5nh+MJZoc59nV
63jcLAli3p1BOmZ50LMdzrhumpSsxP9k7U/y2bs1kG4NHua0IG+mrEDtM+pyPoWUtC1j
IpUyCDZ5oAaoseQuhKcQKNUzATBFjFiTS9PZhCwD+V/NGElRyqOTao9KjrzQumlC/3vC
0haEusuNQ0eff/XYQo01dVVoOejhApe/x8ddPiGhomS+x+jGMIR9ngqw4wwex23jfWMU
D+HjMy6lPh0BPTgbj95HsaWmCouo44r5BY/aV8MwKrAUZeDTjdAFtB2qvUmO/UdYscbu
2dl3fGb4Dn7ceZOeisne1z2kmAN+c/MqAUxTZZ6AqHCdv7lAlQj9OO94RhG2UjM4eXlf
+/WlCXtCVOqNwHeBF8YkG39ywd6uNjQR/34ObSwZZaDMBMn/EAaChnOMSxh5NGlfGckW
82MIDdjDcL+k62tubF73QStQmQ45eZqJBD27qAgw5/bJw4iej4yOzrtaConPvg7+jij0
Bkx8EzrkvJRY5MRhdwbz2gVYmxYUGW1cFlWMPKtBvvgkjY53NzyZPVYMq1hYtcYpDDY1
MY0tkc42mysPwXrhBpF86VDFV5EKT+yuaPIoV6ucce7pNrbhL66CuLQH93GN8uVP7Nwy
BK7rHDP/eqvPpVJKX5qJEZEXSk2OlBZhzgMUNlCzXOgfPONoyOo4huqCUAaAJA4nata3
UuYA/H3bTntdhzeQLn7OecrpjuGs/fFSfpRbtafmoxbZSHyoBJO4DBwBrngTaT0CxXz2
hvT9LqSMIAqf1B30iGADIHqykHL5nNFGj8BCMZ0BOTBZsQc/HnIbgzmJEwGmXnJNfr2I
X9jpP5cy2Xliom7jd4WHNckP9LknNjoOcFJ3iUeqKWcKa9SLGMXv2kkV026AuHDzP2Nk
7Jl+mt4Y8hyQ1hGs1WgkjhRHdZvxjefrA0hgOV9gzRAsDwzLRfLRNnsiqh9cDXhL+uv/
YmNqtG8JXu9P81acxIVizpz4PSKVDkaf9vD22ydDzglQGLbeYKvfjzytBkWn8h08TGBz
Ounsworth, et al. Expires 28 September 2026 [Page 103]
Internet-Draft Composite ML-KEM March 2026
vdTpM40i6PO3axhymHGR+8iVxUXqGiH8XkOUG1hGTPCWxdLY1dlhnny4K2bJvuf4RnKG
latPULvggvW+DynYpX44a9ZursfohXooi9Qezc+1fSqq32zp7hTrWE4dduT6IssUMUAF
08xlLW5tmh+JspAcBnWzybXVxwaDjpfqGoVZ2sDHZHgSTcC386ccV9r79bxqb1OY8E+l
6NfRiWFgMKIInrAgT4yqTXAHTnoNea4OMd77fjhloZP+eAWO5dxtjSw7qAGhEWIvpj5C
/VDB87PDbQZz4QGGUE61WlITNU94GfFCWHdUfHvuiVCfirZ523G/Phf6PJ/iLjFi/nDz
vuJ4oeeLGlNXthSiQdlm064q2gNr8EyquqC2v4YeGiE0HmjwkqYhdeB52Ppei58Ls1qc
rp1L7IXKI4eDBFBb2R3E7GMH4gVBjLi/Bz9JtpVIWOn4fooA==",
"k": "/3ZjIpVll4ukP+DwsPN9Xz/5VQDhN4fXGbzD9MMI6+Q="
},
{
"tcId": "id-MLKEM768-ECDH-P384-SHA3-256",
"ek": "D4ZFoMcWY3RlIbtV4ksHjpCLB1m5iKQp7XnIAfuE8vBefCp/SHLIXjJmjzgcd
fWqrddmZUHKCZQtNeGt0fY8uIQTKQhUsDQJMZKpMxKt3xAjgyd+WQqxB9wIiYzFLVyaw
bG1VYN5WMqUf0cQ4TAoEnVWGbabW3vAckwE/besjGgko7V2E8DOVFBh4Ol0InyHH1QFf
TrF3PQYD4Aws6hyjMuOmuRlZnmAMNd0ATBSoYCiMQo/QTV/NPKvtSw+j7sMTYbIK3fEl
DtxHqGxGMI4R0waBfCxPYJdIoQNDfY2Fhel09QJr9oJvdaeM3NaPgmzUvRpZYm8MiMwN
VUT/KFAVxtNN7oFmRNivzMIaTWftDqDeOQ1MiRbIgg3mjLKwIKJHbHMOFAT6vc4yUasq
QAaMrN+hJQs88jHS2eWe1NFHmZq1/OeZ2i7GSlHNQFZdMo/malwPdpKw+NnqHY8zZBNP
jjIeiZJxbEHAqSFXtY0dKpDA+gTJBgR80PAHkzDZRujD5oRzNVzI3K6JAOuWByoR3wWy
2xIA0JRwHFc9qwU68iJeMOszRLCdwd7YfoUszAo+tWY5YBrnLJQMLYu3SEwHnfJG3Zox
HfPwVtChsVLoqMBbrtbzOCwtkWnIWSYwFgtWEyskANIdEsRuiJfdlafQLOBKxkRjxwsA
Walw0sNv0nOJmQvglwTKMM+szYOfyhINpcTzzxKpFoaRws+AVVNembLIPUlCVctRHOKE
Esh5vFVfXS5dFbDWaQR6nKeDPNg38M2euoDAuEYCBbB9dRPPNtJV0l3D8ACZKNWtllFI
xAGKbWIRBmEUwVpaTdkITiMSqh7E9fHnGZtogSVBHZGZ1s5FHQOCzNZYXSLrkChokCKE
ZmksWGZjWpCgCmmnfIRXBW1q0UNVPs6maAtahobE3V3RKI/79q/jKRPHAQ9fncPbOABs
kQIJBNsVEAE39yzAISSv7uKFjcKwAY1tqEQcNsTXbZQwkWEkxUWNpCRFPSaWEJPE0TI9
OtmEyyk9wImllJ1OANbIQM6AGcHiaWz4Pmac+LNUgi5lNzKBPiW8jp4LcpL5BwoHFBwd
ijFL8eutHKEZBukA5INBNZ/hDEhoeMexBYfYZFTaci+DhtBjkyZB+ACdPg5oKJm7xC+p
RRDQvI6j/qiyjV8Q6Mow8Z4MWxMpdU2kVsIEPNNyyah/agC59OaJKsXd9MYPWkdpggBj
4i0sEYttVZhcSYnoVK3lvEnTnp9ERAtlLomx0V0xgkrohAPqhg8U4cNaNmvb0MNHjJgj
OpqbTNAxGjAukePvsSlq3SH8sxH6AJmHfAvgDUeXYUsFHqApMIm2AOzF2hOrTy7wUYdZ
IdbeJiX9hZgHlC/4KsTp8RmvxPHj9t4jwl+nodSLBiVP4WlPAUzyBpyceEBhBLPjUs4J
+F0WXcp3PoPnXWyttsVNcqnNtmy0IM9IqNI5ovFbXaivpiXsrSa4kOhVVwKnvZtuXm+u
GFahUAw0AA8GZmMYlo1anmZKhWklJFWNWiBVml5K2YhEnsyxazPCgrfYR7r2PlikpYKP
tbQXZxU/rqNcMg6hpZ1WicEdo1PtU1qE9mD06el0u+ivhIJKWPtPMAJtnHymo9sIAPZo
6mfOO5b91PbEzhYhki048l7pKDn/q0DvBSOgr38+UaVqN4NT6tjx23mF4Ss1E+iGoI+n
s7rqn1e1gXO1CQG",
"x5c": "MIIS/jCCBfugAwIBAgIUbHJFtZR/LXmbvkzJ6PUw92Ny2nkwCwYJYIZIAWUD
BAMSMD0xDTALBgNVBAoMBElFVEYxDjAMBgNVBAsMBUxBTVBTMRwwGgYDVQQDDBNDb21w
b3NpdGUgTUwtS0VNIENBMB4XDTI2MDExNDEyMTUzN1oXDTM2MDExNTEyMTUzN1owSDEN
MAsGA1UECgwESUVURjEOMAwGA1UECwwFTEFNUFMxJzAlBgNVBAMMHmlkLU1MS0VNNzY4
LUVDREgtUDM4NC1TSEEzLTI1NjCCBRIwCgYIKwYBBQUHBjwDggUCAA+GRaDHFmN0ZSG7
VeJLB46QiwdZuYikKe15yAH7hPLwXnwqf0hyyF4yZo84HHX1qq3XZmVBygmULTXhrdH2
PLiEEykIVLA0CTGSqTMSrd8QI4MnflkKsQfcCImMxS1cmsGxtVWDeVjKlH9HEOEwKBJ1
Vhm2m1t7wHJMBP23rIxoJKO1dhPAzlRQYeDpdCJ8hx9UBX06xdz0GA+AMLOocozLjprk
ZWZ5gDDXdAEwUqGAojEKP0E1fzTyr7UsPo+7DE2GyCt3xJQ7cR6hsRjCOEdMGgXwsT2C
XSKEDQ32NhYXpdPUCa/aCb3WnjNzWj4Js1L0aWWJvDIjMDVVE/yhQFcbTTe6BZkTYr8z
CGk1n7Q6g3jkNTIkWyIIN5oyysCCiR2xzDhQE+r3OMlGrKkAGjKzfoSULPPIx0tnlntT
Ounsworth, et al. Expires 28 September 2026 [Page 104]
Internet-Draft Composite ML-KEM March 2026
RR5matfznmdouxkpRzUBWXTKP5mpcD3aSsPjZ6h2PM2QTT44yHomScWxBwKkhV7WNHSq
QwPoEyQYEfNDwB5Mw2Ubow+aEczVcyNyuiQDrlgcqEd8FstsSANCUcBxXPasFOvIiXjD
rM0SwncHe2H6FLMwKPrVmOWAa5yyUDC2Lt0hMB53yRt2aMR3z8FbQobFS6KjAW67W8zg
sLZFpyFkmMBYLVhMrJADSHRLEboiX3ZWn0CzgSsZEY8cLAFmpcNLDb9JziZkL4JcEyjD
PrM2Dn8oSDaXE888SqRaGkcLPgFVTXpmyyD1JQlXLURzihBLIebxVX10uXRWw1mkEepy
ngzzYN/DNnrqAwLhGAgWwfXUTzzbSVdJdw/AAmSjVrZZRSMQBim1iEQZhFMFaWk3ZCE4
jEqoexPXx5xmbaIElQR2RmdbORR0DgszWWF0i65AoaJAihGZpLFhmY1qQoAppp3yEVwV
tatFDVT7OpmgLWoaGxN1d0SiP+/av4ykTxwEPX53D2zgAbJECCQTbFRABN/cswCEkr+7
ihY3CsAGNbahEHDbE122UMJFhJMVFjaQkRT0mlhCTxNEyPTrZhMspPcCJpZSdTgDWyED
OgBnB4mls+D5mnPizVIIuZTcygT4lvI6eC3KS+QcKBxQcHYoxS/HrrRyhGQbpAOSDQTW
f4QxIaHjHsQWH2GRU2nIvg4bQY5MmQfgAnT4OaCiZu8QvqUUQ0LyOo/6oso1fEOjKMPG
eDFsTKXVNpFbCBDzTcsmof2oAufTmiSrF3fTGD1pHaYIAY+ItLBGLbVWYXEmJ6FSt5bx
J056fREQLZS6JsdFdMYJK6IQD6oYPFOHDWjZr29DDR4yYIzqam0zQMRowLpHj77Epat0
h/LMR+gCZh3wL4A1Hl2FLBR6gKTCJtgDsxdoTq08u8FGHWSHW3iYl/YWYB5Qv+CrE6fE
Zr8Tx4/beI8Jfp6HUiwYlT+FpTwFM8gacnHhAYQSz41LOCfhdFl3Kdz6D511srbbFTXK
pzbZstCDPSKjSOaLxW12or6Yl7K0muJDoVVcCp72bbl5vrhhWoVAMNAAPBmZjGJaNWp5
mSoVpJSRVjVogVZpeStmIRJ7MsWszwoK32Ee69j5YpKWCj7W0F2cVP66jXDIOoaWdVon
BHaNT7VNahPZg9OnpdLvor4SCSlj7TzACbZx8pqPbCAD2aOpnzjuW/dT2xM4WIZItOPJ
e6Sg5/6tA7wUjoK9/PlGlajeDU+rY8dt5heErNRPohqCPp7O66p9XtYFztQkBqMSMBAw
DgYDVR0PAQH/BAQDAgUgMAsGCWCGSAFlAwQDEgOCDO4AQf7anWKGurrzLIVlMt8YcKIz
B6jfS+ujFjhMdfVo9D6eaktHED1RvS8qtI7DbRi6sEBJ6xHNKf3aXEq8ZPrXn0dtSA7A
KLvr9t+IMf42XZP/qT62Xmappck4M3rMtT/ZJ6vruARbP77wLucrBEKLNx6wZfolhc5+
FzszijX227z79bxUKhfVn0fr24WeOcNZFiSDw5WRabppv75FWPEhSKpBQuClqodqNxyQ
5SAGTOB04JJRB/XAVfz3iWmPsn1+P6zfg+BqjuMhiZ5fct1iCPPy0BBIkkRfHpiD5uF9
6hAGHaPBg86lAYZ0oTFA8fdWUhkBsqUo/AbkqD57+ghfRs2fFOr7WGVvEjF4gD1/KJ6b
PZLayCM6iE83ZcQ6dDe48j9c7Y8+POgLXvjFlcCdZrbUPE9/b4DAgtvOYS6+nDpSEvsm
REmwI0gU80I9MfOaLvaQg+RYD9+D2HurZbJpcqch2JboOmUADFC+DknPAXJ2N5Ld9WRQ
8wkV6RQckliof6itYJ4FEPYV/bauWkT8nl6gxEjOYRQmqHLBxpRqSiBBX4Ivmt8VSkaE
jyblE0EuKPB7iUf0OTFFRNdXKFu7nV+9XpH3AgOkFP6dl9q4qarIl8f37UuKIQmseuzM
PPXKNzilNDaTWnUhR+aGYvf2obupoAe9eNkQ+0YFTK5s0SbXE5Hbu71XR4Fm5tUEEs0N
Y3s4TOb8qp9dVRnz/SyI1oB1l3Oxalg+6WycnaxbYSb0nIY0mxIvGng/ipV6HXe3oQdi
KwBznt7A9ckLBRTR0eCoun/lFEUs03SV2/jGykKAzA3niNBSIsNK2dRBmwsIeO33shw/
N2MKBzJ7MBau6UCY0i0Nn2Ht7xg3HF/MFOSecPDebnnckZcrP8PFLUJJkd2csIbzLm5C
7In9JlZkHnRRKkfVg3TkxIQprkZyEW+a5u9qpFgjNcz0VzciMHJWUiYCDKF2XmURBhpM
p46HUJfcyjbjED+GdO2YQ4HbNqygQ7d2OX3FBoKMLRnyiP1vrqlK/MCJrusN37aoPwcR
xAIqkhNvqWVpVp/X4RMVxVTAJiEiFKCDGxvSfd3kAfmqs035+RnFOwx5FzRK5HgrRLjV
nLkyrpk9ZzC+efEzCNTqVgVhSrHMSJe8K6s0d7kqhap/f7yVF0tae3hyQRyha/Yw4krB
ZxxdEm/igMCkDfq4ss2IZn7AQNWLNyJOpnTqygijH4AqbDwLmV3ix0XIGMCeplcxdM3R
LFsWFTOVne/beY4UOYUZ5U8d1sOlpIBFx3kADdqqluo07Y7zzac78yoHVvFqV/VfPyWe
pauCVobhDG1zJWvrkfmMGHHVtKnoqkyZKgbS3HTntPAusYnPFJHsUnBkUEP/zBhUtTxh
zLhPhqtw3B97ztq8ioKPVjp/E2fvdZrtKzOF1u3YNkvoKw5Kguu6gtPhBqNpz5wVM2Rt
hNSPrcACGQFYV34Mdx1KuwRHXtttSnow8d4Davu4hXGg8t11upXsc7grtYMsRUBjPsZq
ek/wFF17vshLEfCMITmVzZOmVMqwqDsALD4nSmQmHMVqVXIP/fdRmDO75KJbC3SEwNbi
uvTTzi+QeJKHGxkAdCR6lQSU8C0dyLUmW+2ilCCUYcQI6H2buJoE+oSCIRYUBGKKDrco
4JJpXRcGMdD0S4Y8C0V+9Ojw1sDIjLmfBqcbecee+/Si1G6vYndzT6bZgOjZ1Ye1/skX
maYVeEq8ArO0zyubs2EJxxJRyz2gz/OqxFlRYuyjfgUqUP0oHwxu7iORV1oMtGFRP5PL
uYoA9lY0ZUE8sQwN0ixZrwWF4hu5egsukgrnSbJHMgzhWi5eSGc6HFEAS/yEYNAXAcyx
9QZKcqbDs8WYqTmDzThwEYGn3acWCIY9c+dS27/FucsIvZtV+wipa6G1NM9BtviAyJEA
Ounsworth, et al. Expires 28 September 2026 [Page 105]
Internet-Draft Composite ML-KEM March 2026
hBQUN3gIbNyanQOMU80e/P0Sonm5ddfYaaJiEV20LEftzHy5Zypu8QEEAuw6ZBDKpPUa
PAZffNT443R+fZFZ+BzAdnn6PF2jLi7aqOQ1gHR95UFFLgIPW5+Jr+Xno9w/9WKkKxN/
Djq8ppag5T8oikSjHBwUrWrfqZEK2FXxhvMfrpnefTMj8hlUnpTHOmbKATTkQ1UGOmhh
LY8IjpxNEib4BV0KMJTaUS7hFdM8b4d5GuJhOUTq6j/LFA9934EWRq4J0UCsb5poY8ml
J7Wz9IMIaJeEFZi3ET3eDQqK9AjLEkhb3k4w2JPMycQrU/Mgx1YdcEcpCte9d5HEUVLi
v+5mUdkR0AUzT9MfTL590L99oSvR8+2jszJbQ3cXEIWC/lQsQrWh/bExDlMfHer4E0Tm
sxdK/CFkqcOJTNuaMAEI07CIN1uJrGXutpFJ74UJJA8Xk1IcOtPQ7gK8tiFsi+HOFin9
zmCH1C7cRpXM8JLdnmWnabcwotmPxgVwYgEDEP4FX0YBT6f4nqOFZgvgasDNarlfj3hg
4fl6h21msmSGKkkT0yE1jPWRup5vp4EJ0928cg5+H/vUlNCME5GiHeiQI42LncYykata
PZKxUK5nFZLRH2KlxkjPyR5hPcoK4XJPk6Qmsn6QTlyrVJiykK6OpKRdPW2MyXnlja9c
wDyadaHK4w57QHm3Sl9D9+Bl+mdTTlVuu9M/BwuZT1s1tmq3RQtzEWG67/QLOavuxpJo
V4yfXDqw6Cbzll7e305ULysVpkVlWt6lhe/AXyEIlzH5ED88R6iJvAWZq8Wx7p+5laqt
vBxLDL0CSErnH72Ir/BYGIWW5rgsS/rFjVn9fGVzuF2AG3c6wxqVfy+aif3y0uy4ReDp
EU0uwWotaR/ddhlsCmapmWfaokmwTokBig2rzHVA8w1Jd0lDF/KgO1daoKTFtzvR3D8t
P4UxnZWp6xFrOfuJGjoyDyMVhEXTsIy8L7QNFQMZn85i4v0y6Ru1fGIpqihzX1Err4mG
m5DV7vX6SUqodA7BehY0JsmEmCsFNFBQX4e/drBXS7jRhEYmwmIuFKk8DLF/yohjU1D9
pzedGXvQ+PVwUvuLIboVn+JBCB6IIDQztZWMylueuEkCMEX4fHmyTDzUGj7LUy1R8zxu
77+EDB/73C4UnvIlKfa+nDfsdpA3AhDWII/Tvz1REPqFRZ7PpCLebqPbaewacAxnnr0u
FOqHeVPhmnqkX9NVkMxoQOxbCM4g0XOVvAxqa4gS9vKETxN7XmQpVJvKIFFagIHKG1Wf
qLBgsRC5oB5q6YI9/gZcVo6GGGiGpsYHf9gFhJ37W0MNYs+GdR6c3EM+hqy6UjBuVZj8
3O6snoR6nNyZQwwUruWfRcV0e7Ydv0pf0f9A0dgHsIF345oPLnRjaIWAQh1+dG0Wr183
VA0oKFeioaEqrF0qydXz9BoVYxJHM5zQzsGoSyCsHFXb9KDpkB3hQ3rpWIzMI1dqdObN
0ZzDuTvwLJDEGJAElA//QO8F5VRIzMtT6UPWUEOqY3mURUbGP1DStLmlGir9dMy2Qwu4
d6J+UpPnP4HWiSVDRBD9CI3UcVS7tK5e/IlXWUCewOMCqJRlekILEsoIt+9VA/ONs4cx
Fio0Qfc4qoCAVWgX6l8F2x1JLHLkR7xj9U8xOJNqoA+Giwmw4JN/PtMu3PJLEtI+rLNP
hhuUxkPeEQVxsMi9cvWHVn3zsNdmK1lmWP9JNsBVUwCgNaYMXhNmHJu9zOriXCx69zL6
iDtF06nWkCp/S9sC188bsiFUt2udbIcv8dVjnpee+bzAj8OLKDc3FzBujTOPdqkJub+Z
NhiE2mQV6JikPgv1uYs8Ta0u/nDUjiUWVdw5qDU/fk8RSVi0cvVXgBSnOYcdiyUyE6fV
xxglbmH/UDoOARJO+Nzak++b9pI8XX3QQtHe9PWpdmLKs3x7WNqEVVDBy70dIWmDVmwF
2NpOiTQEmOCj3ih38ciZgaeXcXhCVliPfcqgk/Rl7dM3CgnOdPyG2EhbsQ45H+r7kV89
adxCiVrH5lJ8y2akA8BR+NI0sGrMncsr/goW4Glpp/5F0SOYFWm7ge4L2GpJGNRV+z++
dGV9Nz/8EkoNEMJ6KIypenxselRBfguNcyGgmpiCxZwgM3xASYbz1mI0j7EZIjzSRsnj
W/ixtTPxOggwqddQz5H4ZaYGLcPKOtojzuUUPgyaZ3LFzD0tgvlVUjl3G78lYJLaYaWV
7GqPqcjz2N0Eidlg20ZH3VfDWx4JsLcJV2Uy6bzptAoTctPVqjM70GDnV0cuTfGbhP9b
iTvJzkBGvwh9JqGLB8qTfvZAn8w5BJ4nHP9Dt+elg3CweTk3VRYNiK6lyhvYpKpNeCf/
Df9L6B5XfG2+tXRQzgckiKcjs+kRbX6Iq8nL7WVrg6DHKpwCKzJImLC5xdgjXXOCqgAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAwsQEhsg",
"dk": "9D1SHRdnX2hrYKGKeBs6QejMIinrJRwJD8leDodYwfe3/NYW8e+oIJaE3q9rH
hLzfC1+DSv64/jKk5m52CEwZzA+AgEBBDBMg6jNwwPC7IJDS/Z+ZkgeJmZslEjVoSDtS
DJx1Ne4HbM71AEKfKYd56TXFDfKIqugBwYFK4EEACI=",
"dk_pkcs8": "MIGSAgEAMAoGCCsGAQUFBwY8BIGA9D1SHRdnX2hrYKGKeBs6QejMIin
rJRwJD8leDodYwfe3/NYW8e+oIJaE3q9rHhLzfC1+DSv64/jKk5m52CEwZzA+AgEBBDB
Mg6jNwwPC7IJDS/Z+ZkgeJmZslEjVoSDtSDJx1Ne4HbM71AEKfKYd56TXFDfKIqugBwY
FK4EEACI=",
"c": "bvsmJy2aYKJkVQ9zekRJ7OPbsKGYhf+y4Sh21vMkPUIoBeVggLi9ucVid+/3Tn
mvRwPxa+RYRqyR2KBX+W/fwb1vxRh69EL8S7vEhrxuODZG+9P/skVmI8VEZCnGkvDxOq
NWQzi3J4fBdHQazlqwnsojfuK934jgL9kXzj7IgVLZ86pll/Vva+FOohS2VJqKlIsHwO
kF56Plyd6xJlhIvyGdaYgkRn1I8fZfTiCcIc6ZgIcJdzOHMaht5ZWiM8f1ZmL1pkjScG
Ounsworth, et al. Expires 28 September 2026 [Page 106]
Internet-Draft Composite ML-KEM March 2026
TJxpNopYNIKyhKxEPI5Y27dRZM5mpu/gjaY3cMeI+kSYyn8IG86zn1ws+XH6h+ZYGI/Q
I5tcpkldL5tFHWzj4H92noHV1U+SlL9zUbxrgfD2yC6ICb52Yj4WP9qevlbsl0E0PdbX
JbT1l1i4aPGk317ypwN+CUZpSazgUphVkhFaW5kkn5b/bummN+2fgXzq2v0r4p+KAHRu
HrviVn9Q92ZpvwCMSVnwka5n0qbAot0uwMFSJ5HtvsGyQKtZIjJI55XGS8bjB3G8Snbq
Bn++8Tbk+lgxbzZYBoKa1QYAUcoeLsKx+MPcrYEEQ+4vS0LggYPhmjv4PlxCCDjxURxL
34EQp4qk3Ne20l51giiJ6J4Pc2oCS06Lm27TeJ3lojce6xAZo1u6MVx5PfaF8lfH/VvP
5vK5FhRAvA/oOggmmazyvudjv/1C4yZXOk68roEUxVhvlVhhDod16B+B8z9URHDWdqC2
4qucN32F5rezGyK45knEq6aavz+6GhA+rSFvhrX3YP+Kl07uBatMeExHUg6oxqtzXQIi
rtEVwoE2KCbGbzeLbzIN+cdacqsHOO3nOaUm1IfYL2Djf5p9WDC3yUVlNTF3Xg0pv5yO
R8UMpYqcnQ3GZHeb1gxHLk1qIpx54AKvLV+tSx54PtylcjRsSN1IMbJxKFHNbmEMJx8t
n1na4UC4g1i4u093CdthUJaXMhKQNQMnOKA6kJD3rqTW91FXjt9u1s8qFpP5qhnFr4Yt
sP54wj+LujvnBK9tIS3NUwovIKRD59XqtgTbRU44WsA2YnqCt/HAiPM1dnNu1ndBj0xh
E6gUAH9RIMOjHvEDLXatt9TCv1L3QqZtD1fTwoQNLtD/bRlaCmV5wAHlJSyNV5IzI8Sm
22NsePcHV/6qjgL/qL8qLqU8WGVvuJ7RuhJYFhUAa3JdcJxZwEeY1mI94qY6QbhlzgxO
99rmiBmCJ83I6bRGFVp4KBnMz937/gbTIspwt0H96o9mL8UMeLAP8SFpF3BNOHkZOxiw
1mOtHvm0cTpn5xnXTJGMd845BEEyRbq1DVNfsJf2j7Xx1DAoliztt8ewauQcr+2vP7yO
zim5G5caeVHm8NXesofzYsLQW3iMc5Q0V3iOzrVJ0ZRUuywoqQ1wzOmlpmgvKUdqWtu9
TuvLuyHbyKzsL89Zv5oPtD+lECingEzvOCTk8HhmPRDK72TCYXzBt3ulw3Qzx5nJ+MNL
6Jl4p5RVoIaivS2GoTVLz+RpB3G9KM38U3joCPZ2vcrlWzlsr1cRFFx8Xg/griXT2mch
Zw+l6iegXeLRm9ULMIZSaV",
"k": "s2xVQ7zLfmt4ZRKmNUMfVpNqLnBg76NLrSGQOZ+LyIU="
},
{
"tcId": "id-MLKEM768-ECDH-brainpoolP256r1-SHA3-256",
"ek": "ZrU2qOlnSTStBHBnTesvpPhpUpmeo6uxtLYQpOUoowqeNlnKQbwS4WhwAxlAZ
9WInfGNoELL/4qPs8RiaCmuE9Aqh0FRSiQ2c5Wls1StE8JH/rxPlLJIz2q5wSwAQZWve
rI/lNKT0PeX9NsuR9YSSSEDtrGmhLm8rJQ8QgGDBtobl9Wk9nQKB/CnTXY+mKMxbnZeF
NuaO8oFGdOhEyqSaIMgO3hfghyQZ6UI1Ds1A6K4qcmknJig6uJuZnakw1S9ckNAn3Rvi
ynNxDJpLlzBhEUKq9HFXTwel9eu9EuPcVPLmpYHBaquEii1UIh9qTRBpTeZQmdHgKAJp
AM71fFY9fYesRFlpqmvSEeBw4TFjCqMf/kUGooWwmaNnYhUnZk2wPx80agbMHo8LCSZl
/waqSy9FsAWu5GpStwpDyBSvAmSinWViZoYFLZtYpcH5jVMHww/BSDHxwiUxSuHFbEse
OXHhqef0pJWcbQN9kpd3XJn1/IwbncNXJlxkYxIvouccyl04ESdp4Ru5/UHa1ipi6qPS
+IOKgeSITVMLRJeU1iOT8Al03yJE2BTC0mQyCNCOsJcsUMOwCLHuLScBtHCCMCebtUeq
qQXLhVx50yY7QmfqAYAdNOSjLe/wSNZHjNUszuaU5HNYmKBK6GUmLRbQ2ErVRmTsuBFn
hGE+RKj+sKkmCYpPNkB20WOVlmvv2mrh3l9ZVWzkndoN0YZaddRZEA2u2UUWbarObBmu
wx+Fcd613Qi8EWyXOpIxPiaZXcLTCA4QsYxS3LDt0Q2Hlwy6eVe/SUJX0UQKLOuGZVCj
+FiLNE73Mc+MhLHjtOM3LVbdAViC7o9JXAsCotJk3K80QAQI+YSzogdFGRi7GNn6iyCA
AGEEKxySrs0BmR066BnEGzIMdMncZlZooqeSTorYCtwXcXMRgBHbVFGw3sq3ZRs5xGKH
8R7toe/GtKfcKbBuoBJX2XJu0TD5YZLRBZbsHZ3/EFderdP92XIb4mkPrnDFtlksssgr
TxyNxGHC9ZthUtt5HQQQaqXjqe2PNyUxTOiSjVHp2wxJaSY8sNdPdYueYNnbyWSVbFdp
6m3fYu5jVAQ+AAd5qd7CAFoiSO/haqTiawuS4OeyEnIPDJ56hqkzwmbJnB4pVFtuXwFY
mxUXwLECqdjm/mBpYZQRwcqfiYy2vKxsZSTpVd1ETKDqGxgImUhE+OHR8fNdWBWpMk9Z
xHEJfXP9lUR3HWCJ4Zqhehk46KyU/XKJ+pklhU93xQ2aVtw/+VoVEq8/bq3QdO0uKKW8
viwmbpuOWhTchJDnmzPY1DGivmJJAqjmKEHM5d6gqQ4kZJ9RwgBOsyFExtkYcnLyNxEb
ty95TgIS2ytvcVLr3Qkx6ZnLVRobSET1UUwqTdvn0I/uaMwRngR8UioDWWzfCqjzDc7z
2AgMhY2KXmyMjqAlkQd0fgZuWFkVvAPskCPCqy/gTlYG6MTMNewKeugyoSrwLA+hqKtn
xAQOIYSQthoYsaUdVheD8zBQCezZ/iMcmili5d/xne+JVsHhcO1cYIu6POHeQxV6RK9E
yqcTcmYNr5+ftpXJJaf/IEEFSVMvYbLQ839VQxRhU1Yh+EyYeYf/iwyJGn6mdOsnB1CG
Ounsworth, et al. Expires 28 September 2026 [Page 107]
Internet-Draft Composite ML-KEM March 2026
wXSktC+dQJ8fnHsZkScSgMjqfWFi3ZPJnxqpLi9Gg==",
"x5c": "MIIS6TCCBeagAwIBAgIUH4RUcxldxhWSXpRZd4M/woTkhSQwCwYJYIZIAWUD
BAMSMD0xDTALBgNVBAoMBElFVEYxDjAMBgNVBAsMBUxBTVBTMRwwGgYDVQQDDBNDb21w
b3NpdGUgTUwtS0VNIENBMB4XDTI2MDExNDEyMTUzN1oXDTM2MDExNTEyMTUzN1owUzEN
MAsGA1UECgwESUVURjEOMAwGA1UECwwFTEFNUFMxMjAwBgNVBAMMKWlkLU1MS0VNNzY4
LUVDREgtYnJhaW5wb29sUDI1NnIxLVNIQTMtMjU2MIIE8jAKBggrBgEFBQcGPQOCBOIA
ZrU2qOlnSTStBHBnTesvpPhpUpmeo6uxtLYQpOUoowqeNlnKQbwS4WhwAxlAZ9WInfGN
oELL/4qPs8RiaCmuE9Aqh0FRSiQ2c5Wls1StE8JH/rxPlLJIz2q5wSwAQZWverI/lNKT
0PeX9NsuR9YSSSEDtrGmhLm8rJQ8QgGDBtobl9Wk9nQKB/CnTXY+mKMxbnZeFNuaO8oF
GdOhEyqSaIMgO3hfghyQZ6UI1Ds1A6K4qcmknJig6uJuZnakw1S9ckNAn3RviynNxDJp
LlzBhEUKq9HFXTwel9eu9EuPcVPLmpYHBaquEii1UIh9qTRBpTeZQmdHgKAJpAM71fFY
9fYesRFlpqmvSEeBw4TFjCqMf/kUGooWwmaNnYhUnZk2wPx80agbMHo8LCSZl/waqSy9
FsAWu5GpStwpDyBSvAmSinWViZoYFLZtYpcH5jVMHww/BSDHxwiUxSuHFbEseOXHhqef
0pJWcbQN9kpd3XJn1/IwbncNXJlxkYxIvouccyl04ESdp4Ru5/UHa1ipi6qPS+IOKgeS
ITVMLRJeU1iOT8Al03yJE2BTC0mQyCNCOsJcsUMOwCLHuLScBtHCCMCebtUeqqQXLhVx
50yY7QmfqAYAdNOSjLe/wSNZHjNUszuaU5HNYmKBK6GUmLRbQ2ErVRmTsuBFnhGE+RKj
+sKkmCYpPNkB20WOVlmvv2mrh3l9ZVWzkndoN0YZaddRZEA2u2UUWbarObBmuwx+Fcd6
13Qi8EWyXOpIxPiaZXcLTCA4QsYxS3LDt0Q2Hlwy6eVe/SUJX0UQKLOuGZVCj+FiLNE7
3Mc+MhLHjtOM3LVbdAViC7o9JXAsCotJk3K80QAQI+YSzogdFGRi7GNn6iyCAAGEEKxy
Srs0BmR066BnEGzIMdMncZlZooqeSTorYCtwXcXMRgBHbVFGw3sq3ZRs5xGKH8R7toe/
GtKfcKbBuoBJX2XJu0TD5YZLRBZbsHZ3/EFderdP92XIb4mkPrnDFtlksssgrTxyNxGH
C9ZthUtt5HQQQaqXjqe2PNyUxTOiSjVHp2wxJaSY8sNdPdYueYNnbyWSVbFdp6m3fYu5
jVAQ+AAd5qd7CAFoiSO/haqTiawuS4OeyEnIPDJ56hqkzwmbJnB4pVFtuXwFYmxUXwLE
Cqdjm/mBpYZQRwcqfiYy2vKxsZSTpVd1ETKDqGxgImUhE+OHR8fNdWBWpMk9ZxHEJfXP
9lUR3HWCJ4Zqhehk46KyU/XKJ+pklhU93xQ2aVtw/+VoVEq8/bq3QdO0uKKW8viwmbpu
OWhTchJDnmzPY1DGivmJJAqjmKEHM5d6gqQ4kZJ9RwgBOsyFExtkYcnLyNxEbty95TgI
S2ytvcVLr3Qkx6ZnLVRobSET1UUwqTdvn0I/uaMwRngR8UioDWWzfCqjzDc7z2AgMhY2
KXmyMjqAlkQd0fgZuWFkVvAPskCPCqy/gTlYG6MTMNewKeugyoSrwLA+hqKtnxAQOIYS
QthoYsaUdVheD8zBQCezZ/iMcmili5d/xne+JVsHhcO1cYIu6POHeQxV6RK9EyqcTcmY
Nr5+ftpXJJaf/IEEFSVMvYbLQ839VQxRhU1Yh+EyYeYf/iwyJGn6mdOsnB1CGwXSktC+
dQJ8fnHsZkScSgMjqfWFi3ZPJnxqpLi9GqMSMBAwDgYDVR0PAQH/BAQDAgUgMAsGCWCG
SAFlAwQDEgOCDO4ADXsArIa5lGE+KBniqGQfAui5SWevmg0gOd9cc/kTR3k+SRAqUDwN
GJ6oaUW4ADxR9pFHw3H8ck+yq5rbAi4cISHcEzMb3mr1D5MSC4yxhDuQeqK8aE0updvH
a5tOn6xqn2skMmkGONlRSxL25azeBYge/y2ajco8s6uabAZvzPDtmvCmZGTJt+PKIY03
LerhKa4Yfi+QN0AsNeTs5UG9nw5V0wozUnQGuHBQmCrbLwdZgbidwbh2punX5pwG/Np8
YnfcpcWy+a1kdq/7Bcu8gZ6/uL2iLmJkS/eSbVoKRZ2tWJtXWqrn3CHTJZwQLUSOXzWx
Rpa3vn4LDLU2rGhKfKmIVYz8iw4SXmdkmuWayGrdPqCwh7vQ/Chc03lArBKBL9XdT09X
0L0fJUKwqwn//mRBc53lmM0Ke2YB4FaePMOKjsmnkehDhslQ//qJaHRU7+08ugHUmFZs
ipUQtOwUCVM1Ep60FR8WNJl9+3mJs6qYcdSNIQe0knFUvoTQd9cFO1dAmR8JNNmOJ/Cp
R0PrvgcmOS2gMw+oUnV3gbRax9uo7CxxsxA0dPQw0SrCG7leC175ka4bRTPY0qClLflh
YUCs2GlthEUvQjVQdsgUiSeCcE71nG/j5WHD4abDgXjeCuPh1PU109kHZHAdETds0BSF
DB1mICP/tM+f/ClaeDezAuxxtV37Ba895MvE96AJHFMzq80AwpZMIcglP8HRdriJV7UY
xor1E8JcSlREOP9TZxkaw3TXZGUoDo3a773w1D/0C+c1rbaOJBX+yJVTRmen7RtM6P1T
oxoE8UTFHD/RKH9Hj+1pCyrFx3RVph0qLbKbZyaHukSlHcZxk6imIILeTnM5BXqQnpEb
Iq9sI4FGqJuE6Bl11zDSPW7iwM12XNHYUA2akaqxL0el8dEakX6i+qtEq3MtI1hQWidA
ld29qAky3+aE1o1Bh4KijrVONYg2r7OqIZZJwt7BZKeMZop3/GSL31eRCXs4cPqs10OO
TrDsI+Hh2LcCpFdu/gfuDtCUj8wl79otEyDVwTXTTNFuDVn/yZeKsxwDJmGF4QeeYhWc
ZcjNS0chCsosIJcrN1gufpQnKwzk/Ds/NSQ5RyKDBa6jQxUXF/E96LCuNFh0VjvGotI7
Ounsworth, et al. Expires 28 September 2026 [Page 108]
Internet-Draft Composite ML-KEM March 2026
eajFKa6JQ6KNgqa31Gx1DegEuCDJsq4IPLGOvy6fSl5PUqiyV0bm0J/tLXiWKKBtlUrb
5YCbXczgYfYxK4ixpZf+MMgsWdaDO2Yfx/pVFkvzUpx04ZtRwKmrdl+UTF6sZIobKK0X
b1W3zvUFn9rdm7mcdYtRTvKFx6rTXIKHQdz8ImWHAVoyF64msyivKteHkclUesuTOTO5
4a+NuKA+wMojMMZwMbhbslZ0jSlUboIN0dch2U+921XjRJ4uG5BeppOk5tIOq8/uwXk8
bdKKU1N7ditILQ/E+FDwFdUsmQu7Ejd8kQIidez7oDIKbbkO/3q9zxdOttEAzGELELCV
vj9xT2uf560wkh1bQOW5b8wpzVIk2QMuIRRaoiZska8DpCSWmVsvY7XoZW/4hBoNZGjk
f1a3FVynEBUI+u55Dun4Xg3OtdwA5WwTKV7tVK56NjP6H6qATFJyv024Cxvu36cpsfUS
4n8jY1S3Nv86y1TJtLQrKoWQOjHZvKfkotZeC5lMZmXF2wAeML85505+NBVgURHw8Fgo
U6lFsT2qoJbvPFdgsQ2K7DNvypUF/URM1wHx9DHkvGQUL9HFSU+c4viArh+aqWNA5e5v
8D0hzp87sC3tf15FzCpQhBcYtxluqAohzpd4g8gEU2wMyGJRvHLQyH3K5N1XD/nPo9sH
oIN/p+gKseRhjb3U+yeE94Ky6DaNn5DKv4247kWSH/BLw0PHrXcOpqoLuoDVceEkyo91
ynDN4bqawpLmjAOOgC+OyXXzkzLzDn8KL9UKM29LzAqp7/HVIeYOvrCTCW43HjhRmFhf
tXbq/rHEmHCW9DCQ8SGFxAY33yesnn8rrFXrthl+2XhhwxdC/XUnk4rSixY+wGOQ/V26
9jTEWx5n5+uDh3NkVf25+/6f3eqfpiOlQxB5Q1L9m5TA2MLK8+TPKz/7Bh4153U9SUTR
c9hbYGcYiGDWWS0LSbb9h8g1YkgvvoHXkL63c9G9XqGWfruHdniyYbMnY3616YjWHsNO
QyQBw3mVwZrvO1Wk5MR9oNfMn2g1oZqA6ma3oRdlPrdPn7vBhRzzmP3fIeQ4+njKKmVx
A6Q34SEkzEHTiuUxXsTPx6Elgf1DcFVCevHOGbqUf0UK9HKCPfRlvPrk/ffHtX/Odl12
0Lh1BljoZu451v/xk5OLa7hk7f/hnij4GKho40O5K7cLB+7Ysoxlk8RSMSDCuTDnytFk
2/sTGnam9dZv4NenZOmNVRI9EF0Wdxw0wALT0loJaNvEDo0m+UwLZKDK5Qu40LvnSEKG
4DTf/cPFE5gPcBqicenEG2Cbs5KCiFrjQvL3ZOofrkANVIu0RXhJvR+xt1xXrLDXUmZT
cXIoR7FSSzpsFWZEfPIprJcKfdrR5o8hOSLuWPsEFgSPwBo5/Cnpr4oxzC3zdbW/a+sf
DEqef1QNz8YUfRe5J+ply1DQaBu5n5UtBy1qokAwcgpj+UtVQFnc03Z5YGFV2e3YpS9Y
3O5DsAed5VH8R8tHiLxsG19CE8OUff6fx0dikYNIc9LSPZmYfhdiW+carjPJ31SW0zEW
wMZp4XGR7zLkS2PlOqzhSli3sU3d7cAiHjboXsjUIvKjwKSoLMj+rm3pzShEMKd9C2PT
srfDnl44uhTo4XF/izGqKMkwE+OEw9qpkOA46mcbO2eZn0ESBbR/C4bofF0a9w+FVTzF
CZGTZ3REU7GkhxEdhkvdsvIr3p5SE5ovhKkUT888PGa1TW7XyYo87X9cJt2ZrxfAR9Vy
wnkAvJpIYPSVERqAPD/fdLovGHDpu9kHK123HeLcAhzeSUXRqMKKQUHWr1W1TVdi1Ivf
hSVZnwuDhpX8FVd0cV05SKNUT/jonGED7zNUzYcyRLeNjSnz9heuAcFmQp+HJL15ZpSF
WUigrkqRBu//vblGZgpUJQIDMfiYJV8EzfU0mv77y4au8yVtcNLHWryExgCAgZwWhV7G
x2s/0zPQ1HM9g0b69u4s36i+rQ3AXRxuuMN8U2O4wlYBHRk6CbRtKTbgKt0cqcXpq+vc
H4x2+1MMJUPWAyJuQ8mppbv6l3UMcecwPMqCl2b4wAph/Nc9MgA1br15sEFT055+im/7
1ODAe7WoFJAcIxOtdRWnitWFwe0Vs7rt4+l0p2/GFgJ72eMOi9PUuZT9IsI1HhVzV07r
D2g+/bFp9ee+P1bgpff5dJq+BOInPzaJqKmUDgALIHcx1LBHE/PcaadVZ9Xqr0vqml6o
OxyA6RcnS5mqu2t8PFJQiV84oFDbxr+z+IK8r28xtyV8nHQmEBHRZUyoHFI56wB8Jy1L
CaWoOcvE0+cP7BBtmj6Y0xYuV0ZxDZpF+Akn6l27zbklRSTJyKxZRT5eYUsRV5SOtK3G
bcslkj20Sz20ZJM0DBHkJOM0q15nOQfa943eM9iI8GM6+iCsHeAC+X3CQa0fwNHpy4VZ
sNb47dNpgnhWez4zosA+QlwuneWkD7Xc2weJNJusTvVznMgHwW9tc85rzcH4MbXCzpW4
PR0HGgNyxG7iomiZymnXKSAY0Ms6H24RPlZkEQPJdLE/0JKIjzz3g9wrFPHDorWQO/8l
F386QqogVPQTvPniv5gfiSBqzCFNCOVqWEAr1DkHhQ8hu0QgYE8fnrgImQqHbD5bdIYo
noaPpxPC81XKaJy5aJOQWmdndn/+0nxGkwDsRdPdgqe5CfGrdJvXJXTSd+Mco+sSJE66
7NIqSJYVFhwbtCoNQVpUfhCEHbAbEoVkouNFoopmh+gay0i5/ZqLe861B1Fr1iU6xnoI
Ng1xTWrp5aMGHsCs43oUdfjDHiVC6SaoE2un1J0xl38H+CII/oQj0KYDb44qXCqFbTUH
p1ImLxJMJjni3tSF1V4NcYU3i/Dh2eTEvdLTOMODmQG3G3jSnAgiBOGxyvno4YJcrBWU
o6+BLrEgrxKf2K04S10/5WytCgVRfE5dPor273cnyYxnhZnj9WER6EqMMg+zvh+lpR2e
9oXOUIyj3V1e3MIhV59tHiQ5n83GHxd4TDWGAkocfRqqwTcwaq2BKaVX9VjIqfNFQTJ2
mNy7r/9rlBRBl4TuCBmG5HzlTOOLDee5xzX5BmtD19aC9B2UpPurJEYstix3kFCZ+jTN
6IG95sZqONO9knW1JSu2MzRKxCuOyMxqhMovTZljy09Suud4C6gL3UBHZ77Tlx0wUQE3
h5mirbvJ00p4kJec6g06P12vuOcUJ52j5+79HlBn1AAAAAAAAAAAAAAAAAAAAAAAAAAA
Ounsworth, et al. Expires 28 September 2026 [Page 109]
Internet-Draft Composite ML-KEM March 2026
AgsRGB8j",
"dk": "rNKslqVed/DGHOtg3Oj+lTVEnPAo1uToOhn3Za6grdnmAMZFJV12luG0OvllC
93grlEZuBb7vNKtdg/alkedXTAyAgEBBCBRdGKCX87QmE4zcNF8BjKeeQm4vV8UYKJnJ
7utO9Ukk6ALBgkrJAMDAggBAQc=",
"dk_pkcs8": "MIGFAgEAMAoGCCsGAQUFBwY9BHSs0qyWpV538MYc62Dc6P6VNUSc8Cj
W5Og6GfdlrqCt2eYAxkUlXXaW4bQ6+WUL3eCuURm4Fvu80q12D9qWR51dMDICAQEEIFF
0YoJfztCYTjNw0XwGMp55Cbi9XxRgomcnu6071SSToAsGCSskAwMCCAEBBw==",
"c": "/SwiCizJ9eokwuBOfo8DHFJlxKonkb22OiQeYeWIJhiwUIyF426zCFtcPmrYEW
dZoV8wKzs2xcxqD6DEnyZdwkN4Rmpdjl30WL9UIewL5M4ys7VR56siOy6z936qjSngrk
GLsvVmRLUEm7LidNPpFEnGYg+9s86szJYzsPehzFx24n07Cm4YU+5tT0Ta8aaQSwWf8E
epedeNL/ulvtwrS6nm00Z5jwrLWo+XyTJHEkY4Y5mwUqXvPuJnQUzd4gCKEyX/+uFOn6
Ej83eDrOUI8Tt5YasPSz7l8U7WtDP87H8/BzmXOVaD50r3N7P8W/Wd+/8Dm86MWAkaT2
ROPyo+ZOAtzixY+ShvyMGtFvERHz6NXUhAd3J43wIM7/+gQ0//3yhq+S+3W/MiIYvv7J
dXuyzaFZII400zSJ0cGdrftPMveFkOmhW7ChftkBuw22hVMxdTYjAV1JkBVN2EF+5EOl
zPmeComF66oLJrrZO2LXibWlWwzL4BVSdiKG9A8uui6e77/1gBCAG6Z3IqRsWZ5BvIQp
wgByABSUnSAp5/xE6Dp+falkBa1PRcrXrKfOQmpC22KCMPnD5h3eTYNqY0Hf9AF5vvT8
n2fKpvnfMEo/0p+7AQG1hTpNd+adCUOl6urmdbVIPKeR4Mnz5foL7Sk52JtPbDTsL5fR
NMSgi2bX/UfBbEEBBvqB8zbklTYSrLAsdg3lk+xi54UdYWuyQI8I/ATCVlow0lY5k1zp
Tp1PMXiXUVaadxAqGODEKRE9CFGybr3IYlvYPSPFYjhT96ZXmtKfEWLln4kf6O8xCDGl
8M97xxNXbgH2QZvehWs3B/SthOVslvYfyq0NALBDn0s/i4iRqeYBrs4V2qh4dYZUWJEt
1cOZ0GoUIfN0qkgpuzjdOrOFYhwJZFphZrX94LOeTIKmwUYMqFK8CmCKZcl7IyFI8ILT
DSRCIenyrsWua8d9sHQuX/RMIHr+RSHst+b1zy7mQM49yLEtlHuvzXKFOm1oZPNY9m9F
uwFuVFqYy3Sl9/jPQPQgpjIFNlBrX8L/nNNMGLnEUE9Zow0G58H6iOP+L/zXa0d/PcC/
Fh2qtK6YGV0ltOtt+rMvD3c2wLtiXPvNycnI84QKvxY10n7VbUdG/dvXVkhu3aKlQJ2B
lFwMUEtn8CElPRoQ9s661YsBzko6O7OzLjPj+aiNkMsgyqlF7/ZcJt7o6qiOU///h9Qh
ir+OC4QYmLyht6L/gtrQ94bvv/pBoewUPXcIUPJ/fcjz3qPnYr7xGXhitt2Iq2RUL61u
8kpVyBYF5ZTyoy5vAGMAhIi2Pfb2ZxeMFfEWGGDYaJWpG2DDDa4tKbk5vi6VXaWtgfBa
Vx1tWvD4d7QmoEJ/ju3poT2g3BA7snugXaWaNMD5G+RM02pZUClC2xz3GfCZ9N0NqPqF
5/yT1F1qYhrQ+oz/onQjBqi8hh8WQEgqDHIqN9QuT2LVjQ4TEeTkr4HEPMNDpswo/0vf
FxAp9v45A4U1IQwc2RjUpbNQmf4DfuGGG9NzPY9J2y7E/cDw==",
"k": "4pEH/JmlpUiMQ67oN1xent065WCvSYovabkneyASx6o="
},
{
"tcId": "id-MLKEM1024-RSA3072-SHA3-256",
"ek": "h+nCurmZmjxCMcTI3sCfefZ0+/y51TpWFlG9M+ByfvLJGAutAKhx7TyBxQWXM
jqvaVcRbEJGw4IPa0RaZVLCyZmcgwCsL7yu24F5RgGqqdEfPsWr8uhTxpcKI8SEh8th6
nxdizUnbSo1m8nAb5A4fYlOcYe1jnTL9GgZ1TlbC4pONcdB77u962wEIXcdIqCRuoWA3
oovQEcU1RU/H0geZfxJc5BIqkp34NxDZoNoa+smjGUFTearlyN530aG9QMSHOYlh5Kbc
KyD1PaIwsARZEih9FheOFp9dqnF02tvjmC3ZROLQ/y7GAcTLAhiTpYr74VqSEavmNo4J
TG/FfCJbgIL26N30GcAzzBzBzpV0eOh1sB87GxaMSYOrpMPR4lvQemg0gEm5Jl4T6ktb
/HJkoqMZvCEUFJWqitL0YqbbPEVG6u6rHFRAvwfaFEIS/arUPo7Q+JQmuYipeZQJqsVg
3Kr3+GFxfxfU+rKPSYhD8cvTSB+EZhHf4iSBEA6G1hBo9U4AieyhjWsLsZUVSAclpd6m
1MZLcB5JgyHlFKuO7EIvioLmJyOVChiEmolxRyBIWtAzthgKsB6n1xgoBGO+mgqtBWPt
xS7g1Kk+Veiv5BiUfRNeUKbEgSA+8WzCiCXigG0O7GeDfcnvVUlZBy76zl0YQNKYsggO
tRe2+VPK0ZH4bvF4aoJ1oStbTZbHoNK91SmwrxeDAqWPIdU6yqjeLJshHNVQ1NaDDWUS
Gh8tWana8R0mzM6TnS+5ksePZRp0CwAjzshuBIw5JlrKUQ+cRdXqmiHiiowF4lrDMqYB
kwgndpsyNMxXxiKKHBGiYiWCCBt9lcBOrOIiMZD/wGzd6m4dtkLmeGX26yLlhsBCdlKc
Mc2YWMt3pBNIJldhUxeYIOBZKksWkPCEFfNhHk0JVxgDdQZsZhCdpt619YI0/smjcZp+
Ounsworth, et al. Expires 28 September 2026 [Page 110]
Internet-Draft Composite ML-KEM March 2026
Bws9rysRXBZ9zGURUgrcRXIAzeQvIcYrblocdEldLxCIpuaPoAQ/NAwaqXAgEUfbFFRv
BkYy7G+VMwobyKXQHjJudWe7jZ/5FqJRloJA+gcPQQq7tCk0RyCGxUbBKJe1XaCycEYD
MkAYtQPvLFG2uARehiYpqtCqbSfzSnE/1TBqbJYZHheshZXLnhJTIhse5NYBEIB/hIFF
2JG91HIHqDB4ZojKpi5tRYmdKKQLfYgZnNTpetw/RMrUhMJwikr7eSkgtd06AvIh2wD6
IfHZEcG88emv7MLx6HNGChl9gIgbJuw5tySGBut7wRJMikhiCw6JFgo+cunCPMmBjVYe
tSQdzdXGeuUJHgYzkJOCUWuyHUf0mNWS0Qb6ckmC9ut+uBNsfKNkxOZR4qRHkeiN0s8o
oSQMoRezzswTaOymewE5HGjEHytYNteazwujFIBFbUdzHqnW1I2tDITE0SXrlc0NDZGs
TkE8dusPPx2Iksnk7KKf+XE1Ton/xkXr4uSoUqLS3YfctmCBqSOBRDOy3VgaGXOo9s5k
Ey2vldPD4eJvibAtkDDMJGv38AVPzlvtJwHOOEMT8IMlyAURMIHazVCY7hnDMeVtdIUV
HOKADh4xvCWqcKMj4iQE8q1RAmKKvJPe6sNGNV1L4ikBvsOXAeiFXlrQxF0JmRuKbNFO
MdoLAlOqnujmwGwI9sHJ/AVvVIivWFadbsIuDV9olFXSwci5PKsQvalufgxmNqdXtFYG
bVVVNJ3ipZ0ZMYnRxcbWvls+GIwNiZYLGxoxgt7MOOl9GSweKR8VSoMb7kK27LKOocLS
VJOiNOIbpB4Iyt+JcR0r7GM9wMl1Ec3iSqfP3toZ8aZqtaUOZGY7aeaCUybNVG0gUm6K
ndQD+UzxtR8hzF/FAWX2dwDToUpzorH8emNugtqyNZBCcsDYTad9Dx38wyZYDQCzLYPW
ta9UiG5+LQO8PVEt8a1IXucIDmyaWASTdVMyWempMVE27DFnVPFeVaXUoRcaidHIoCRK
/GACzZndFNqs3PD3BbCh7wbmOFyRHGJc2mAWUF94TNn/ygum3F6vog94QU4XWBYN9jGb
5l4HiZfFlwJbHAgahnnrrN7ZI9ASWkYuX/SPdZNBcsFhYxoO8zwlCfoxjMwggGKAoIBg
QDOBGRmox0EWqrjEmrvNP+U96HqMcizNBoll6ADuVBHNCId5eYAyj2f3Ithxd1szq/IN
NjE81iaG3xzc3Ee/2nbBAI3h3VMA/qghp8b1eDRGTDNpcfiJmvCmRAvHeDgVApjEw1+a
qFReLq4aGrCKgPUPA+s2CP9PBEjd32UpeXejnCsaRphIo/KFuJjwqH69EWNTEL/wVyrT
5pjMT6LpAVcYf5ZSOEWEUOFAbQA0i29y4+zEHxneUirjeATVYOocwrSNEOuxBrqhefgt
DGm5TnzfZQdCZ/kNBFBGPYYvA2mp4pVuJmKrEkbBYt7ZUoc763/R1D1P4xGTnmJYdwoy
5QUbT0JhIZV9v2eCrDgLATtyEnJOkukhJRuPI7fwD6HM1bckhM+iAmDT5hMVHEjUl65P
0DISIjadsdonaiyBgzgvrwO9Mn5tNrrqPSOtu77F6VxUMeqsXreAcDffUzQ8OSk366H3
N4lv36DLRsm/DmFs1iaZuu4/4bwZYFOOWklJl0CAwEAAQ==",
"x5c": "MIIVqjCCCKegAwIBAgIUHpjS/W49q1N7FcqfPjjjZsYdKSkwCwYJYIZIAWUD
BAMSMD0xDTALBgNVBAoMBElFVEYxDjAMBgNVBAsMBUxBTVBTMRwwGgYDVQQDDBNDb21w
b3NpdGUgTUwtS0VNIENBMB4XDTI2MDExNDEyMTUzN1oXDTM2MDExNTEyMTUzN1owRzEN
MAsGA1UECgwESUVURjEOMAwGA1UECwwFTEFNUFMxJjAkBgNVBAMMHWlkLU1MS0VNMTAy
NC1SU0EzMDcyLVNIQTMtMjU2MIIHvzAKBggrBgEFBQcGPgOCB68Ah+nCurmZmjxCMcTI
3sCfefZ0+/y51TpWFlG9M+ByfvLJGAutAKhx7TyBxQWXMjqvaVcRbEJGw4IPa0RaZVLC
yZmcgwCsL7yu24F5RgGqqdEfPsWr8uhTxpcKI8SEh8th6nxdizUnbSo1m8nAb5A4fYlO
cYe1jnTL9GgZ1TlbC4pONcdB77u962wEIXcdIqCRuoWA3oovQEcU1RU/H0geZfxJc5BI
qkp34NxDZoNoa+smjGUFTearlyN530aG9QMSHOYlh5KbcKyD1PaIwsARZEih9FheOFp9
dqnF02tvjmC3ZROLQ/y7GAcTLAhiTpYr74VqSEavmNo4JTG/FfCJbgIL26N30GcAzzBz
BzpV0eOh1sB87GxaMSYOrpMPR4lvQemg0gEm5Jl4T6ktb/HJkoqMZvCEUFJWqitL0Yqb
bPEVG6u6rHFRAvwfaFEIS/arUPo7Q+JQmuYipeZQJqsVg3Kr3+GFxfxfU+rKPSYhD8cv
TSB+EZhHf4iSBEA6G1hBo9U4AieyhjWsLsZUVSAclpd6m1MZLcB5JgyHlFKuO7EIvioL
mJyOVChiEmolxRyBIWtAzthgKsB6n1xgoBGO+mgqtBWPtxS7g1Kk+Veiv5BiUfRNeUKb
EgSA+8WzCiCXigG0O7GeDfcnvVUlZBy76zl0YQNKYsggOtRe2+VPK0ZH4bvF4aoJ1oSt
bTZbHoNK91SmwrxeDAqWPIdU6yqjeLJshHNVQ1NaDDWUSGh8tWana8R0mzM6TnS+5kse
PZRp0CwAjzshuBIw5JlrKUQ+cRdXqmiHiiowF4lrDMqYBkwgndpsyNMxXxiKKHBGiYiW
CCBt9lcBOrOIiMZD/wGzd6m4dtkLmeGX26yLlhsBCdlKcMc2YWMt3pBNIJldhUxeYIOB
ZKksWkPCEFfNhHk0JVxgDdQZsZhCdpt619YI0/smjcZp+Bws9rysRXBZ9zGURUgrcRXI
AzeQvIcYrblocdEldLxCIpuaPoAQ/NAwaqXAgEUfbFFRvBkYy7G+VMwobyKXQHjJudWe
7jZ/5FqJRloJA+gcPQQq7tCk0RyCGxUbBKJe1XaCycEYDMkAYtQPvLFG2uARehiYpqtC
qbSfzSnE/1TBqbJYZHheshZXLnhJTIhse5NYBEIB/hIFF2JG91HIHqDB4ZojKpi5tRYm
dKKQLfYgZnNTpetw/RMrUhMJwikr7eSkgtd06AvIh2wD6IfHZEcG88emv7MLx6HNGChl
Ounsworth, et al. Expires 28 September 2026 [Page 111]
Internet-Draft Composite ML-KEM March 2026
9gIgbJuw5tySGBut7wRJMikhiCw6JFgo+cunCPMmBjVYetSQdzdXGeuUJHgYzkJOCUWu
yHUf0mNWS0Qb6ckmC9ut+uBNsfKNkxOZR4qRHkeiN0s8ooSQMoRezzswTaOymewE5HGj
EHytYNteazwujFIBFbUdzHqnW1I2tDITE0SXrlc0NDZGsTkE8dusPPx2Iksnk7KKf+XE
1Ton/xkXr4uSoUqLS3YfctmCBqSOBRDOy3VgaGXOo9s5kEy2vldPD4eJvibAtkDDMJGv
38AVPzlvtJwHOOEMT8IMlyAURMIHazVCY7hnDMeVtdIUVHOKADh4xvCWqcKMj4iQE8q1
RAmKKvJPe6sNGNV1L4ikBvsOXAeiFXlrQxF0JmRuKbNFOMdoLAlOqnujmwGwI9sHJ/AV
vVIivWFadbsIuDV9olFXSwci5PKsQvalufgxmNqdXtFYGbVVVNJ3ipZ0ZMYnRxcbWvls
+GIwNiZYLGxoxgt7MOOl9GSweKR8VSoMb7kK27LKOocLSVJOiNOIbpB4Iyt+JcR0r7GM
9wMl1Ec3iSqfP3toZ8aZqtaUOZGY7aeaCUybNVG0gUm6KndQD+UzxtR8hzF/FAWX2dwD
ToUpzorH8emNugtqyNZBCcsDYTad9Dx38wyZYDQCzLYPWta9UiG5+LQO8PVEt8a1IXuc
IDmyaWASTdVMyWempMVE27DFnVPFeVaXUoRcaidHIoCRK/GACzZndFNqs3PD3BbCh7wb
mOFyRHGJc2mAWUF94TNn/ygum3F6vog94QU4XWBYN9jGb5l4HiZfFlwJbHAgahnnrrN7
ZI9ASWkYuX/SPdZNBcsFhYxoO8zwlCfoxjMwggGKAoIBgQDOBGRmox0EWqrjEmrvNP+U
96HqMcizNBoll6ADuVBHNCId5eYAyj2f3Ithxd1szq/INNjE81iaG3xzc3Ee/2nbBAI3
h3VMA/qghp8b1eDRGTDNpcfiJmvCmRAvHeDgVApjEw1+aqFReLq4aGrCKgPUPA+s2CP9
PBEjd32UpeXejnCsaRphIo/KFuJjwqH69EWNTEL/wVyrT5pjMT6LpAVcYf5ZSOEWEUOF
AbQA0i29y4+zEHxneUirjeATVYOocwrSNEOuxBrqhefgtDGm5TnzfZQdCZ/kNBFBGPYY
vA2mp4pVuJmKrEkbBYt7ZUoc763/R1D1P4xGTnmJYdwoy5QUbT0JhIZV9v2eCrDgLATt
yEnJOkukhJRuPI7fwD6HM1bckhM+iAmDT5hMVHEjUl65P0DISIjadsdonaiyBgzgvrwO
9Mn5tNrrqPSOtu77F6VxUMeqsXreAcDffUzQ8OSk366H3N4lv36DLRsm/DmFs1iaZuu4
/4bwZYFOOWklJl0CAwEAAaMSMBAwDgYDVR0PAQH/BAQDAgUgMAsGCWCGSAFlAwQDEgOC
DO4A40ZiFdVbGNa4jHqRNyi5cjGep8FjyT6Ia+C/1jIMazYZ3SBsfrxn9l6XJWEayVdJ
ZqeBnXFD2hpmqJVlXywVEZQkqegyt8m+betecAk3Lb7elSgOhNKane5M3rtuclqZC94p
GjgOXVriuE80Fdk504s8l1Eg3NOPB1PGyFmh9pm9Sb36hZCfK5Nn7yHFS7PUhIrydgO0
qxUvj+gEz+OTUnFNiEPAkU25ioglZq5f8FPh5AXr5L5vWxf0jr9+Z4F6qysebWVzAVeB
aH8PxHqsdMVartXJGSoU6orORo/PCEco7rQTZq7mAifZJooN+1n0anFdPBzItemHAPn/
spC5pQzmXXvCpn50uWnfDNBPR/FodMXnMXedNb8tVwJojDtIs8RUtro9kx+FrakO/GZQ
jc03/d6+r/pNVxv14hjdPwxGrYYzHGxxcRVMZ82Hy+w3hV1x5dB9rQdbFDsueucW1eV/
y55rP6mXLs5T3wfTRxKujSYVewTw3YlTl+47FrPmweaiS1nNP0B8lsic1dvYYd7KQTAp
xd33xb/O8IqPpdpajYgNbePjZiQvuHM9pVXr0fRQ5j0B46rbP18/jk3FwjW8k/Bw1MXE
bKj0yQnTy+tR3GSbT8c61vO6nbJ+wv2+AfAAlJMdXWe8aEzSS2YhDoOIedj6eU7QQbip
fiUXP6t+Pt5l4b5zBzL7wLj6+A5iV/jjqAvcSmawsESPFv/M41l4n6QDw2cPiZNHwCTW
EdfFVhAAfWOx7jGQKFBGGcORW8TM0xXvRby2N3RbtiiIh3x6yztcwVPco733sMcPJzm5
lRS4mN0Pe3AC2JouIzSBK6Sr2sQAndtc2irXZUaDswgmkk2PqDGhmPn9stczzivb5e8e
sitljqe4KAp1TUlZDFcMo6cxZz3LqafJYpaxdrEPM/FhOKSX+axC7r/14uE0BZ0hxe8c
yIC8OHy5mHZjXFG4EnEg2duNWzSg4Mq68PW76q3JWcoFcGMVKxvl+S5JAFwOVFMVUnEA
O/29H6UuU4Unndjr1GRpMeXz6tYHpm5vI5uIX5b67Cn3SM4CzcJSGGhDBzf3MIOWZpHm
AxWgaZv/7bsN4+fPrIL3mV5TBZVoyFyXLw1zEge96r+prP/tpJUOMV+OWyDpkkGLoCCk
6rH9h5biFzHRTWBZvpc+GInChkiwqbjuaq5/6TEyEfhGmH2w04P6B8eTvx8oIFRwp5zd
lYhPYxpSH3id2lBpnBGHukTItf6sTO8uhXzCWp2gSMi6q8PPqIcNFj21DA11Ilh5ZR6w
0bCDFHz4GMzznxc6+CdulsyR1T4yElL9R7KGPLzY0FtWanf9upTHrJTRbHU77rE5S0/D
kMhe94kWoD8r/3vQ1iHegmTZ6401UdWyMZXJ37PDb7znzQ8GHFQo2Dak4ZS0Fo2u5lml
7+ghRoDr/uAjZ9/06f12gu4ktuqHTCALDXG3r77QAgmQmm9AYx5uShwDteOqLZXiYAj4
FKOAuXb75za9tCv79k/4Zcgcw0DTSHDM5xQ0gL8PudV0q68pxJyR3vD9+hhoKR3KTIw0
ON6zqcmKJSZEk8F+UdzAFim+7xDWje85ISMDBkj6Iwl1RzeOdmSTqNsQwxQZjAjsPlN6
taYFSh9vGbqT++uBohMvmAOTwJi9DqtGcWTAyp6Xhr1YIlR44R+GZ3kRUYUm9aQQvuPp
sLcrGVxH/9hsrEX5h5Oxt30ErnN/bwUwd7wJ+2NMZyRLDHhdvUfDhQ+l79MnziFBuvHj
/JhTWsdTYOF3e/M8VcM2rxGAHhSiNh04LibFhquFRjSi+PcYumsCumdb6Z9lbn3NKxIm
Ounsworth, et al. Expires 28 September 2026 [Page 112]
Internet-Draft Composite ML-KEM March 2026
NkwZ+/OpqUlzJ50bmVLCK9iqgnBUczOsBDkE1CcZx1EkNW+36kEY2l0R5dQAjyjsjNiE
zLqG7sZw22XuMfiz7SMLg0On63jOhGc1JdeAYyktwF0zOnTcTqOi7LYSGHt1i1+W3rwh
1K+m0RXeRMMihcvT7MUKyX0DnT6KEEWvqH9qvsj3FxpbK24M0ekvmnGyCNQ3dnkwMgbO
1ONfpPcbMJ/3M4dWYE/7HNp4xjSgPU/JcRfZNxleFr2tJ8bc6Lle8fyoM+z0BEMF3oad
i+iSdAluv21xJFv7iC1F+3WQuiG8NsRLUggdqZznweiezosbSX0hoU2xTpPZxafzFQZ/
lR11AoQtPUYlsSQinAexn3zxJixI4rPWNwlvhSGUuBNjXrkHYSmM9LpUwCvUUm34KIi8
Va61V4SJ3CUMyMTwoLA7e9duUE8DRaqNSN9dJPmJODln1uTcKJaG+YsRRTk+aArVb6s4
e+kpmZvF15+erSbMAPeOjyRkrVBQVIt+BnlykZAJhFpo87oE52T7ACffYjJ37aniMyjS
pKKHnXS18enVzQEZThxO1YNbABt/V1zDux2FzdCM0vRf2TxJtZ4wD7eP37w2CKLljNq+
uAkDUHhYwmTGOVhYm9/YjO9Smvpw3yCF0oyf2z/j3nK5Hs0ODfmwsfqiuUuKuhLd6YcD
qYEQa7KqTxZTI1ojjN18qhlhpMIXViriEwKKPT38kcG5F6k79+DnuIMjBUdy7P81pZYq
eMZtuV4T8EuQrAQt6T/KvprnU8hITILnx/uWqFyQlsOTIt/9AGThoqsB8TuxAdPvEzqc
a64bgd63Apj4lP7kQ7RvIGE6Q7PZPskWw++j5R6YwF4edS+8Yul9ZpH3JvRUOZ1RawlT
e5ZWBQ8WH/XP8wlxhvvqRDn4DIO//Qv0J3uhPSvdFcbgC9wZ+2dC8g48vUXpIVKdMEqk
X+ZpSNBphijXz5EvCpjBM0ardPPk0rUdF/hAoJVFNvplF1biWLNCPzLA9or9muUY3eMc
Tm9GX+qeA4WV9T5HP6NstvrWLf9NoAO8tuuSKfFZyh943GHQo4veiP2w0JqmG3ZHG1sH
ovFbZ+KRLEQYzq0IyAIJQAglLPJJ0vH3WO0gntxKJMTB2rbStmOGp+ddnmn7rJ91N4+n
zkLB75O1Q9N0HNujJ+QdEgWyEiZ4DBE0XREbwLm8SJ8T2ZAJPv2D/wvM8ahY9hgAAxMY
AHV/rcDEfKuXsHzmIzGihlBUBF0IfMgEdKp9KcJt6g7DZJROUK5WwZi1CdmvFaIeo0Ms
D4TTIFQcyVNj+AKMPDitXjtdAcwKQg0EUSOsn4V7cc0GzV2KCw1NCak4vloPRqGd34oW
ArPdK85eA3cR/J0lunne+v80nYaxYPqTAwy45hNLNHfHBTd3xzoeCBOALd56j0euInDC
WbELNt5AAz5MAUgPxkQGHZQfWmh/TeidCq5gI8FYmPE1ZRqYImq677I1Sm4Die2WpuZ1
LjOwGoYIY5nlGHbMRaTklLX5gIA8yeY+PNdGaGpPQPH6cOKMsMfMe1/jDu6NXhGC+vcb
YyZWGS2hdu29sFNTSmkbRams71DOsewDyUJuPMIPKOMZhGG6dXi++QVDyiG0XM6hDuDM
IRpvxSWRn22KSUNoN4sELrFXC+I21tu3oNnAVNXo+Mv4Ekij3lSd9VT/kqjUhHMtN3SK
lUmsebg5kl66NcOgiHU9F24MzpnoBoZb428/sQ1+RLteOrsCyAamlOkwkXafs76hQSnO
61N/TvmsYxfm4gf2BTcjlAy5rmN+N4FfJTkkTpwoNiGGY5JtjJlAwf4rWbeIXkh2DyTw
bH150bkijwxYpD8a38rGg+yA0lHE2jkOlS9pXhUngeEd3wOjYGEJCI1cSdSNF9f7Z4Zi
TsxGMKIPl265vXx8Aq+xDR5mX3vusVupHCN0XyW+7bmhlXvcdPu/Y7la5me+Fgoclt3Y
9CkDoTmFQ6F7R0KHlc9Ar6TLr0f25iahAzKFD4mjTiMmh7m1jQmjiyiD4jFit4/kIyTx
XXtlgbjp7+izUP8UhE5WPUMa+Hy6StWY8PeOiEiybTkiKxwfKrU11dBF9cXXkA3Pf2oM
04nuAiSeX4eP2ahfLDIZ+y4gIRgD6lez3jU/RIjSzP1sCSMDdqn8YIvO00P9U14k5jvn
6acJWqDp80EmiHUYDJBKo/LdsctB4aN2x7RgMWhdPiL4L4c397U/x3Kum+aSZOjdWGHJ
I9lotZWsZS0rhv4Z2KZzNL9VxBffis2YXZo8XswksK382KH9SLJu2t60fk3JVHKAZeBm
qnMhCNphEdbdAi0WzC/+iC8MgkW10tJXD1ZEYUwduODyjhlTmh31OP13COrbm03RFCD2
C9r4qiXttuM5Kus/QONccUyrd7L319QLmuXLmT1N4GBpj51YBpDbo5MKB8OOOq3t0kDp
YlHTWYikw4uEBT8g8BSebF7pQ3fJYSWkzTKqSX+uWIv2YaY1vmIIFhk4R7fB7vQOJkBB
qNHn/RUbbYYGLH2n1AsxQ4yXnZ6/1R+T0wAAAAAAAAAAAAAAAAAAAAAACREVGiMm",
"dk": "YbIkekkePNyGdhePi+kl1KUQDzmRzsIj2j6QP90xQGCqvthqgO2V5zXnc5Nen
RjqejNgs3NFpdfVvIVpLXCp+DCCBuMCAQACggGBAM4EZGajHQRaquMSau80/5T3oeoxy
LM0GiWXoAO5UEc0Ih3l5gDKPZ/ci2HF3WzOr8g02MTzWJobfHNzcR7/adsEAjeHdUwD+
qCGnxvV4NEZMM2lx+Ima8KZEC8d4OBUCmMTDX5qoVF4urhoasIqA9Q8D6zYI/08ESN3f
ZSl5d6OcKxpGmEij8oW4mPCofr0RY1MQv/BXKtPmmMxPoukBVxh/llI4RYRQ4UBtADSL
b3Lj7MQfGd5SKuN4BNVg6hzCtI0Q67EGuqF5+C0MablOfN9lB0Jn+Q0EUEY9hi8Daani
lW4mYqsSRsFi3tlShzvrf9HUPU/jEZOeYlh3CjLlBRtPQmEhlX2/Z4KsOAsBO3ISck6S
6SElG48jt/APoczVtySEz6ICYNPmExUcSNSXrk/QMhIiNp2x2idqLIGDOC+vA70yfm02
uuo9I627vsXpXFQx6qxet4BwN99TNDw5KTfrofc3iW/foMtGyb8OYWzWJpm67j/hvBlg
U45aSUmXQIDAQABAoIBgCzAG/4GfvJX7ohSExvgT4cwjkGErGOu1OInEDlW2ucInkOP0
Ounsworth, et al. Expires 28 September 2026 [Page 113]
Internet-Draft Composite ML-KEM March 2026
XkI9T9hJP6pQAqXT+wlfJO1h2C8STl70U3qLbiHI6Mjv7kyIRIXA/9EI2hQOD9nfCZ18
ZDs9izB6PvZjYMNW7BC4cVEfAy8E7qW7Ut/+2iwb4rdrhxd44+zRJ4mIzf0QahpXUII3
AbO+6f7QRNrBh+vhR1qNm9G/l7PU2HIoHsM/2WvfNLqtoq6HPj9+3oqQdepKv2m3Q5eF
DH2QPbYQSsiiSz/NeaprXkq3PN7zKorMkxU/zR5M7Iz1NE+nP5W/4t6K0GAm6yZ0A1ti
5R4TbnR/jqv5hilvcBAqi1t5K4f6r4XCxsyisMIELc7+bkNJn1n1Pq6FPiRGTzCnimqA
jHQYL0a74glSKUX5aGpFoWRvLVDF5TWR+P8AXLKV3yQJTHzp4EiFteEyNVrl7RzURtte
MDEsZWMrz9uwD0EFsVdja3PR9Q7IduwyWI3MB20XlQmw/FSflJlJDkbyQKBwQDxeADPm
Vc/fEmsDcbevVtRnrBZSx3PwxXODaT+SEEBbrsyNqjHjryIbAnVud78PDVqBx8Q2nC9s
QA+keUcCMyWAXPL4WvX28aXETmFz1qC5nY90204cN/oDUNL7IGK8dVRtcim9OmVP4A3R
P+NNY3nEtVaz2nDYfVYbX9J3DOpIAuhvbkr8Yf2Nb82gJRQwuPyKy2FpPd+nRD3DjWJH
VKd2x0Fk+1PjeuVoOztDdYy5iNIfPwXx7Ovua2Kl0pu/TkCgcEA2mo7ZJHJiNFzQ8knM
09MrUkJG09UWCaPMWGfZw8ZbS8YFlASTPtgno+KbZOiIhIMJDHDvFfV1U0G1tpDFzORu
k/SGyPCj4SBegIl8EeMoMFlHHDO4kpt32/viKiRvlkOVsP2ixD4+rJ8c8wrQMPWOCVk3
+FRfwj4/1qn3eiJLLCnUetQAwtlUrnCncNtmib8tF8R5uO71IID8S/ROLrWHD/wMbYS2
7lfr3nPN4OvZUJ+6ZPMIZQKMFSUofvDOBZFAoHAU18/yG4FdeIP/dvz4kw3D4NfGDWbY
XTWPoLviOyhpUD6WWgN9nkOF3xWGPlISIbxWl6DF2qUqqpGj1QIaxmOqexucuKuPaWgd
+B2oADsG24/PTGW8HnolVKe/cP3JmZBZSkC0sKVM/bs6ihko/jtue8Cw4wB1HgqIhIMd
RAWtjpeScYb/VQzwYrlLohOrWPdGGxYF2DSI2FPzj2VtnXtZJuW9aoRsfoqcUtTArZYU
tKrNAgTcpJ9NBtEFCoQhSnhAoHAYBhRHURPKRUN44sC5j5DfBIgIZXbhBUi9xT+bvdjt
nf73wVHp/sJXXnF68QCl37dPKdweNMkT35ePfU1g2W6/f/UbwBiv4YK+UUsr/Sq2Kd99
u9i9ojMonu7JaMUzGyeNGpvdGv5P0N8Ie54MTx4aad6JE4b7wphkuet56JBiBoI46/mO
hCveaAlEghDlokEsc8KL02O/EZfuaPSJ2V8gl1XLmfvECEVCj1LgB898g05jUbrjvJ1M
SJlaoc8MtcJAoHBAI4WvJeaFTxiMTsJuINHV7XlTmeDWKuzMET4fv1DgNa9JGHkr09r3
uizqlKVdmKTEwtgtNbzBz7obkf0/KTnNaHjI/28AGmE4wHZ3ZM1Y8IjRX3S7GjSLslWd
bw6pmaXWXp+p240ZWrGj2kSnSHQZVM0Yn3UAW6Fgu+wZ9g7d3f6dD5PIJk7WT1mkt5H6
M+8oEmeOqkyrK403Ckpu532HyF45txv1uAJwht0GbordPM9fTTHe8JhJCmTc6D9WdI+3
Q==",
"dk_pkcs8": "MIIHOgIBADAKBggrBgEFBQcGPgSCBydhsiR6SR483IZ2F4+L6SXUpRA
POZHOwiPaPpA/3TFAYKq+2GqA7ZXnNedzk16dGOp6M2Czc0Wl19W8hWktcKn4MIIG4wI
BAAKCAYEAzgRkZqMdBFqq4xJq7zT/lPeh6jHIszQaJZegA7lQRzQiHeXmAMo9n9yLYcX
dbM6vyDTYxPNYmht8c3NxHv9p2wQCN4d1TAP6oIafG9Xg0RkwzaXH4iZrwpkQLx3g4FQ
KYxMNfmqhUXi6uGhqwioD1DwPrNgj/TwRI3d9lKXl3o5wrGkaYSKPyhbiY8Kh+vRFjUx
C/8Fcq0+aYzE+i6QFXGH+WUjhFhFDhQG0ANItvcuPsxB8Z3lIq43gE1WDqHMK0jRDrsQ
a6oXn4LQxpuU5832UHQmf5DQRQRj2GLwNpqeKVbiZiqxJGwWLe2VKHO+t/0dQ9T+MRk5
5iWHcKMuUFG09CYSGVfb9ngqw4CwE7chJyTpLpISUbjyO38A+hzNW3JITPogJg0+YTFR
xI1JeuT9AyEiI2nbHaJ2osgYM4L68DvTJ+bTa66j0jrbu+xelcVDHqrF63gHA331M0PD
kpN+uh9zeJb9+gy0bJvw5hbNYmmbruP+G8GWBTjlpJSZdAgMBAAECggGALMAb/gZ+8lf
uiFITG+BPhzCOQYSsY67U4icQOVba5wieQ4/ReQj1P2Ek/qlACpdP7CV8k7WHYLxJOXv
RTeotuIcjoyO/uTIhEhcD/0QjaFA4P2d8JnXxkOz2LMHo+9mNgw1bsELhxUR8DLwTupb
tS3/7aLBvit2uHF3jj7NEniYjN/RBqGldQgjcBs77p/tBE2sGH6+FHWo2b0b+Xs9TYci
gewz/Za980uq2iroc+P37eipB16kq/abdDl4UMfZA9thBKyKJLP815qmteSrc83vMqis
yTFT/NHkzsjPU0T6c/lb/i3orQYCbrJnQDW2LlHhNudH+Oq/mGKW9wECqLW3krh/qvhc
LGzKKwwgQtzv5uQ0mfWfU+roU+JEZPMKeKaoCMdBgvRrviCVIpRfloakWhZG8tUMXlNZ
H4/wBcspXfJAlMfOngSIW14TI1WuXtHNRG214wMSxlYyvP27APQQWxV2Nrc9H1Dsh27D
JYjcwHbReVCbD8VJ+UmUkORvJAoHBAPF4AM+ZVz98SawNxt69W1GesFlLHc/DFc4NpP5
IQQFuuzI2qMeOvIhsCdW53vw8NWoHHxDacL2xAD6R5RwIzJYBc8vha9fbxpcROYXPWoL
mdj3TbThw3+gNQ0vsgYrx1VG1yKb06ZU/gDdE/401jecS1VrPacNh9Vhtf0ncM6kgC6G
9uSvxh/Y1vzaAlFDC4/IrLYWk936dEPcONYkdUp3bHQWT7U+N65Wg7O0N1jLmI0h8/Bf
Ounsworth, et al. Expires 28 September 2026 [Page 114]
Internet-Draft Composite ML-KEM March 2026
Hs6+5rYqXSm79OQKBwQDaajtkkcmI0XNDySczT0ytSQkbT1RYJo8xYZ9nDxltLxgWUBJ
M+2Cej4ptk6IiEgwkMcO8V9XVTQbW2kMXM5G6T9IbI8KPhIF6AiXwR4ygwWUccM7iSm3
fb++IqJG+WQ5Ww/aLEPj6snxzzCtAw9Y4JWTf4VF/CPj/Wqfd6IkssKdR61ADC2VSucK
dw22aJvy0XxHm47vUggPxL9E4utYcP/AxthLbuV+vec83g69lQn7pk8whlAowVJSh+8M
4FkUCgcBTXz/IbgV14g/92/PiTDcPg18YNZthdNY+gu+I7KGlQPpZaA32eQ4XfFYY+Uh
IhvFaXoMXapSqqkaPVAhrGY6p7G5y4q49paB34HagAOwbbj89MZbweeiVUp79w/cmZkF
lKQLSwpUz9uzqKGSj+O257wLDjAHUeCoiEgx1EBa2Ol5Jxhv9VDPBiuUuiE6tY90YbFg
XYNIjYU/OPZW2de1km5b1qhGx+ipxS1MCtlhS0qs0CBNykn00G0QUKhCFKeECgcBgGFE
dRE8pFQ3jiwLmPkN8EiAhlduEFSL3FP5u92O2d/vfBUen+wldecXrxAKXft08p3B40yR
Pfl499TWDZbr9/9RvAGK/hgr5RSyv9KrYp33272L2iMyie7sloxTMbJ40am90a/k/Q3w
h7ngxPHhpp3okThvvCmGS563nokGIGgjjr+Y6EK95oCUSCEOWiQSxzwovTY78Rl+5o9I
nZXyCXVcuZ+8QIRUKPUuAHz3yDTmNRuuO8nUxImVqhzwy1wkCgcEAjha8l5oVPGIxOwm
4g0dXteVOZ4NYq7MwRPh+/UOA1r0kYeSvT2ve6LOqUpV2YpMTC2C01vMHPuhuR/T8pOc
1oeMj/bwAaYTjAdndkzVjwiNFfdLsaNIuyVZ1vDqmZpdZen6nbjRlasaPaRKdIdBlUzR
ifdQBboWC77Bn2Dt3d/p0Pk8gmTtZPWaS3kfoz7ygSZ46qTKsrjTcKSm7nfYfIXjm3G/
W4AnCG3QZuit08z19NMd7wmEkKZNzoP1Z0j7d",
"c": "+rx9DSAzOMRKbCzOPJnyOX+YNk6ixRJvX8DU6PbkwPcGukOmUYlKC4g6qWZTKX
IXESLA6b8XnaOdnrsd+LQ/EVQxjkwanYWe8Ddzz4dLWuycPTwwLonesDAyo2q150wqfd
GU2pFVX+lUPMwIkwu3GSmYuYE7pWMPwj7UNBj7WZOG0Bul2BiZj7DeoCYOqe1LX7aZ3M
cQEkv5Jo7WwVGScJu6JPpCTn3LesMtjZvX9Ckr6ZriPC2BHXz5pYCpbBT0P2HFqesot/
Eeca+ikyPbenrISNZok9ZbMKZ6ax+pN29HLplbEoewp/q73A1n1K+T3eG90b8SKdnH7z
t9xmLTOxzfwdIVP95y4xt79CsmiW+7dyTD3+mWBxV8MDgkG5Z/1Ab9A+F5Use6zJqDju
EIRLCrsRCIeebdrO59B/DsoPLSJE3RuPuj1RM53H/fyXsJBJxj/c6TxgzvfDghFuQjig
wzs5iCCGVAtR1TEgGslG1kx8mfabH27Y0pV2lNttM6kitqfYnkoLTtuVkyNj23mtZ4a7
z5r55SMLUOnDFP1xwqujtARwwMh8We/Mvjc4VRwgR6Dg9gmljL4wMyAu6E55AXWXyeuk
t3ta5skrjiNZrbwQE+9Y8whRo3EwRCFTJFtSrAvaNZK9Mi9JlmgO4Iv1bfF3rjX4iMLa
xDJBK0DAAcoysLfy0iQOyBiE/YxL2Ye2XRsPflNH2RlH519cNab7PhQTZFprr/e58CE2
zMPotPKQVetQc3XfFUJnjblsAVaCL+mL86GYEM3M8jcBbtXbJxDhXyrtvzD6RJ75SK2J
aWwrBbK9QLOXBzLDJd65M/a+x7E8xBItvGAUP6uzb5Dj1zyV4GqGwMvu9y298T2+/Qly
gI0GORHmfFTH49XCDZXSs7oaxqqqlod9P2KWyjvLCiUCuZisZsDVcnsVB/yalAFfjvnX
B2Y2Wv34jZBG7/v+HfSI9HrKycA3q+qZJ8a23a5zhwxSW6rh7v1kRJVhVBgzrxeS4ozg
4aPx9Ege1ZR859ogBBecwDUTV23Cr3Xh9F3yPtAjXi+oBv4wJF71oeymcXq9vBUgLayE
cFsx3nsoN68ZmlWArRlsKi8S8pRgeC35HkiG0hbkZEL1oK+DURAr93+bmNsqEUvydGyK
/DfnLv9Uf5h+x+xhXNzk0Hwp8+KgEM4e7V0tfcJA51qh3HJZtOGedPF8pW2cDr7thvfa
7/KgOKhT/PbOHjqzYvbSh1mra5HXxEM8RhcCC1wtl5oS1NCVMGx9mWaEmbnUCrBMXi/4
co8AJGDn+67S0sseSaFpYgvGQEtEltNic+ry5deTAE2wPFW53hsiJxeAOlTS0jTGVTjw
Q4C5lGnN+V1TkTqV9ZfWKGv7/cNSP1FBeExglsVkL4m3J8cwxw38K2KAeQeh9eLqcv0a
xNkSPHtnspy9alGDm526QLFwoe/ZWARFkWRyujTaTN6kQ71bzJcWBVKhAAewUD8nPquT
iZsf0qmzrDvAxz7sfzqo+X7TppT4celiCRDg0c5j0A+5StNKNd4dbCk3QU1r5tshjjr1
l7ht3uMy9gdkBmLHQdfVVDawFi6WaxNs6CcjWZ1fc2898S+1gXHFq8nH9KyrkkV0ZpSM
aF6aRRJK3sz/2aPlhP1ltB5MSSYk2zISYeZSyH0S08WRgvJBQgvMWoOz2YU0cQSXA0Q0
sOG31KfBMD/zMMLe/ou71ISgHccGVcHKxabVAd19izWHFxGYz0CE0dK+KC5TjKA5oEWw
yB5tiIv4bA3tVWHjQ5tCQ/fO1p5VSeuGR6SedOKGULniwHCbkKvzQrpyUaa9Le7YrALW
ONuCD4Px/stTk+Cf0nBb4wKDknnVdbkPo0mJuV0QXABP7KISHBf1BeP2v7iQMKPjyrjx
7BfzbzC4X40EXgpM5axaWO2cHd8fuJs95CiW4GlPaCklB5b70mITyeGddxyBbP6KZ17l
96D6q/tQDAQdjgyogHRVPyu1xOY/x4d0diXF7rQlT0uueAg3MDJjeHw/GvW76QDm0emr
mRvKmvA+EkLbxdyJcZmU24gauKebjOKQU4xUtUzYF39AXjPl+brOOFxv4l6k3YaxUGzJ
iVBDm6OeAh/MBf932VMlMT2sY2aGBJ1oOVeMwd8u2hrM8RaSKrU9VB747aVj3Qjqscde
Ounsworth, et al. Expires 28 September 2026 [Page 115]
Internet-Draft Composite ML-KEM March 2026
isKUE2xIzLVo0wi3k4CQE6L84EcmStjGiDds1DWhCpUvrY3ZfbhA890hNepEPqQfT9xm
Td5jA57bxxB/7FBNxet/CLXU6oA+PTDILXGBD0S6KbpWNjsU4pxjiiLC2j9qDSY6IXrL
J9VzJzqcgeqzgvo0GkTTDCS/MLbjLn7MfEGVG2jMY6wff8Nc57BBy5YK07N0N/Z1HtCY
q16FUC7eW/RIRPrmDQ9d6ULxXKYbqXUsYiGI+HiNGI8BNqU8gIwBJ4XDxYjsVKk2wlfv
c4OdnwdgTGwWq0waFBmZ9KzC0134OrppIt5o2zuDIBrwqOPrQP0U+4DxnJbiaLXVzRqa
8A5bPzAGvdSKqhv33xqgu/N7xQYgM5E60qgd8/V7w3hgOPgkr9uoLB6uI/sWfmbVTged
gBKiG+vZvOsca9JoiOIAHDwYg=",
"k": "smNPMrd5yE/zwIiSYi5Az5LtyHc0FY5LkqQrNJz1JJI="
},
{
"tcId": "id-MLKEM1024-ECDH-P384-SHA3-256",
"ek": "U6GVV0fM5vmnwhA3ajQRpAsHGZaFMbfPA0ks8wnORAAAJxii+6d/9yJtpmW/A
+UvuDRqwTfMZvptEysWY4A3PsNucQqofxNcQNm8IWGkfIeaU9g0IimEs6AKCugkjlk3B
FiQkoC/K2FlkEuTVxp954h5QXLMfji9vMwGRjxCQQwHa+Chd1yuA0WN+EtsmblvT8hlB
yUJzaadL+pVHuIkSgnIWXGDDbw8NfHL1uy6yDC6+bOhTlNcLNJf/UeR4CUwTgdfRLMx9
mAQuSaEYWLBteZAtKpiBluuwhM4ZboN2/AilbSqNGUxcQSG6AVXVKaoTvWn+MMaTmsrp
yvLX7MzR0cLgUCWNyVPx+qte2B6x8M78Iu1rYJPzIbEIDGgILu6TXKXIIOMPPFO0pkFb
ImHaLNV+Ne7N5Kl7uugHVmNktGa63Ww7ggfzIrMrskSd1GDTQfK/hXBiea9shJ7pEQmx
KeLd3MAQ5e3RgdzEYg7xCXHkwFx/noIOgV5h0C+C0Ba8wWLqqoDXWMWF+pFBPWgm8eaL
SaFIemg5Ddut4ljubc7Mgc/ephFo5qrH2UosWZZONI5nQaOhXozITMse1BvWWp0rGAdz
NSWOktpczPFaey+WxsjC8QbuWVAshbPWCskXepvTVldkNEueXjAGKs3awQutJVKzeBv0
CyueXSfOysOOkBvuQuUrdYgB7oKX+gr7GxjSdjDcgwcx5hheoKzccJ7MbQGssVmZkReU
1iR3kvKtdAQ3XKniFeh40QfeVfF7OAu1rejTMZlQoxqFKxpSVN5I6qZ5kFHiEYiFFduG
+IyiOulXvk5zmSe0HBnOTKVMJccE8ilKgxXf9YGK7wkaVFGTZFfDOxcYDFQiOO2ghtGF
iMbARGbyXFURSQjvMqYWQlU0Me9fFuInFxB7swxIVSw/cvOgIdGz/C+19yhztiafeELm
HxnKjq4iZpy/UYqVzYbHLd8klxTo6lCXUVDAJBAmzOd9EJBUGpSY1s7XJBRcvOpc3Qvn
7kK3Fc21zq2QWp1T4tLJLiaKjbM6swdGCk6Y3wfzvIZHoNKfdsAQUAnp+GUgqZVlvIcl
kZV9DQCnCBXQjqlrZk+6XGhWxBuQmExENMddaBsJShV9ToIKiJveCybZWeSVgamvNC4Z
dCxlnUFLQy0xKmxrzpA3pgYLNVcIvV8HHgVUKcSYYiqp4DDeVRojbplYMyY57WuDaKC1
8KfLGaPgWmB1sdYxQVK8Xez46c90rU18NdlEcMEbaC9D8ZZ67AXJuHMItYyCTsFuRR7v
ONlFJuu60aGq0hgBDQlmEJ+gRJTUbqyLSanJ7SZ1rrMjvC5s4ZK3+lcwkdVbKksMaOTo
ChJZ2WG5pdOSzy1WSN9BKScMUCnLKSvNVZXRbdXReGz5YaJF/GbICubVBYfLzoxzdglz
9iHkzqsGioADQQNS9qKOmNv2QtwmVTMbOMynDsLFteBd5kPmGh2lhsMb6wTUiqu0Yd5X
WBTJpCaOiDImpmK/QAD3vPP4xGWSTuf2UuRZkuFY1Mg2IWpgwJ49kc+VnY29vGgtps72
Dg6ElDOqRNxwasCVVGjSxsHOqlcUXWybtdlFdV4wGyic8Ihmagz2WCPn2xBE4gHhFx8M
8pXb1lckyN83zMeGeOsCsy/XuyXtKhyIYvLt8FBpsG2FLqmlxVBOOIbazYf20Nr0UbCH
TnFTcorQZdvq9MudhaeulHFkSWNG1islqKvR9dUTRx6U5MgVxByb1NqmZML4fkiYzqlm
8N3wycE5syFN6EYCwODjyAhqqUk+FgkK/IK94ZwltN8llwATFcu/4nAHQHG8jvEoFW+h
BZFbLO/7BMsous3BDMU4cBlVVekAaximyAL6pPIzDp17EOqzDHFgnEUIynItYWx/uZU9
RyRYlYyUKW9UlBAKaxxSNACHGaR7retkIO51IFoRYdUYedcqkSFdDFpNjEYcHVqdlaCZ
+CGNpS0lDeXI7AmwXNECfGWoVa6BbeF4Ok7apwd1DGxqnpFbzJ/FwdPFQklKYqT95p90
XMZw0nLMVYbnHwyAF8HYKOm+y6GunicdO/nVbvzfBIclLQT05vBa0FdblUEEd/23Xgfb
Ar8OeznmpbbPCO9YAkz+v0pJSK+8r3gHWWfX8jr5Za50XTE2cuy4kzb44rD53iF50Jeg
fCUikg2MyC3BrJtlxX6fkadKAoL1ZpFlT/+/CuaXzyI2B4DDn9q",
"x5c": "MIIUfzCCB3ygAwIBAgIUHjPF5/bKoq4SI3vcPDgbLZmYdSUwCwYJYIZIAWUD
BAMSMD0xDTALBgNVBAoMBElFVEYxDjAMBgNVBAsMBUxBTVBTMRwwGgYDVQQDDBNDb21w
b3NpdGUgTUwtS0VNIENBMB4XDTI2MDExNDEyMTUzN1oXDTM2MDExNTEyMTUzN1owSTEN
MAsGA1UECgwESUVURjEOMAwGA1UECwwFTEFNUFMxKDAmBgNVBAMMH2lkLU1MS0VNMTAy
Ounsworth, et al. Expires 28 September 2026 [Page 116]
Internet-Draft Composite ML-KEM March 2026
NC1FQ0RILVAzODQtU0hBMy0yNTYwggaSMAoGCCsGAQUFBwY/A4IGggBToZVXR8zm+afC
EDdqNBGkCwcZloUxt88DSSzzCc5EAAAnGKL7p3/3Im2mZb8D5S+4NGrBN8xm+m0TKxZj
gDc+w25xCqh/E1xA2bwhYaR8h5pT2DQiKYSzoAoK6CSOWTcEWJCSgL8rYWWQS5NXGn3n
iHlBcsx+OL28zAZGPEJBDAdr4KF3XK4DRY34S2yZuW9PyGUHJQnNpp0v6lUe4iRKCchZ
cYMNvDw18cvW7LrIMLr5s6FOU1ws0l/9R5HgJTBOB19EszH2YBC5JoRhYsG15kC0qmIG
W67CEzhlug3b8CKVtKo0ZTFxBIboBVdUpqhO9af4wxpOayunK8tfszNHRwuBQJY3JU/H
6q17YHrHwzvwi7Wtgk/MhsQgMaAgu7pNcpcgg4w88U7SmQVsiYdos1X417s3kqXu66Ad
WY2S0ZrrdbDuCB/MisyuyRJ3UYNNB8r+FcGJ5r2yEnukRCbEp4t3cwBDl7dGB3MRiDvE
JceTAXH+egg6BXmHQL4LQFrzBYuqqgNdYxYX6kUE9aCbx5otJoUh6aDkN263iWO5tzsy
Bz96mEWjmqsfZSixZlk40jmdBo6FejMhMyx7UG9ZanSsYB3M1JY6S2lzM8Vp7L5bGyML
xBu5ZUCyFs9YKyRd6m9NWV2Q0S55eMAYqzdrBC60lUrN4G/QLK55dJ87Kw46QG+5C5St
1iAHugpf6CvsbGNJ2MNyDBzHmGF6grNxwnsxtAayxWZmRF5TWJHeS8q10BDdcqeIV6Hj
RB95V8Xs4C7Wt6NMxmVCjGoUrGlJU3kjqpnmQUeIRiIUV24b4jKI66Ve+TnOZJ7QcGc5
MpUwlxwTyKUqDFd/1gYrvCRpUUZNkV8M7FxgMVCI47aCG0YWIxsBEZvJcVRFJCO8yphZ
CVTQx718W4icXEHuzDEhVLD9y86Ah0bP8L7X3KHO2Jp94QuYfGcqOriJmnL9RipXNhsc
t3ySXFOjqUJdRUMAkECbM530QkFQalJjWztckFFy86lzdC+fuQrcVzbXOrZBanVPi0sk
uJoqNszqzB0YKTpjfB/O8hkeg0p92wBBQCen4ZSCplWW8hyWRlX0NAKcIFdCOqWtmT7p
caFbEG5CYTEQ0x11oGwlKFX1OggqIm94LJtlZ5JWBqa80Lhl0LGWdQUtDLTEqbGvOkDe
mBgs1Vwi9XwceBVQpxJhiKqngMN5VGiNumVgzJjnta4NooLXwp8sZo+BaYHWx1jFBUrx
d7Pjpz3StTXw12URwwRtoL0PxlnrsBcm4cwi1jIJOwW5FHu842UUm67rRoarSGAENCWY
Qn6BElNRurItJqcntJnWusyO8Lmzhkrf6VzCR1VsqSwxo5OgKElnZYbml05LPLVZI30E
pJwxQKcspK81VldFt1dF4bPlhokX8ZsgK5tUFh8vOjHN2CXP2IeTOqwaKgANBA1L2oo6
Y2/ZC3CZVMxs4zKcOwsW14F3mQ+YaHaWGwxvrBNSKq7Rh3ldYFMmkJo6IMiamYr9AAPe
88/jEZZJO5/ZS5FmS4VjUyDYhamDAnj2Rz5Wdjb28aC2mzvYODoSUM6pE3HBqwJVUaNL
Gwc6qVxRdbJu12UV1XjAbKJzwiGZqDPZYI+fbEETiAeEXHwzyldvWVyTI3zfMx4Z46wK
zL9e7Je0qHIhi8u3wUGmwbYUuqaXFUE44htrNh/bQ2vRRsIdOcVNyitBl2+r0y52Fp66
UcWRJY0bWKyWoq9H11RNHHpTkyBXEHJvU2qZkwvh+SJjOqWbw3fDJwTmzIU3oRgLA4OP
ICGqpST4WCQr8gr3hnCW03yWXABMVy7/icAdAcbyO8SgVb6EFkVss7/sEyyi6zcEMxTh
wGVVV6QBrGKbIAvqk8jMOnXsQ6rMMcWCcRQjKci1hbH+5lT1HJFiVjJQpb1SUEAprHFI
0AIcZpHut62Qg7nUgWhFh1Rh51yqRIV0MWk2MRhwdWp2VoJn4IY2lLSUN5cjsCbBc0QJ
8ZahVroFt4Xg6TtqnB3UMbGqekVvMn8XB08VCSUpipP3mn3RcxnDScsxVhucfDIAXwdg
o6b7Loa6eJx07+dVu/N8EhyUtBPTm8FrQV1uVQQR3/bdeB9sCvw57Oealts8I71gCTP6
/SklIr7yveAdZZ9fyOvllrnRdMTZy7LiTNvjisPneIXnQl6B8JSKSDYzILcGsm2XFfp+
Rp0oCgvVmkWVP/78K5pfPIjYHgMOf2qjEjAQMA4GA1UdDwEB/wQEAwIFIDALBglghkgB
ZQMEAxIDggzuAG51IGpWrSMOpEG7paEdx4IQ2k3SriIzuKR8TpJSApwdcTrtOuoS5PBR
mRbsWIQbh61Z0EOeoCIP+LlrocTYBFOsys2Vr+3UG+RYYWwTUfwz7gqYP3VmEEs2LY0i
3PahTbysmzm//MPuVSecqHy7dcIHtfZyiuSwAJfGf5RYpuLMHkWkH0ZZEhHxKwRnIRTG
Rm9jjyAD2P0QzoxuSk9XhfexfX2lXIlwae6AhvpO6UPcfi0LiMebjAb7mM/CwO7UvDic
X+Dee1LbbLP4Mh5w2c6Q4CBPTh8kSeeLLeJnMne0w4Y7pQ0WNy2XmPpS+0Smrz+DrqKv
GFnoMz2xjkYg3/HoVbvpQVS4Gq0iXohRSgPv+egNeD5zAXZu7TOKF24BDjtTLaZr/HJi
KPzGpdm6QOnNBUF5oHPsGW4jDfgXTcpOfht3lzWDqJy2QQm7YOKnFHrNUAbTIo/Eb6C8
Pr37gmqU9YhayMZgIjqklxpkjrBDJ7we2M/f5gxFuRsuDC5l6iNpBa/KKWUn+5QFRfwy
rdo/3uFHt3BupU9i9yjBFjZNmWegqfbQgxziOiNB3Sdhe7Z9tzVpu5k34SR2wPawaq/C
7twxlu4FICJsyRgKhvw8+uc3DWZMaS0zoPSjJmjQTqB43hPqyytwTUZeWpL72cPCQ4+6
mVhIouqFITKpm2ZF8JeKdWcjyn0ehWAvDyfxZmgtRIi6OFrc9j4JuhY/7Vy9s1PMOn5n
iC85THWA0NxfOkzqCN/cA7i3dqdhoc8D7PkKBg7A7t1hVV0wtVUcL3vJrOqB9EAcNCc4
/9VdwOqnAzwCryUCGyOJ2ARnLfH75rTZ8rnpV8lmOheSgXw5P319aa4DjARI3c6JcEoG
c3zFK1k4QQWorTjEun1k8nE2HouBnBqxmaas6X757DWzS/owM+aMNKfuvSsRkwKHkkmx
Ounsworth, et al. Expires 28 September 2026 [Page 117]
Internet-Draft Composite ML-KEM March 2026
Xi1e5y7MmsUiqPQHMvRz9Uagof3pVsq5JsJKAtGY3DiGjwa5Ct1nkxn2WqiyJAtWDdhV
tE1rJo8NHiYNUdQIk+pIlVD2Rt4/iSOXevPLjUhwdY6QZyfumBL/q1Pkb2YVCDKeCRy4
GQ+YA+Hq2Cg13uXcSzz41K26VWpg15vAqoyTCWzojzJhj3Q4r4A97oschG4spdK6SYIu
Qe4TgTWwafiY04Sgbu053ME7Mdj/2uGBjIKcDo2qALxksfA8dgNd/7taprSq+fP/wKPO
cRTeMYiqvBZvXX4BvpkPo3PALW87QW28FidrqeF6Om39Sn6bGgYebHm7BA/G2jhr4Z84
jwe9Pqm0Xe0eDonN6ncn5z/a5aUdK/bZL5UHD8LHZIK/43Yy13lQ1fBxOIcBYqofn+ub
v575ICmqhKX/zd/A/E9asBsQA+mb9OzUfIN/Jlm/yotyMrd0PlWAFgvjUMCE6LFybEeE
2smZOWv3tDBU4knMKnpwaPuB7IqRpQPg2dBHuhl+i/cwSpVuOqba6+7lCi9NtXDZjjT2
fM9lMNs7dfd82YR+ZuYF/vbgZKinNtTn9Lr78Nkf22zNDyEPvKYileAAjIIgxryaiEHC
kOdwgaWCYxTuFg3oLdSJpV8MB+fEJgkQoWylGEjpYl8LqyGP9NW+4GuYyngiS8n5TLac
FKTs76EjX+ivtUQJ04WQuOF4WWLYgOi+aoV17x9nSyxRzpFiy9boqfq1v1APRqnS9gfC
jYDZ+4ADQkpLcw3YZloHrM4UEgGrgy8h10e7/JX301ettAUkbqmeGilKmxssdD4s5hRE
UxvHstFHrktQ/rlOzrPxJ3y9EAvZs3glrIjj2CU5qfC6gfeQq5kqF325UeLDsDRULl04
SIA69jMbiVLLpZhvf3GAnZO24keoaPRko9dVh8b/r856zbbpSWa6b7PqWZedAB9p3IsG
xNYA/0beIy2EHsyDTtrs1ZWb3iQZ8/wrO+ixlatWbF5mpi3cs3tT2EwzHCYxiwi/y68r
mihXKYRa9sO7T597qWk5Flg4oVjvfMjxGtVI2l2us0mGodrzU3k6xZtAbdhpxnUQHo+0
txyFBbRwpNTbzq9Mcq2+35GWD6rBf0fiXNmQ7G4NltZbk8HYgH7C/z64Ys5jM805xngt
KTG5DrEJUTMPhe7U9US/JYf5AMe+pvck/gS4KBGwq/5jVy5R6j90kPrqYqCAQbUgWefT
9p+CtcqhgXSAiPSdfD4cPUV91g4Ed2dOfBUbHRVDVLWYXjepZwkzG5z73x+Mk2Pt80HJ
0oljAOJFVxq09N4Ouae26qY/nRuq4GwkeIw0diIFzdYuLLS2mmBp+ivNnZxpbyLTuWw4
jbxB2Z3OQS/b7fxyp2jMD01tIizdz9jYA+BjHo4Qb3I9CfaikDea1dhOSi3RnkPG2BOA
EKpE2G2PNQIIcNI+cziWyR4lMwGjNqmIX1SLzZLE8ll+wB5HjKAJM6G8md7nFh47bEX+
eH3DUP8pw9q+qcDAZFciqehXsp1H0TgXEg1/+/qosQkEl+C+gfhooZOuIrJLLLldSYpg
GG2aZrwYXZaPRj9ipNykievOOd9rquemAMNbWQVPCcWPvMeI0gb6MSRB+RVZC8OMXAc/
8mglpDxPHrfQexLMIYZGHTyTl+P4BkxoDvHZRmuL1zM9K8v2hnDZ6ULfjaexKAXZbJNm
keP884AsoTTdK4w9M5yU2ezcJx6hj9NPLy69ICRUEaMso29EjUSwiImekq+KGemW+P7N
R5+LsvvirjkfEp+38wQrzHENGpZ25dGar17Gg+c8IwIvbDR8kJcoYkX+jYP+bpvdjuv9
KSi3ZU+1GdbIOCh+tUlEeZYODTJlcIxt2ZHqaLX5ijy0yarRZDkTxw59c9hpMEeI7jw1
aYegADqHQ5MFktwDYM1hSDtWfyGpt3b58+zdOSHm+X9VDhSoKYhinsX4/5evjjrmBmT5
THh8WaDPduo8freG4tZN3BgQP9Yrdp/rbHI4OkwBNPHnVYKyqOcliX0a1tHuW2ZWYhP3
Qy8+KdZM8s7rMjqcwT1GnREnyd1/8XruDXKuBT3X9RRgN5tLQLgF4wnDb9fhp/ps0Rrm
g3QDMW+dewyI++OkHWX18IVyvWGGvUE6aJSAsybtakyCty5V7e3AZVQPWIlQfh78F4Sv
8sLvURwrhTDZFgL0GP4z7lkQH4QqEZs8RrOt3yvQ5c5uaBGZbcdSJ9+GuI4IRoaHh0kk
Z07F+YKdmNsiR+dDeKkdUB770SRf+cem5Ru83Cg5/jxYp/5b2MBl0r8HcEOtk+m53b6K
KJWqyppncdGYyhmTOyCDrx010aYO12ssukNoan02Uh86Arjr8+wuyrwNObZX3LgGihri
BBRGSgeBf3GkNqQgUD5Rna/mgLeLwIsVpuM9J5ZMH+gNdRVr0FECy12Y1TL76rgzAhiO
jyml7nCD5GgVV+RtJUBdAdYZKiNUFbg2R55XkPiNqJoMgcjP8iIbMeJAcnNZDXcXxJsc
a33za8vkUzQtMyY7/fxGKaawrjxwQc0C3glxUmcnIRvI34IV+7qQveZ5it8H1s/h+k47
I+r1pfzcQBEuSodi6zWYjpKUOR0kcYb/CbsnGDUvsMoPpApzoaAknD8+4JhGfoygl1vb
1uOMVvt+GmGwkYANuT8JrabYl/e4oEqIhabqfAbCVihuE/RONbHbhiipwiKuuWR9wuWA
hwoga5s7Dw61xxFPx8iTnrhEdtbpzZ8yoyA1AsRHsmzACR62IBwJezhVEZzBzVlKe/UJ
YEizR9WP5rO5WixMaKWrg2L4WQeZSvjeqUHdRTcdAUhEPpc+FxV0K0JiCsBRck1fFeFC
YFaCkyavQnQqp6ivLkZflfS9at9yyUVSQTBlmHSk1DKoOHRuP0S13MED3DXwPgXvjkk9
8aktixN0d669vuSJGs5QDqElZfSMeTt1nFImti3wQSX8lz4W/EpGTHNwktUhxsO6eX+C
g/drD4uw146m2JgZddUikpQl3DpW95rbWM5QUoRh4QQwRJIBYjheToNlqXfXN5zrepOl
a67R3faIUbo01TRT9J5DanUdeFR24LljqKjhfMmB2cx/qWPfWX7Q0V5i+TWY2+N0HnVs
SKc/9TNLsVoUoL2x/4qW6ggcSGyHSaphzkO6z7VrJvszWbt4bmlvpuFqUl20uXJcA3T1
jAgT7Cm30V0UhLsHz23D+evWi41CNwqhp4//vvlAKd/mE5Oh5m+QlsZeu7ZaYMi29NgY
Ounsworth, et al. Expires 28 September 2026 [Page 118]
Internet-Draft Composite ML-KEM March 2026
LT9i5FUMVO+y1JUD7EEIUkcKKdE7WneGxnNiwYYqsUDl6Q65+5hxW+KFbYjhE/ey4FPZ
OEmDX2zFLF7X3MBIyWmNuHD87ObnHKPpfaiyX1EEJXc4s++6AU9DCpMOfdfuN152lsn1
+QBCcZCpts3T1PP9KjJKbHimyAFzgRd5hc0n3OLoAAAAAAAAAAAAAAAAAAAAAAAAAAcS
GRwgJA==",
"dk": "bAGN4EvIWO1CmMwcWEx+ClqOA9shcM1p8BUuNpkYAYrXTn4zNrxad5gw56ohp
16Ex+at/mCwTxGcA3jXh7dd3TA+AgEBBDA3Wu1NfbkJsFkD2SePk7Yu6bBJp2nKqXdHe
7xBMxRyPAG8vUUDArpB/k0xEy5wtWKgBwYFK4EEACI=",
"dk_pkcs8": "MIGSAgEAMAoGCCsGAQUFBwY/BIGAbAGN4EvIWO1CmMwcWEx+ClqOA9s
hcM1p8BUuNpkYAYrXTn4zNrxad5gw56ohp16Ex+at/mCwTxGcA3jXh7dd3TA+AgEBBDA
3Wu1NfbkJsFkD2SePk7Yu6bBJp2nKqXdHe7xBMxRyPAG8vUUDArpB/k0xEy5wtWKgBwY
FK4EEACI=",
"c": "wl+OtW+N/Jij2fntC0eDujhP4JGop9LfxACp7U0wXyUwojLl25sY0pvwnpgHzv
e4s+rfZGflCZnwlH2Gix7ITZ8oBk74ZUuV9EZ8oXFpbcPcsLzQP57OiU1mi20lxPebmL
oKEz2aISESa51uuZ3Avk4eRDF1S+rv/hPq02scL5Sv1adsdDLpKo8IAPFstU1pcaj7Gw
fYsD/IFxvSoG3RCIvx479bjToBYTNhNBXdEEW40IL92qaNdET/QmJiEaAPhhr2y0XAmQ
UE3sQ4OsSNJa4te7kQzHd1A54i5MMOACeen0bASf1Ks0CRETysNPuHjpGMO3xL0K/1uj
ZioqRtELEbKr1TLboSBhAX9+PrfDTxuE/OIuIxCi+0lGRjq2OPRINMDJ1nIIuRY2QMTe
P11E76rzQkX/r2CqWAg4pDPqIlXmjJR1Qg7nwlp1KbkU+Frr7QwJCBzuIIub/1lHM+k/
DLLpT7RHIUnUy1+ltxdV2dIHPze2SQvFoSesoZ2WpEvM69Fd5immEQE+o6RwvaMyrpJ5
0vtPwo45BUsqlxLxtcMfYE8OM/5JO0toIHW9Zbiu1P3S4gyokoEY9TOWTegPdolpLiV3
m+QvdjZVcQro6RqAn18Xz9UW+LyKfurepKJXn7LltVSDvg2rlVRpE2jlxV90aGp/Gool
u0h7LLFd+I4Oo5jhSHHbAYhIi26OE5iHmo88+/+LiXc7moxyO85t28dMZyUlVy3XLCoW
QwXjMDzMBMoMtim7KHMiXRT8Oo/iRsayt+Uaz+AXvcjnTV0NPBwJEdTaboAJsqT/oSbN
UBVADi7dQNi8mtzWCNrHjIzU20nnsYGqQAXexFpie7XF8uqFgV/JaI8XHWQXfTPvpw5N
czJH7xzg+Zk3KpaUlYHx0RP3DftyKKHehwBgF8+6bN+caPPWfLxmzd8ZQ44RAuUhEji/
Z7OyLt6g4/YOZLBFilM4kpURjVBXwpDvoyyKcK/JziyDx/DlPLovX4QSOnSRPlOc4Lkm
C/9nMwiHynti3zpIwiuJuN/DJIhpL+9ZkekukQ4Nj8sor6u1h3ttA+K/fWa+b9mQBTs/
sH6RC8fG3FOc+o95K7oYAVC3ro7JYH8yPoc+rG6tHzFExi/JVmEPwcWBAtmlOiCz8TMm
COwnwNj9pfMSCpRTbJmZDhEyiNOOjWzh2mBeRkfURqFx1pTPsdmq+UFpdAfwEp707Ond
7daFTcP97EtFcuA357+Oho7cCv8PjVVKG6qkL7C1/7CssNxarjsERUQKIi50IZZYEBUg
pYJqigT7jxOC0GHM9nnJ9pI1lq2txyyN4P+njMKYzov3AC9OAirizMyNgWTaP9klVpW1
UhtOSUyKSUlOSI5C35rnucJEd9EsnfcJtTMqkOOxyAGVzr64KlcUEmtjaDZlQDLr1UR4
BUhdv3lwmrtith2cA7e7e32wFOv5fnobvcnQbVxiCKMVtFstx1SghTuZRNKjoctJy/kB
g1B5EdwGu+77u3nSZQGnOepb9WAE1mImMv7rAaidzaFNXAkfcCjisXXO5tsbyDUMR/V0
w6/TvSWLKnpk00ZuAJREsjS8j6wpfLZPZtu+OTdlQGjKUXc3yM1wR+2lKkk8498KddmV
1+j9dXvXD0lb1LPXEuI4oXZ5jNk8sgYrKSR+4LtWOT7GrhRMZlJOxKY7dzeWIzTc7nIY
Q3LR+9OY/eskm5TJNMoNSMDQRfKi7KImn3+6DZvMs/OHPnDQtvXqE/N2rSY/36BWVvkt
iy4hXDmFrpz2rRnRmkFHOix7jWiCaQkvGN4YHPazmVmxjrQEzAXKrZA+Bu2DEXE1+sLI
y0sHIeL2qlno0t+Mx729bZu9O4xpOY6tED+86LB8r1LCEagNIEfzxZuflO0YlT2RTLLv
dhh/QWgBvS3owaoqGQVigdnphAEEgRr50dTTAhznPrzTedqnPdkylzbMsHabLZ5UUb5g
R+a+RBE6UixbBzny8ExIi01fi9UpFKyJaB8c7O0w9d16+Q8qPT4ALwbir1lRQkkHJcY/
YkVRE5LCi5LiJRlinrrHuCsP259K+cvsxALtbJpgTYuZYahIo1R9cBGcIEgMeqfQ6czx
X44voP+T+MThXTCkO4H9S0NU87fISXSp6Aoa2zc9R4jX0nG8AIsTKuHEIcMHTATo9kCt
Q25n9Q7lrg/2rw6RDaQEEqq5UP2/3q1d23JoGwRpqXYYs+X2Fg",
"k": "6toa/ILKlMJoq93MfPd5UQHFeUiH7AbFVstF0oRSbN0="
},
{
"tcId": "id-MLKEM1024-ECDH-brainpoolP384r1-SHA3-256",
Ounsworth, et al. Expires 28 September 2026 [Page 119]
Internet-Draft Composite ML-KEM March 2026
"ek": "y4hSPuSuwaVQxUoN0aB3OFrEmkoShvKMtcGB11wgJrKK1dNQhAcGmFW064B2Y
lR464ICcFirzFcJFNFjJOlQmSJs7kNSVdm4otKpwaJZnWwfuUYsdjlsTionkVPELoJ8G
iOIYIli92KPxsJQMgyRVmqwswR2r2KR0TOl3mNcUgOQcagAbAs/dowQ0XZJC3MwxoqYz
+MGEwCF3VuZ82J+JExpCQm/SeFPDYMn8Ue6X4Zi4YWEh+kDDwgfabpja6xEwslxm+XK2
Rh6Ilu0RoMIWkGsDVg6/3i1Z4QtXGG8arOZkAu/u6GkaWQ5RaN3C5Si3pwL+HzP+JYuv
heubhwfOrZznHdBUmwU6tlCQ9x2IRbIgMla+pMmoQPNd1yT4GFsReCYTHjIPnIVUxRkA
LAf2/cRh/mnmPw9hpksjWdSPywlxpdHIJrF/BJJYycR0cNkMmdgJkM3LucyRxRjcbl0O
jFCeVeazOBaf4ZPBnxbqoskzDR7Ycxqy5mjsPEdg6RPYmJKBGKAsnoyOkiGrvSJ26kFg
aWcnoUcH4tECowRr3RZebbK5WOqSbs0LDuIDaV7aRG8niQFOWpUr3Z5LWRxw4B5XIbAB
+WigVyxmzaOLDWruNtvPPs+8ybBGel8KPrNMjUGxAVXv7ehVCCWz2hpB8ehEbKkdWCAG
8avcXlJSUwhTBM7fEV7WjZB6RuKxJc4SHCLv2C1knhr7ZSlfacNgxMAwTs87waGVYqEU
pBHP6QgTpsHOzG6fLUDJYeDlBs4XswssglavWJoh/UdPkFqvqFN9iSLget9ftguQ1KYq
8kGggo9rQNl7VkAJ+p0q0Y7TXfIQNSq93DN1Ns0TdSLfpPDHOvIYnQrVnvBuzWHgEKdh
pxAgDQu/bI8/zJ4SIyt7PwYhokYb8EntRmE6fnEdacvyrNMp5zMahs8AZloM0F3DMoe1
+loGxF0yDQ0dRFTE7iOPULEDBqekJewf1qTopQGJpCwmDlZ9zimRCgQYGCPfKNx7kuQB
Rtgj/Oojhq9XhtE2JlM71nJt+QPdtS9ZOJ8LCaZM9nLpwxpOwqB5ohj6Eedt0VMhsiz4
5sGHDCu4EtcP9ZjPuys+6mKusKTTwnJ6oJi2jAirKQS+oiQkHp8OpTGuPVv9WzCJFFpr
5UtA/DNrGyQm7ouBezJq6YUsdYVFMK8hEsWG9ReW7ZdYJs2n8BMCvcA89G7bSoEkZJ8v
QNVX7BedUaRzNO5cocgfIwELJR9qqFxLfOxl2iYJbVTMvYTDgV7WGSUvCPN20RxN+SzA
xfPyRdqi3oKbQW6JvElqAoR3ndqzZMiIZZHi9eMmEEFv5MeypUfnLMs90psvNLGwIGou
3hldOvKKEu/RpFFfbxP5iJBwUKHMOsAgEtZfNXBXeiRzjB8SbpQ7TOQKhNfcVpCF7qUg
ugXmdgrRwZ/Zxm+ksoOKWCeWcRMnUkEGMajwZk0I4rKx4ep8tmV/KNoZZp0N3iSbkjLb
MJ85GgOHtgrjQmvFCOyDcGziymZxRgoPno4NMZARDNhgAs5uZsSo7gUdmWTcJI1FPhao
BamOrWUY/tEQDGiYrpAh4lAVgsb3QyczcJdCHeUi6wLffdVdQnQHXI5qsVj0uDF3khd+
TO5T1gE6jEMMkyLx1nJQNvC+ean36BqAok/5sMoP7Z5OZiUxSVi1NSJb/e4gXxB1NtIM
dET0OmlijRIvYYxfkKHP9uHgJZg+2JvIEOiu6uOfmVoGMMhC6iR3xKXGxmYeuTL+cIzu
cDHdCSvNdpRzyVbUeMjSNiVyPmfs1wDAEithJKhBxRglaA6QXKHPIgP00iMa4Uz33USe
XUr9ltV7AAKzIBlaOOE5ZtzsqS7P4sUBLeRi3hQxomv85akW9aFGDYoGQGCf3Q5HVUl+
mfLYyYcK8i6RWK4xPqqW0R/KjUdTmINZvo6Wmq0aKUUUuB60ZhFFfETtEqNpeRyydxet
qbFVrymvJjK4cFVHMGLRRoQk1gA5qFG89qWt5wJRsNeUkVgd7xsTVjDRanOXkVfOPscp
cEnm8fM1JaE/XOCiWne5fuhIxvmHSRUQCN4GJgVFIC+6fDyX664G70qZzoEYAIa+lTs+
3w+MAT/b7raffsplj4pSWrfpDQHjcdL74RlK0kOq0qEmCxCyjnubR3lZA4qXCP2RDsL1
eMF9h/fJ/z7fk4ngaGqHQmLC4XFMnUpOJJSrqR46AauuOU4Ykjy",
"x5c": "MIIUijCCB4egAwIBAgIUSt1laR3T2N0y8caa9aFiuBc0fygwCwYJYIZIAWUD
BAMSMD0xDTALBgNVBAoMBElFVEYxDjAMBgNVBAsMBUxBTVBTMRwwGgYDVQQDDBNDb21w
b3NpdGUgTUwtS0VNIENBMB4XDTI2MDExNDEyMTUzN1oXDTM2MDExNTEyMTUzN1owVDEN
MAsGA1UECgwESUVURjEOMAwGA1UECwwFTEFNUFMxMzAxBgNVBAMMKmlkLU1MS0VNMTAy
NC1FQ0RILWJyYWlucG9vbFAzODRyMS1TSEEzLTI1NjCCBpIwCgYIKwYBBQUHBkADggaC
AMuIUj7krsGlUMVKDdGgdzhaxJpKEobyjLXBgddcICayitXTUIQHBphVtOuAdmJUeOuC
AnBYq8xXCRTRYyTpUJkibO5DUlXZuKLSqcGiWZ1sH7lGLHY5bE4qJ5FTxC6CfBojiGCJ
Yvdij8bCUDIMkVZqsLMEdq9ikdEzpd5jXFIDkHGoAGwLP3aMENF2SQtzMMaKmM/jBhMA
hd1bmfNifiRMaQkJv0nhTw2DJ/FHul+GYuGFhIfpAw8IH2m6Y2usRMLJcZvlytkYeiJb
tEaDCFpBrA1YOv94tWeELVxhvGqzmZALv7uhpGlkOUWjdwuUot6cC/h8z/iWLr4Xrm4c
Hzq2c5x3QVJsFOrZQkPcdiEWyIDJWvqTJqEDzXdck+BhbEXgmEx4yD5yFVMUZACwH9v3
EYf5p5j8PYaZLI1nUj8sJcaXRyCaxfwSSWMnEdHDZDJnYCZDNy7nMkcUY3G5dDoxQnlX
mszgWn+GTwZ8W6qLJMw0e2HMasuZo7DxHYOkT2JiSgRigLJ6MjpIhq70idupBYGlnJ6F
HB+LRAqMEa90WXm2yuVjqkm7NCw7iA2le2kRvJ4kBTlqVK92eS1kccOAeVyGwAflooFc
sZs2jiw1q7jbbzz7PvMmwRnpfCj6zTI1BsQFV7+3oVQgls9oaQfHoRGypHVggBvGr3F5
Ounsworth, et al. Expires 28 September 2026 [Page 120]
Internet-Draft Composite ML-KEM March 2026
SUlMIUwTO3xFe1o2QekbisSXOEhwi79gtZJ4a+2UpX2nDYMTAME7PO8GhlWKhFKQRz+k
IE6bBzsxuny1AyWHg5QbOF7MLLIJWr1iaIf1HT5Bar6hTfYki4HrfX7YLkNSmKvJBoIK
Pa0DZe1ZACfqdKtGO013yEDUqvdwzdTbNE3Ui36TwxzryGJ0K1Z7wbs1h4BCnYacQIA0
Lv2yPP8yeEiMrez8GIaJGG/BJ7UZhOn5xHWnL8qzTKeczGobPAGZaDNBdwzKHtfpaBsR
dMg0NHURUxO4jj1CxAwanpCXsH9ak6KUBiaQsJg5Wfc4pkQoEGBgj3yjce5LkAUbYI/z
qI4avV4bRNiZTO9ZybfkD3bUvWTifCwmmTPZy6cMaTsKgeaIY+hHnbdFTIbIs+ObBhww
ruBLXD/WYz7srPupirrCk08JyeqCYtowIqykEvqIkJB6fDqUxrj1b/VswiRRaa+VLQPw
zaxskJu6LgXsyaumFLHWFRTCvIRLFhvUXlu2XWCbNp/ATAr3APPRu20qBJGSfL0DVV+w
XnVGkczTuXKHIHyMBCyUfaqhcS3zsZdomCW1UzL2Ew4Fe1hklLwjzdtEcTfkswMXz8kX
aot6Cm0FuibxJagKEd53as2TIiGWR4vXjJhBBb+THsqVH5yzLPdKbLzSxsCBqLt4ZXTr
yihLv0aRRX28T+YiQcFChzDrAIBLWXzVwV3okc4wfEm6UO0zkCoTX3FaQhe6lILoF5nY
K0cGf2cZvpLKDilgnlnETJ1JBBjGo8GZNCOKyseHqfLZlfyjaGWadDd4km5Iy2zCfORo
Dh7YK40JrxQjsg3Bs4spmcUYKD56ODTGQEQzYYALObmbEqO4FHZlk3CSNRT4WqAWpjq1
lGP7REAxomK6QIeJQFYLG90MnM3CXQh3lIusC333VXUJ0B1yOarFY9Lgxd5IXfkzuU9Y
BOoxDDJMi8dZyUDbwvnmp9+gagKJP+bDKD+2eTmYlMUlYtTUiW/3uIF8QdTbSDHRE9Dp
pYo0SL2GMX5Chz/bh4CWYPtibyBDorurjn5laBjDIQuokd8SlxsZmHrky/nCM7nAx3Qk
rzXaUc8lW1HjI0jYlcj5n7NcAwBIrYSSoQcUYJWgOkFyhzyID9NIjGuFM991Enl1K/Zb
VewACsyAZWjjhOWbc7Kkuz+LFAS3kYt4UMaJr/OWpFvWhRg2KBkBgn90OR1VJfpny2Mm
HCvIukViuMT6qltEfyo1HU5iDWb6OlpqtGilFFLgetGYRRXxE7RKjaXkcsncXramxVa8
pryYyuHBVRzBi0UaEJNYAOahRvPalrecCUbDXlJFYHe8bE1Yw0Wpzl5FXzj7HKXBJ5vH
zNSWhP1zgolp3uX7oSMb5h0kVEAjeBiYFRSAvunw8l+uuBu9Kmc6BGACGvpU7Pt8PjAE
/2+62n37KZY+KUlq36Q0B43HS++EZStJDqtKhJgsQso57m0d5WQOKlwj9kQ7C9XjBfYf
3yf8+35OJ4Ghqh0JiwuFxTJ1KTiSUq6keOgGrrjlOGJI8qMSMBAwDgYDVR0PAQH/BAQD
AgUgMAsGCWCGSAFlAwQDEgOCDO4AWYGWvM1I5cSsI0YGf17ATGsvnP1LyQPDonCAE1jU
Zmee8bnSNP2dzgdRsGjECv2oTJawov7eoR1vT2mMGg+dPICmMhUoyx/tirpVMSGMQuMG
MJtpNYOvQODWFpXUyORa8/mSppFLvxLQFx9KoYZj4Olg5nEHErxrJtbMbTLIU63aT/+n
6jCGozswFDeZP7EOe6fZ5hHYEkprlGyNkip3J7mUCaofc6ddKfIbRv8A2cvXg2Q16MTO
V/7K29T2EYI9m5KTAmoN2TiwM8Y/B4aWqHhJOyd3EZHJYWj/WryIzjdWu2DUYRJXXsYP
kVqOPtJ/j4DfrW1mbajKi0nCmXEdjIf+Osbgw6BB8wgFZRIMEyvPcEIFgQbC8/QRQdym
nRASgW4nUkF8DaYHCzw9aifuKtkDnJo/8d80hQZenigfvnXQ7OGbls9MbxZuDnWy6b3x
WKZPHMGPUyp5DQbypNun3bSiqwDefoKk1YvRjmFYcSCVEkZrwEtWNLSu8idzfmkpm7Te
5Pl3PbvZmXxZABZBMfDTkfPuZkcqXWfqfkGXmfDia+8IcfOBM0CBusipmcLJNNxoZvxv
Ui7zZq2/1IUzXlX4PCNcX4bFtOXcUk6wVu9fl4VwVK4ETCrlo+EZp2Ek13w3EwZtYcpH
8Qk4V0ZOhA2aQI7nMpgVcV1dgH7MZG8SepyyL65gCp6psXKUwWoBsdKnGpJroK96ohJC
WOhPT/Us0pZWb1ariaIHLzl6NWrl/PyS3DOMyl0Zx43yqP2P9PVJ4Yd2FLC79nBod2Lk
v0FGDIsQw6E6BM03BFEQ/rSIsnYq79DYuGrYkKjVXMrtm37lMSQJUDXiw6fvFA9eBnvy
wbTajdE75ydVYPCA2lFfrhGzRlldQbrVLz18hrf1f5MwrPO1AVMv3W+Tct91fAuiiLO6
1RCKwUzq8/tY+NwoK6aw7NRCDMasq5bkp0osJoq0cB1CIIc6iQzYj2SBWLtoGNu09zlJ
pFPmkq2Fnc4q/wp8H+d8zyKjeZS9COm/+4jdzB/sBS0cRZmEG1wCxJe3RR3uRLSBpU0k
2OvoAJ7r+qfHkA/M3hmjacVKDkuC1oJVelHL2JOPmmLvsp9qFuzpBQFoIOeHeVArDUZA
cHKejzlhYWGUuB4+ARgrswx8DLmuN41e4+RWzcJR1sXqslhz+3bjcCrTEZjSZOvuKytm
KE25ZMK8kw5XTbkeORkacCeoh7EK0V9dVmrUDZ8SkZJIweg7Vo6zn+oPbr1enUqh5h+D
5q/aXxFGKFbTUfqKwsTWUZB3Vnf360JoT8uU9uy27Ybb4ZTjwyhHxw0PI5GZtbfoEoRZ
ePwFWx6DGVP8gf5TJDhI7Gbgm2hdScqwfZagM4dhUZ8xZlIOHnGW9HKKBGpRhyqNsMYP
9PUsX3xKcp4pKSJDJbN/XrFSXnUNYCBZyM1m2G2D3HrLE4YOIcMdoFoMGsGWtz5oLQ2L
8qyT5CITw8fOpllftgiC2ilnxhhofWPc5CWNGqQrvh8gwA2l5VGqn9eKJqNAA3LPWhOX
ZrBlQLGneuAhGiZY+7oIxOiixfMWjIzZRWHoMQRDNuiqg2QNNTRmzd9FYLurxoG/Ar2X
wkYmmaXwiholC14pDV2qEHVzZh6elg3fctLxb43ZwaG1SSukg9NZxdWQ8iEPMP/bcUfr
Ounsworth, et al. Expires 28 September 2026 [Page 121]
Internet-Draft Composite ML-KEM March 2026
hqhtNk71WjrlZqRp76F7xer2rDehn+/3cpnGUA/GfR3ASgJ+axg1Zrb6ImhOvR03l5HQ
Li3/R8jTvEfglG/VhrzrqGP3Th49Z9MCU4vyRgQNiITcHMwlbU0Am4kTVzYFfbETC84x
60VYByJcYiGoq2Ks13mMi7cNHGc/acL0Q+m68q0ikWx+gB74bOehA/NE9OF8QlejDwwV
c/Zecn8OlT4WaaaOELSKzQEEs5LvOBgj9vsNqfhCa8DgjXnGXb8ODw4xr1EhSp2dMnhJ
VGpacYKr1IFuwK3ShKyOWIPjxKGcpBb6OpuLBJ6Q9y/sBIDT9tSa4jyZz6itUCl8PnGT
/Ul8LTtYfAILalbl1CxKxddHD4lkrf3VuCYOCpF9w7DZmL5zFXPqK+2qwFaO/GlTgLNO
GHUXinnO1oMvq6P0r6eyGgopYAvbkUeTPNTs3n3UWKCgdIkqhUsfzKIKEzhqPt4IT6/7
Uo2EJBl+O5UHOP3S3jcKZBYh2rmi6ZFG+peAyVsDZ1AiUC5v7Od8PXFw/kOETkic3RQv
E2wNsosA/w9iJDlHqEzeuqIPbLtLS21z+ympsS61NLKBbZsi64RYdZdH+IoZmp1VB9c0
hR6kRHbb20R4ua9Bq9uT4HRT/Wt95VrNQ4O4dHxNVViXipHhNjrTMAfbL1g++p0RZPT5
pcR5a+Kd1We543mM7/7QIRJ86CFOE6QI7pSMANxW7RmnjpdNYRCQFNdGWULlgJIf3lI+
I4D+GPfb1oWM0YxrpIGqWWocVYFXdZYnrsII3KUvLFNb/QhqQ73EV9FSaf1T0JE4hyAM
n6VWbtLo8k0KUMq8se7bNxh1qZoO+E28zZYthTKgGGjZO8An6mdezen1/EUaztem/AAM
8OuAH46Sigzmp+8sZCBguIJKlTag9GDJZZPnOWszXn0SlTQmxFfdhdaZVgRDSrPK4rEm
cTxHBTnYIOUWcsOQGGddB6B5W05oaaRy+wtaKgbUFDy0DtQDyE2qF+sC1d/8HsBsAc8Q
k7A4T3w5Ub3MQFraFc5o0T9pSqQ4haeYL6uX27qemgGldqB+R/SRPo1fTVL4+z5sY/lq
X2ZnVb2UO+u2CI+nrY9rYYKiH6jwoF27XX3wbzy53YL8LVsBlFEDDfrAI6LHQmJd3n3Y
EKCJJcwf+rtxc51XuOnDZHLyUSz0IZEFX5BBeHIcC0Jz8C5LTtZ7S7wwF7WMl5yBkcEi
rBvMWo+67meQIHOhX5vjKbARonEnyZ+MD8TuK3mZjApEzTgu+EGkBGSvhVQvYmGzWn8Q
H9oKI2663z27WuyZtMg5rjX5nEWsksUBxy40AneL9beNm5SivaSqUd7Ntysjgj7nNDq1
55mwLdisdcE5MVmM4JDnz33Q4gdLMR5s+bZy71/JULqI05NTjstGoldut2NqSbNRuMdz
Oatw0KQsTdy+So/LIwsAWZSLYz7LZ9VHuFbM0PrnyRCS7OtON0bkYzyVNMy/C4Tpq0GE
GKNOVOoC0Y4Ye52LVfPnKKlL8uEhsxP7L2CpK9IAOhOo5q9Bq9W12gLTH89m9V6VLuES
kIh6Z+u2JMCc/CzbkVXbC1zmQ4rSKTPjg97UOMcX9i9Yvm9ez4UI9D/r58cM+oP/QdMQ
KoMnzFJgd4orT8fYIacz6nTVlA885drtxY4F2tZnxUzmTURBTyTquMlbACD96xI8+B6f
orTt9R/IhTcX+/ItbV7bga1oaFqc2FY7aQVdRLqUDzlNgrvSuysY1vnCieeICf3F9pD8
WsT/ggqR5SCUL7BkKdJsahcjJ0pM9QW492nY+2JvyRiRQjyp8ZwLKvyQSkfjYv29cWSC
htMj/JlOAvwd8OE2N31j8Y64ZLtmc2z04wwWU7b48XRlH1bv3jr0m2N8eVDn+s1xsRVQ
PfyquK796n0kwgcD93kWIqahwz0RpAhQYKJ55nF3irHzt4unpaAjJkwtNMQqesFtXpGR
E1YbcxfXsADeMndaJNDoPkvFyxEx9oKM6IlINJt43FD0BauZDrFF7y4klYQWFRUUEEVz
xEiuJE3gt/oRHXvnizF+V+1m6mDQgcKMDwAWkTzkHBv5fh/BaGF2yaAJwazHjn+6OK1p
dnIv2EguBVqpWFrh138axkpQBZoY5akGE78ZH+Mwi+fKqV+iPTYXCYDzk0y0oe1KDvlW
gXIyYCOTErjghM4N9e5MeQoZgG7ufz+b15f0z9Z//t7zDtQQdaDAGw1PFRyMZazjvqIr
KHVcbjMENaYlgp/clX829xHWnJiSAnAfGYQRYGXClOxtkywGQRJg8SuPjMauZznHDqfK
P1vJNrVB+Nrf7GOWQQV7VtpCNW45nDlsRiedGUOV7DzhFNc37AHCgMCKB3W2ir8o8A1S
Gc8aROtu5SLlxuqRVIo9v55k7b0yI7MpEIg1pWTbIDTmwcOkwC+29wS0ZVJRX74opgM3
vm1DcsY/72U0qHiz8NrcBbyF235gGjrtPTTElmiTafFZ1FLIWOGl0kuNjJhPUku9Jzih
g69z9sfylobEHhmCWCrwao0ygG52nbaxvG9O76b62huxu3ZwWbT+JXcU1FfCNJDnbOta
7n2wsJIiqQG8oAu35ln1ky3goNhtpx3hzx7O3sqRfTtpxoJ3T80ooCOjmQ1apsnUA/vw
MeEdyZMiY2uGweUFNztWdJPUbY6ttdcGdcBMtMTY/S84QW6Hj+vuAAAAAAAAAAAAAAAA
AAAAAAAAAAAABg0SFRoi",
"dk": "Ed0PvmXmlhs+I3QccuViehbtzV1l140dmzkMFMQe/ZgYiOUOCpWCaNHi2VHnE
JIfYf6WXcqPWmPzqEa1X0nkFDBCAgEBBDBmwwGIebU6/YDE04L8+YYdu1T4BF58rV6NG
vA2p0dhuTh7nbPhCpJLQDg/OIvg1negCwYJKyQDAwIIAQEL",
"dk_pkcs8": "MIGWAgEAMAoGCCsGAQUFBwZABIGEEd0PvmXmlhs+I3QccuViehbtzV1
l140dmzkMFMQe/ZgYiOUOCpWCaNHi2VHnEJIfYf6WXcqPWmPzqEa1X0nkFDBCAgEBBDB
mwwGIebU6/YDE04L8+YYdu1T4BF58rV6NGvA2p0dhuTh7nbPhCpJLQDg/OIvg1negCwY
JKyQDAwIIAQEL",
Ounsworth, et al. Expires 28 September 2026 [Page 122]
Internet-Draft Composite ML-KEM March 2026
"c": "zwfTO2xXL5TeB9vxs65P41Cjz3lgeARZN0K5TXavBzy4vijUbhurdLPXdSDp1w
EQn+RaHIlpdAphB31Sd7dVPCg59BZGncoorNLMPNNiBXZ/Gl6LrtdYUF1qS0H7Dcgl7j
0THH3FKIcOKM0gfcosFlvediWqKJ/lZXFmbIFO7ZEUZL8WhVymF3a7KjfCSmkt3+eMcA
R5qyfgvn7+C/bvMK9cV3fYtxLqlLENloV5F3ldS9Xn4OT/08ybHSYEn/sIBBy/jzpVxM
xlak4tKT9XS8gy0lEW8qE7zq81bi/Xzgtkh+hS8UMazR9vjVVDztXrzqqtOlnlRAnQgf
OsW1ByHeUXyIi3fcwfPm8prYNe2XTyQtO9kZAeehOYX1nHNQuRdpXiywP1tN07kxp+JB
5OWO/aMwUNkoNz4dc1Sj8sphrKf3sNyWD0yc17GqhJA5UB4kctgi+7duVfWiU1Wbi8l/
ZPPkl2zVgZrUpE/fr6kuMvpFNhedEWw53rqMvaU2N9dfIiCx5cw5/RYXPbeWTPOaNfPa
UdtkdYJEQuyJPorqgTRc73lUI2WMsv3UVkengbh+yohY+Mv4k8gmkaU3CSYn2nP5uJv8
Q2IxwMAz0bnagf5q3N4vrhiYewHLcyPnR2wZlzz7sZB3piHV9jGPqruWQ3WrCrwYhfOg
k8TogGi6Q8ivSkanZ8IBgtXnAXuTeyOJIAEA/GGCHICcCqiQ9H4vEBN1vD86vYK7PBh/
AlzF4bKsJJUkSO5T/4noYBlABZWhCBneYh0af3JVy1slC9FOAiS3nHkPNPRRWYe1RBZI
sJELvwhWT1MYvdr/EQq/mI7+6ourPsfVQsIAvSm2Zhtl+e7upZROEPszVZcoBNGhiprx
xGnx80xqQprXfjhpnRaEwN+Q6nnt6ijG2fSFJJyAeoEz0twb651rrvR/gv+goyIWCByo
wlmqSg8OBKRw8Cy0cqBPw3AgEZbuH5rK5r/SefgeNnS0HU7RSrl0iKtQml4dK4nGjOn3
8nUNmP00meNv5UR7v9c/rBp+jy5vXalyOh2zaleNlyXVL6nfCpRiwhNBG3u1oy9nbOzI
7NlNv2Y6RIXEhi44nykl6vQsuGtEWmZZc60xBsL8JelYQlHPqwY9KhKhy36kMRDjbyz/
l3hAVzsX4T1sCc8/0vYwQAzwwelwfk1iZcXUZAm7JbDrj4by0uPv7EpxcMLo7n0nSJcF
l6REXA+vVwH3pbl0+383uEoNBYHHLMG/K/yFnM7a99i75mfuRVNAKQ1QK8p4ZrDbd/Ci
GyYamSwK7fxsof7NDYIbPoPaMXXscEXONgSCE2+K92eJBS2bO94S/rrwzYrmmKWgH9+7
yW92x8T5LXI9HaOzva6Tm7kXvksc5VtJFluf8RDrnMxtPoLidk6eEOvm36VXHFGvU/Yb
/kAAduF9gcK4gsJaXoWU8tzL1cfg/jurBMaF/UnsvUnRbLxHg/tBWNZHsBX0+pBAqtSi
8wBWW66Bm1xF9zFslf4MPlXnEgzDw6J+/U9PG8SVv7LGzUC0jwZ1+W9tF5eRdBClQ4VZ
7PRcpvTXNG6R0aszJQt3gA8Yi8tZpw90D3j2iXhzkyqklnDsz09c192y7+Qse4T6W2yp
I/ae+BUJ0NOhy/2HjsdfHI1h+R2V7etReY5w8vxmUoEx2m3GjdSn3A9IzLMcObR6Sv8k
+7sNzj1mEbsrnhJrOjNVPG+je6WPS/nTiKRVj+/kNHyIsghD+mKyDMpEnjDKJl8tM/Ee
ZIc5IH3bI5/R0/E20PXyb/Y85TeVVkqOpnK7HRphoPpMf8F6toEaWUp7uiLMa1QggSC1
P63TEPSVCTrSgox0EUeP42m1SGoCit1Q4frplcX4CehqBNPz7x4SQKfmFTWVxkv7wIF2
y1hVE6qTc3DjYFDafxJRTdkS9zqa/kz36R64c8XBm0gbQrmrhJRykZ/8AlY9Z2xqm+hO
3heW4nIDDCmjorkREMm8jFEWev6Ho6/8kXhEly23s1/WG1Ay4cYQANz6L8eCA2CbAtU9
PsQfbcA8NJ3KYjDpuJ+kDtPiaJ6VXEPokvc5WBZSEb4rrgYPzMDXijxr4EfxWfFKfNso
56VvkUiimZY3WXRuZ9fnx+0tPEFf9G2EhsUg5+th/UOKWAeyOvhkI/Wp4Xr42QlLM86e
NuCbyI4+CnUs2uuhq/bOFnife40fwz76X4yzTf1n37ZlVePBuK",
"k": "JvbA5d3ZDGmKagVZo2Mpv3vsYLLRKmpHAzkBFZnrdUQ="
},
{
"tcId": "id-MLKEM1024-X448-SHA3-256",
"ek": "umlpjkdsmcwUR4pavoegXXVU3yjAR+Sl7etQmiqoBEh9ZrcOXUBdzyAq9TCzZ
4LBvHlrSJofhxqgYRWJnMrHXlYor8k7OGoJD3PDG2GdmJaVnvFedQers8XIK1wBXqEsH
YO9AbC3ssAHWaqhL5mtPqNXB+G4hygidPCLVHcFbNi55doEhZEuYLK7BbgmsFCmjcMYK
Yqi2RS5P7spCRPKR9JlCsK/WZAhRTUUjsNs2Mxa58QKZIY/yLBst9Q7CbjG/vgeZhNpA
oCJb2aMXRZfyTyCzNdZPfoFUroiBcml2io8MFzBAlsyZ6t/kabHweN4dwIxc7Bfz3JfG
fiZC+wp2EkMqio0EnDD3oCPCbsg4pCHobyM/BwXlIdr9QGuwwELNzoOBNocHUAgDrh8k
wyZrNyahvQkUgqhd7smhpEGRIic4Mujq2QXsUhfbbsjfyw29TSGoZQps0iOpaetQgJuT
XwnvSAs/9wz9PMAEPemZ3gX/QNQdChDSTWLiGRoRLobvRwyqql6dHRPdKuyUjG3cGR8L
FYEYeLBLmYSXOq14eYw7EpsGLJHXshIfzsFKlBLjzwpCYAfDnM2p7m7A0cEgOFPKJd2l
uKA08KVHik2ClqA0va5wzHAR9EiAXWnNBmL3gp2H3xb1umVmLmXZGFIUmelpUu8Ley7L
2syQgqAaROP+JMKZ0rL4NA+nxnODzE+4+AHV4FZTGJa8evKJGkIjFhzj+Zfpwx0QEWYM
Ounsworth, et al. Expires 28 September 2026 [Page 123]
Internet-Draft Composite ML-KEM March 2026
QN0W7U1RddP+QcwE8aEGKBSuUd9aUh9yEl8dttkwsl5pZadnou7cwiaPWYHyWhFsgliZ
tk/fqthIuytxqM+EwpUxuKhFcuxRyx1KjPBymxaQhu/+bIk+wk/QcAXVYKqOexjVlwxA
tQxhhCCkLd+aTQQ62VVgICaSZctVpJIE6l4rasLdBekcnl79xtyD4LEnmqZ+bQxXQSPJ
DY6WZNNLWujScxmHtTAslefIiSFqucTlWhXHIZagnvGQRA1hhMJ2ljKx4HNx9nDSFQmR
WU4NZNkAiecoaKPcJXEP1KC+pZPxpq8U9eyoGAb7SUwuXkzm5iz/pRjpcMvwSxO03dZy
wiFp1czN0gQKxOykpyG19dvzDVb+CFrr6MhpCLIzqGk7AaeEAVjymm30jqwJsekWgLB7
NUN+Ah9+3mpU6IrZMyo/TCKbLoU8OOibgdPlWzK4xBk25SLtog5qRkboaJ+MWRhxphvS
XtOYKGFkhc0DKWTvXhDujgco0i4Exu4FNt//UGYNsIJO6g+9ptME5alceeM4tHNDBd6b
mAYwjh436gkj+wnwLmmxuGgSTQOADJWSypplokW5nyyIoA51ecKxXsYMwYm1HNWuDc/t
Aa646SOvdtDDDRlAOe5iGfHECAP0mVjTJd6AgdNz7rAlRAzF6mD9Ki0uZl7UhqudkMxu
DJ8RMXGchphi1xooBOSWGggrrCmQrKK3cixE+yNgVA0w6sDoIXOZjK4U0cXHPGn+eEHy
CW9FZUUX8FhUGO3J/B56GlcpBUYJOt4jmwLC7lZM1eGiNjL00ke4lQI/gzDqVzOwOePS
3Q63oAaiBcoQNhhKgIYdhhJPJaYenLB3DhoTSdG+HIpSfh1cEYS1VADR5BzSjEPW+SZZ
MaJ11epZ9aHY8LE8ROWNcyzeeI+QpYGP9KHJqCV/Lo9KwAjgdCoLeNjCmlgNMkh8sO2u
/GC3QAQlcnKSGI4krGi24cQu1I8bbKSviLKuIZM+bpQWfw9rCYjiaxwBZZpH8BjmqZi9
OcsD8vPSCNu34SSMid9WVmxfSx0jSF7T3EK9sciPsZf9XC4hum8SDvOdetPXsSO8blbD
IEBGRuWwYoXy3wOkBPPvWg3y2xinMfE/FiKYAmYWnZuWuOldBUxEHp3JjdPpOBsE1QHb
8s0VES8nFQmXNyXrOwqwHxht6JPsXt3CAoEmmmofpp+XAiPYZaLu6nMLIYWGvQdZEahN
dNzt5YnQ7ivCxpSSLtY2oKO0bydJAKLrEUr0ZA6ZblvbXt96qigAZQKG9en5hdV0jfKe
uaiXwQpwwlAMQlq44hC14rEL6T5vW4yVzbZAnTtGxbSOf9smJSjOI8g/y14+tX8OoKYI
++MSenY/G1Z62YUETQLnklALMWLmxNKFhX3BloPCmUnRboV9R/vOoAtsnTdGsi4lg=="
,
"x5c": "MIIUUTCCB06gAwIBAgIUFsFevPHm2I6Nya8FpweAk3SU3iUwCwYJYIZIAWUD
BAMSMD0xDTALBgNVBAoMBElFVEYxDjAMBgNVBAsMBUxBTVBTMRwwGgYDVQQDDBNDb21w
b3NpdGUgTUwtS0VNIENBMB4XDTI2MDExNDEyMTUzN1oXDTM2MDExNTEyMTUzN1owRDEN
MAsGA1UECgwESUVURjEOMAwGA1UECwwFTEFNUFMxIzAhBgNVBAMMGmlkLU1MS0VNMTAy
NC1YNDQ4LVNIQTMtMjU2MIIGaTAKBggrBgEFBQcGQQOCBlkAumlpjkdsmcwUR4pavoeg
XXVU3yjAR+Sl7etQmiqoBEh9ZrcOXUBdzyAq9TCzZ4LBvHlrSJofhxqgYRWJnMrHXlYo
r8k7OGoJD3PDG2GdmJaVnvFedQers8XIK1wBXqEsHYO9AbC3ssAHWaqhL5mtPqNXB+G4
hygidPCLVHcFbNi55doEhZEuYLK7BbgmsFCmjcMYKYqi2RS5P7spCRPKR9JlCsK/WZAh
RTUUjsNs2Mxa58QKZIY/yLBst9Q7CbjG/vgeZhNpAoCJb2aMXRZfyTyCzNdZPfoFUroi
Bcml2io8MFzBAlsyZ6t/kabHweN4dwIxc7Bfz3JfGfiZC+wp2EkMqio0EnDD3oCPCbsg
4pCHobyM/BwXlIdr9QGuwwELNzoOBNocHUAgDrh8kwyZrNyahvQkUgqhd7smhpEGRIic
4Mujq2QXsUhfbbsjfyw29TSGoZQps0iOpaetQgJuTXwnvSAs/9wz9PMAEPemZ3gX/QNQ
dChDSTWLiGRoRLobvRwyqql6dHRPdKuyUjG3cGR8LFYEYeLBLmYSXOq14eYw7EpsGLJH
XshIfzsFKlBLjzwpCYAfDnM2p7m7A0cEgOFPKJd2luKA08KVHik2ClqA0va5wzHAR9Ei
AXWnNBmL3gp2H3xb1umVmLmXZGFIUmelpUu8Ley7L2syQgqAaROP+JMKZ0rL4NA+nxnO
DzE+4+AHV4FZTGJa8evKJGkIjFhzj+Zfpwx0QEWYMQN0W7U1RddP+QcwE8aEGKBSuUd9
aUh9yEl8dttkwsl5pZadnou7cwiaPWYHyWhFsgliZtk/fqthIuytxqM+EwpUxuKhFcux
Ryx1KjPBymxaQhu/+bIk+wk/QcAXVYKqOexjVlwxAtQxhhCCkLd+aTQQ62VVgICaSZct
VpJIE6l4rasLdBekcnl79xtyD4LEnmqZ+bQxXQSPJDY6WZNNLWujScxmHtTAslefIiSF
qucTlWhXHIZagnvGQRA1hhMJ2ljKx4HNx9nDSFQmRWU4NZNkAiecoaKPcJXEP1KC+pZP
xpq8U9eyoGAb7SUwuXkzm5iz/pRjpcMvwSxO03dZywiFp1czN0gQKxOykpyG19dvzDVb
+CFrr6MhpCLIzqGk7AaeEAVjymm30jqwJsekWgLB7NUN+Ah9+3mpU6IrZMyo/TCKbLoU
8OOibgdPlWzK4xBk25SLtog5qRkboaJ+MWRhxphvSXtOYKGFkhc0DKWTvXhDujgco0i4
Exu4FNt//UGYNsIJO6g+9ptME5alceeM4tHNDBd6bmAYwjh436gkj+wnwLmmxuGgSTQO
ADJWSypplokW5nyyIoA51ecKxXsYMwYm1HNWuDc/tAa646SOvdtDDDRlAOe5iGfHECAP
0mVjTJd6AgdNz7rAlRAzF6mD9Ki0uZl7UhqudkMxuDJ8RMXGchphi1xooBOSWGggrrCm
Ounsworth, et al. Expires 28 September 2026 [Page 124]
Internet-Draft Composite ML-KEM March 2026
QrKK3cixE+yNgVA0w6sDoIXOZjK4U0cXHPGn+eEHyCW9FZUUX8FhUGO3J/B56GlcpBUY
JOt4jmwLC7lZM1eGiNjL00ke4lQI/gzDqVzOwOePS3Q63oAaiBcoQNhhKgIYdhhJPJaY
enLB3DhoTSdG+HIpSfh1cEYS1VADR5BzSjEPW+SZZMaJ11epZ9aHY8LE8ROWNcyzeeI+
QpYGP9KHJqCV/Lo9KwAjgdCoLeNjCmlgNMkh8sO2u/GC3QAQlcnKSGI4krGi24cQu1I8
bbKSviLKuIZM+bpQWfw9rCYjiaxwBZZpH8BjmqZi9OcsD8vPSCNu34SSMid9WVmxfSx0
jSF7T3EK9sciPsZf9XC4hum8SDvOdetPXsSO8blbDIEBGRuWwYoXy3wOkBPPvWg3y2xi
nMfE/FiKYAmYWnZuWuOldBUxEHp3JjdPpOBsE1QHb8s0VES8nFQmXNyXrOwqwHxht6JP
sXt3CAoEmmmofpp+XAiPYZaLu6nMLIYWGvQdZEahNdNzt5YnQ7ivCxpSSLtY2oKO0byd
JAKLrEUr0ZA6ZblvbXt96qigAZQKG9en5hdV0jfKeuaiXwQpwwlAMQlq44hC14rEL6T5
vW4yVzbZAnTtGxbSOf9smJSjOI8g/y14+tX8OoKYI++MSenY/G1Z62YUETQLnklALMWL
mxNKFhX3BloPCmUnRboV9R/vOoAtsnTdGsi4lqMSMBAwDgYDVR0PAQH/BAQDAgUgMAsG
CWCGSAFlAwQDEgOCDO4AJ0W+xmMTp0gISt1G77wnnFgguV9EP7EgJKb25xrE+sa6n2M7
bpNXM0xmqnMI/IqeOcHU9w7Mb5Moait/2L1bKMft2JtbK+GyTroOg5JFtF3/H6ooxpgz
p4WqyXOKC16QqAHLSY/Qi9CJn/l5BtagIDs98Y6jk0rXB0LFdXodC0pWI10tYsiraL5o
oj4XmKYo9d+IfrG1QavNnZM9sQu2StpkwfH+PGPTv1jO5PJ29P3GsVueTRlIdHgUfG6w
kpuws0lPYJtD78nzyVbYvGyXVYgJhPpowoLsA69rt4S+Q7ZIJDj6ccwXEbxaqcVxexXX
pZf4rZj2yn55YPaWFX/J824EUgSq4PdE9yuxVHWqAptNzivZfIR3kcdkrMwqiN09JW13
FOHChwUlcOFYn5kXsVq1qYjD0HYZnb42/CuchGpNj5QO1WwedcbFKNQy+mb81rF9dxf2
7K4iZCe0OanB6Iq81lgr+sZt8hI50w8+Evmo6oz8PDt3pM6VGsrl/40nOnQRwrWtLtDI
QM1NdOBEiXfBbTa1DbnC+Mync50+iemwTUyonXPVOHt2C4Xf8gTl8Xs1Atqau7DUD/i7
jdjI/qXBtQxhoooXhTTUZSjH6X1C9TKa6INXpIY17oxvlpwfz3kLQ50PYyx7HlNxZIaC
Q8vJoEY9pj0XVT0KtSVWzxTbGqN1Noo+fWoa6alXtu0JCQZ6sNlJetKE+rBZYDUBvJQ1
gtTdw2IIYI3hdstg9ySCTRDpbalQj6cM+eNXMULsBXgvJWPRcozny8NrGgXNMXyaAozr
lya+8GR47AV9n3rDs03UCLo7VBZ6cj6bupAohlC4dXx2m4FvQ/TZn/xpHgVvA6ayLjJX
mqzgXClPLtU08AVVrwOVtCEUe4ZN5mkyYOHfJorRHqdxZjoEJNAwVt2GvXlqDPuf4QxI
vsA4y4J8oXuyqjVF0e0hwj7QTWe2EoCEydzDJn1WU4SMmuRlkNjEKgl2oS52Ad1HS3lU
TPR6bojUUvfYMcVknruW2GuP+FiqZelEfEmU4n2ClQ7svreCbyKpBXB6ERQPCA2Yxr9t
oPSU4scl99y318KAjT+KPnkA5dMtBgUDWIxNEnvD+4FzxWvVTxvkGbHHXSzJf97Dp8tJ
+HJWBvh6m70iueN7OjbQko1qSzSe4q1/m52G54oH5G6SCfDP7iB6goq3ScngZ9GN6JDq
SuOTvltalEaLFNXARFbiGd1ewjXrhDGX1PpL3ntyWiKuGoNt1/+99VhPBbsScjm3SY8+
mDjxo/+77XiT/lHcMI3L9wdHLR6KB71/er3LYiIn9ZOtiog4L6VGIYK0XruV5hb+v7LV
HPkXq+aHLE8hh8K7w/r7ToRV0km0Orx3jB2i4wjvnyFUmpcp+BzhDXP7LtYrXBBjC/cA
HWJ0hQQbfRpiNK/90qOhz4lefNIO3eY/ske3w580xySVOopabL8jAtHNrrQhF8pLrbCD
5l0PuH7LaGa2IY/I05W7xaXkOAg7441LsRkh6hnKZnv8MJLkBX1rweS1HoM+uHrnCCv6
yLByiv8IkRnX/RobTplcKJKsDrLUEXfLZm393XQi2zvwgnkLMGOT9WRFERWaxY8JYOxg
Keekxy7wpflpGQ381BNiEUmCUPtNUqLprtZFmHg1rc3Nv8KBuMGd2CB28XBXhFAja2+Z
KMpnNdudk1VdVt4/qjgBCyaCFmtF+U7SnqlD+dPE0xk9Wh6x/oHnHzmMfrxDJKJZ1JMS
TJOJLvdP0m8NkoQXcC9SVe3Za9QN6sCMh67TO5I+wT2N2BTBxdi73aFkxCgqRQvyZbCT
Mta246hXpk86d7mfHd5gv5Mh7DuPINisDiRL3vePRS7YwQJX5V/GZ8DXcNnyf+CIpl3k
i7K4aqg9o3iQ3lnpZdFpDKey1WPiMYn1Rp1/8Kjvzw3ynH7SRjeh9jOLN0afgLJzmfVc
a5gxrEh3pgEag9csaMfNTRDQMdpQseroldKxy1OhpRumhxO+0/tm+R6chcQmayhDBkZL
KhefWskIgypeYLBqnRwRmK6wJW7DiZ3mCV2pm9DcPOQ7iK82mI6ltTe7P3+e7q1zjLAt
rOVWSRL5G2DZVTBpyIwf0XW8DJGXmJviRGNep9Fmrazz7BQx5fbAcEo+JGCGWYKZOydD
wMmnaS+peAELdJkYjckUzIuCvfVxNe6Rc/mnhMCgjaXGvmHfAyHfvqNA5Dk/o2Sy3lGS
iFPgR15Hs6Qogxgc9xaFoyFjMp7pysYVzMIxdeY/kRV8wQ+z30U8SJFRbQNx8/Y28lju
C/NZ/c3RPGLKNQ6zljqeuN9kyykjHRmiCIGKHmu3tBvMwgyi6Bn4ufHWO8V63VQdvU/v
+IO61R1fgRZPO9IZ1dm3liXoLQ78OXQnNNWrzcQFBDdwsu+E2kQujacEk4DezogBC/nD
tjvde18U+KjDnQAGybnm94IT8SEtXjz5oRp0W88ivAlvB37qgWopak7ilPmitfCGpRmp
Ounsworth, et al. Expires 28 September 2026 [Page 125]
Internet-Draft Composite ML-KEM March 2026
MSOlKwM+a/rmvFyWB8KhWqI6YQJx36cNWuQZafoAJpxmK3VnHQhpnFOaolMp10CRGi/U
yLQ4kT3UL0O9ag20Q6YxIEI241+auQ9/P1E71xo4hWL4NXLqEJc8SzllEOqLQGmF/j6z
648Ssle51RBwDk3ifxRxuO+/ryBM1QqKE2UAtE8lH2zLKV3p37PJkr3zcDVDaFYHWTXv
af6Qwcc1S7AWolrqe0xQ0yGs8UznZbJU2PiiNBIfzHzFbXj0uJSSW2gnMr0Deh1eo4oE
td7/NXQX2dPgwXdyONuCUBwBat6Xyru79tNHSk/Wfolnm9VABYzNYHQoJbvM9x8Urixy
9iwdhR5+OuViIcJQEyrU7k6jzp3Yqw66OCjdPM8XNJcC3bjWqarSZc/oUDWCl5p1sqb7
enH+eJor7qoBkyOQUmp2z7nbtiRhk90VrrnBTWle2//YVCffDj4QiW4Ms7x/eXAg+w8+
mb1eTYq+r93q1xQ8G4/NBpOXnqRtFJJxFBkKxD+GRkOUIHzv2JbmRcbQ8odpMxjv861C
Ecq7ZfL1uf8KbUSa5htDt4qV+kCf4MsP0nPjfp9b5yElusgE0YyB6Ows+Ue2+CNkOGLM
Ahqrqs8X50w5wMtpU6eE9D6xKXSMBg5meXfH3D/5cl4HYmjK8keKwrzopND+R0J/uzKb
0D4A3plVDVu7KZMLkKjXU8PuwUUHOd4ynVmz7ahO1F4y/BckvAaNUVbf3t0ar2SRDhNQ
CZ7l1tqrHm+n0Vivrs6S/TRQdRr0bRToWhPQ3ilSDfHDcSHU7yJvOInEYyxOAtwq5WBF
rPv7SyyQnrQ2mij8Y/zgTQJMuXVGmrqYP7PsfjAaHv6nSXgTIAdwhUkzv7Owz+dVjx9B
PlRNNw+7C6mG62fG8dqlmrVRCVUc33a4rBdCGP6Y0xm6SXibxKPidqMJuary+R3xu+oZ
aUOx+iX7l44oWc8njdz3H8j08NpR8sQEV3o7rR7aWIuRSK1Zk9+N6yAlaURU+JR7UZ+2
orPqkB3xXJM1fMYpLN4b5NhR5WaUux2EIXjt1D86bxU6Rrwwx6s1UNS/iOfy564c6YqH
0gzjcDYp+bW1E1SsiHoh1OnlUptcJgZh29dy01BODmYyyRBXQA1UQZ+ubIZIYWDNeOlZ
PQ7bUrVnpj2lKRhxooU1E9vJX/lieB6AyL87ZfZImImAASfyhS7WmX43vo52RX4AcR7a
cFxuIvfKLhff9tjaJtrPyf53mx2xUIjxT03Cptaxwa26Gai3hPYXhDAH5FWOXgDoVEYb
UyPbJeGsd+/F8B0v8W3PAeDicktjimUD1rXJwKBLLMt6IZMtJlIKL2+sqmkqbmxQoprj
QT7UovTSf9HRg7QrBwnCuOz6hXkARap80Z8IDV7Moe/CccDm1IkIbp8xMOAraNcBpplj
ymczasp3yL/+I8TZ6coyCyrPom5lGcsmdggRZhmZzo4SwXNTovN27kI7jBs1AdT3GhDo
qCiomccLlYN4C19ea87BVDCsIWatBQmx8tytFm7KACUc/xd/NUqFuQsB9b/T/v7+o32b
ZqHEzYCh08evSYYKMLe5HXdOp+Q8Hl2LvOxyp0zIaJzk36pJx4tevGp7e74W6TjtVQDl
FkP+mFl8MWQrhpbr7dpHmQKGkdCEAw/fMDAmq2UqGsWw0krKu2b6c4++ht3QA3Qrn+7Z
QiDRfXm5wY4V3ME+iDYE4q5Lhbfh7P5vR826Kb4nfrX7gSyNfimrOsoMxb4C8FhDosR+
WrumcUHpq//2oGQA1i5Paj6qBTIQV+eldlUDP/soELjucEsIrVH/bRL2wr4BgihOyx0D
H5rRLTJv2yZPZKfxJFph0SctRUdMUF1veKzV5/1TcHaHnQAAAAAAAAAAAAAAAAAAAAAA
AAAABAgNER4j",
"dk": "oRfW/hdTbZc4zxGSdDOWXsnU51ACbv0m5S3E3RfA55+x5SOlymf3pnHf8cQpq
3nQ/RFVESMGs21r5JBx7TMiIqDiL6AFEHokW2Sgeyq67FAVk1nmfOZFiJZ7ws9zEsUlq
FmZWJZs7MOwa+6lCf7dmMxI90O0aj/h",
"dk_pkcs8": "MIGJAgEAMAoGCCsGAQUFBwZBBHihF9b+F1NtlzjPEZJ0M5ZeydTnUAJ
u/SblLcTdF8Dnn7HlI6XKZ/emcd/xxCmredD9EVURIwazbWvkkHHtMyIioOIvoAUQeiR
bZKB7KrrsUBWTWeZ85kWIlnvCz3MSxSWoWZlYlmzsw7Br7qUJ/t2YzEj3Q7RqP+E=",
"c": "I0Nv2LwZ1CyoxYshNgSopNCSxHCcbonLItoEMz8q0Z6b7ABkfQHi+ZlJ/XqL4H
ULXXkb/Mr/W+TTfNupbnJzFwvETkxDxiclvn1uRTnqFqmSFGF6WRiyZDyx6j73bikqjo
/jozG5ZdNZgrxbLezXo3TiUYCkJQuvSAP8UBBUpRJXsaULNs9rQlp/Hyc3uxwbVKf5p5
4cF47yDDh2Y0T5L5dK40x1PZpXV9Bsb5LiZWkkbua+8UJD7WZcB5lBDE7zu/o0V8r5Zw
pBwZosVbiZkaYu3xpgf2g4zNLTXBaNajqbmUOKZDpRT2iC5YHc4LNQoDAt9HE+aVADrk
6J3OUjKRT3uyVleHRhClRbiBG51E9tl0iQ9MzSqzrRcNbur/b397x9nQtaYhAgML5DOO
PtqpScmsQ5MNCd2MJ9dpZqq7SOvAtsLG4PF3xNFMu14VnfOv2XcgnJSUItHMy6Ufva9V
iNiYTRg7FyCOQn5Dw9lZhzjoa9nG/mHApTQqZ4TeiFEv2sCInRDvdovIc42VAFkJB3MD
oElNGWFwzXc5Bz91dEXp0etNwNLvr/KVxENeCQ1Q0YkAr7zuAFdWgNEdu70VFiVsRtoz
TGjEH/SSrHVSJDewc0SBsGIh4wHfS0uFyg8iAC30IA6NLtYNrSVjIaWoFoALhWNOPD8v
7rVpgxyxjiGhlJCyjhbsTJRLt7cAeC7kv4aANc0iBfR3alk98ATz3ZCopeep6LhwnsHP
yD1Ia2KPYkvcqGrdBA/+cnpMVrI+NDC3f9VEGnPt/i9Jeol9G+7Rio1njRBdU54Q1s89
/k5CHBWVIpXdjzcAru88ISoVTPCjmqx5kDb1tPRxdrI36XoTy6THhmkaMn7DOmhq0lrh
Ounsworth, et al. Expires 28 September 2026 [Page 126]
Internet-Draft Composite ML-KEM March 2026
oPJ5Q8+5Z7/NvioU0Z7Fh2b5mrkyh0WVyEEZZ2DipABDZA2/0QoV/m1Rq10Z7ZLvwD33
0lnOVMmfF29CO37ecSZl+E5I/eowBQpCLBh/vDWxbIAstgKIuquhM7/YKbMjQB/EACGa
oYSMOZ/zhAyHXh7uEGfPc+stXE8CUlQPALocptwVlAw1ocAtanMJjNVVwaK2Vmzwa+dT
WK8RoIdhDqxqovDDLoVKVGFItrYpHgAujvprJkGnMktuD4+kAhzs575C3YCSv9lTT8ug
8DGY9qArfOvbS+xL+uvMYaBEnOBZMb0/YAO3y7DZ2GckDnYVW8qE+VexGTOa/GIhd9YD
m8TmdwhMMzYLteBkOVCpHNK+fquLRMsUGasKVCuYeWD6x1Xks4wC4SCwXqX52fS/Azwl
2LUXz8AXHDf2NFV0/asR30AkgTgk1oqe+6fIs6/IgFfQmbkXx0On8B9LdFM5qbrxKzW9
POZfgDsE/xJU20JFlvYScD82mJqK/5pE8BqQ/RBhd/OBBn2FbCYFkhBrxMp7hDQLrHfR
DEqKzWhBqpdJAh1nSBUxjl8ctDd3M4ec+aPyKtz7tKr33c8MDKK7Xb+IK6mJziHXv14R
EOeeJwaQ5Apnu28pcQlz/w9P/48VU2atKoavA4PuNl1pr47jQhHlyUWKoBQ/ZeI57d9T
NB0oyrge25Tm+JLJEoWhJ/wwGcK7Xi6FjunGqD0bCZxw0PenuxAwCPEV9KvhZt0hF7gj
e0YoMbzgC7maG5WPYDEIATWQcFBWdrV9lseLj3TQFjLjERgUd3fG32wmmRW0cGlsi7B2
kmDnm+Quc3gxALxpamltpLEiti4pk26psU8VDVv6TVv5bcViE1oePiY3ecOuFxi59HEU
awoR1QD+OuaTfouQuMgbXoXpyRt9Xs6QlYovs90i8mkQy98S+hMhT6rLY89vvHJEJBdt
fl22RQeYw79PX29GRVFEgDSrRPgz1LsYAnByf2VB+hz7d/xMkurOptnvwT4afoZLXfEN
jQ3+tPpihnuKds0P4pHNqwl7FxDhzFGLL6FjLh7LcN8wvMRK9EEoMZo9BXufrGI5gBvN
Jv6FjXw1/OwZcaH4U75+IJri8jxu1itOhAtpJSdrvY1doyN/5c1CHajPccghD+yZ6n3l
d8Gw1RNGJcQDoSXsH5baPUU3I7iElWGu+hvM6Tky+mvYylMM1+1OguonG4f9samnrpqP
Hl2LeKnTmeK4vKkFhICUEc95DXSztjHIsKGr0ZMfkvZFgo7ysfBp7iePaX+5e4lw==",
"k": "VBbnpxt8pkjcDi9Pj2GrSs4yJM3ZeAq6n9A7DJTq+Fs="
},
{
"tcId": "id-MLKEM1024-ECDH-P521-SHA3-256",
"ek": "vfNF7dkPOBoqc0tOKCt1ifk8xIY0iFJh70edWLMbJwBTEIGZvBVBsZZgp5MIn
LJXYFmAHFguzlmJY+WDfKlVJGCPQOgRtCRWSZjMrNhyuOtu6xGLxWW9ayozATitaMSBW
Xw1vaMQLHyQJ1R2Mat8FhS8MNUiqTVmD6EHJcTPcRMsRzp1gltEFqcIPqN8aILPM5ah6
pKYqfSm34TLuHM3UkhtFWRXuyYOseCy8aUMSVh/HYSO2oh2KMNPD1lSTtg7MYSbJhRgV
9BNP+Zd2dQOnFzEqXfJB9SAdsIumOx/ASyG2hNKEGo+64WstTZHUDsZVUlZODEE24qQ2
QO96altn3xEKtKAaaBI5xy2OLJDz5s27wHJx0RdL2U/cTLPHWWUAVygUZWDREWFDng+6
tpbr7spRpUvNVp1ORMFXxJB3BcRePM+PKyHo7qWtLotzvFdhmiJ9MNiyeVXwXs6ovAIp
TJRCYq2wkh62lO8CWq6oRqioEKwxJUQ+HRtDXxFYFCW4Ow/a2PBb4wXEZswvaeEkuS60
rG5tkqw+VktQDdTSlMkEmF9rExaIlm9sTulPxgol5kfsQqoZDUfnkJVgamSm+HLRAZMf
9V870douOCVT+wHz5vNoVJAyoLD2OEIT9RpuAkXveKeEeZGCmsnU6UE7CZbCTcZHeRcu
FuGMYwnFvRnJtR0/zqMsXMLV1EwDezGkMECm+sEGTBNfZw6goYKl0IFmAUjrZaLkewb7
ch0Jma0S8aaC3hqvcSKncF4detXefABm5uqJlkP1XsBI2ZiW3F6MacjKCF+h5d9VMEm4
EBoW8CPpeLPBHGvsUgYzvRR9qE0GjoTAJoZAHpAnecCxmQBOXqZWhqYblVwvtc1timxX
zoIV/o4cWiSGDWCq/F9eWqtuAUu2LBKtyhaaLx5t1Mma+NiihgTh1Iha3uZowekoNEvu
IGjnAnLwfg37UE6B0ZzM/gwhEp+NpWzvTMjY7QUJ9a1a4ms52gxOzurjRNOOFu9OAKE/
NyJKJC6HwmTgRG2vWrPDfitO+xPz9cmdbBP0hdm5fKeqqQLKtO/70IvtROMC3OPPFdti
6GDhzNo8GurxfuxOCq6COgr8VC5kpGtBVtZU9GFnoxWo3RHKMlK/ywLwmMHNwV9IBB1o
SHDY+kCWGCgniOzhlSQPMFiCPiS1JNvPbiT4EcLiiJpz2aweTiL8jsuhVU7v9oC3XiR8
yF6C/wZX5aGNMMMz9xo7sgovqdOK8VpK9YdUFUBsNoYmdUhJ5HGR6kbgGC00mSCCQlIC
QidqxmPs6RNk8VC4re/VVQ9T6etROQUzdGfEZiMyWaL5DNnmvoXjhtrgMUL0igf97l0y
uyIBSMFpiygqKU1zGrFZ1s0+8BiQqop93m5MikoB1sey9Jw4zyVDHpslwYdqhtkOxIk1
QPDlmu2zdugVTx+EbMH9dlqWBo4VDarLLogGoNn4BWNTci74LqAf5NHQLIvRzFQZmrH2
mklvplY6yBawptghou3lBpZ/eWcPFmZ2uo88JspLHleuoi51hQiaxm/R5uMDGwU+reEo
Smm+fs6/6uF07RLkcx8hBWA5ZK1PyCWEkbO2PFdSnWWmwW66UM3DEinqEnD54CkmXksc
AGH3qHOXllieyufM+oU2VF72Am0FPS89wkZvvFMa/gx8je3qRSflbd/ert454BQllCtO
Ounsworth, et al. Expires 28 September 2026 [Page 127]
Internet-Draft Composite ML-KEM March 2026
pfJooXNUzh5e7k+Jeu16bY1jYYCfwtnWLQyX8K6iJtd6dOX6RGH/bAtEUBfqUVctOp2C
0e50hEBkftQc3lzA8XPfqh/GrycHQdV4IGQWzBTAnkHpqUVwjIlpACXgaJn+AC8oRmpD
wjM+sVtB/PIJec17rIbO/c2AdpA+xKi61U/HCwQqki8wXVPgLrFmRW1ndIw/Gpen4vMf
WYpChN7o9xIu9V7s1ENWaRBs3x5U9tvhJe2NoJroRwVHMw5lpRZMvgdr5FWwqJ6vsyA9
jWgdeOhwbkzxbIpAJo2pHWZYScSayEQmHNaJVNuQwVAGYlDARZx+OyjB8SSeGKZ5vFHt
rmbhsgN6BQsi4xpoLui2NMnOKK/g6F8Vs0nvcVWN+nYdoByE6oyGELwJYIEAe26u7r56
6cNgGrml3SFBvdPPrAeg30eI5nNvV++WAIctVIa5wdF4qMeE3YXw6q+OVqPVN49i6zIL
90i147aorBtAVlufEGf+bdc+wvfj7t0mU5fJA1Kz/Id4FWn002yr1YkvOvSwlYKvEwtZ
VtYA3eZ4X9avSEiYrVzPwIAezAz30Dh",
"x5c": "MIIUozCCB6CgAwIBAgIUVJnKaWPmojo+NWlVbA443rfgj5swCwYJYIZIAWUD
BAMSMD0xDTALBgNVBAoMBElFVEYxDjAMBgNVBAsMBUxBTVBTMRwwGgYDVQQDDBNDb21w
b3NpdGUgTUwtS0VNIENBMB4XDTI2MDExNDEyMTUzN1oXDTM2MDExNTEyMTUzN1owSTEN
MAsGA1UECgwESUVURjEOMAwGA1UECwwFTEFNUFMxKDAmBgNVBAMMH2lkLU1MS0VNMTAy
NC1FQ0RILVA1MjEtU0hBMy0yNTYwgga2MAoGCCsGAQUFBwZCA4IGpgC980Xt2Q84Gipz
S04oK3WJ+TzEhjSIUmHvR51YsxsnAFMQgZm8FUGxlmCnkwicsldgWYAcWC7OWYlj5YN8
qVUkYI9A6BG0JFZJmMys2HK4627rEYvFZb1rKjMBOK1oxIFZfDW9oxAsfJAnVHYxq3wW
FLww1SKpNWYPoQclxM9xEyxHOnWCW0QWpwg+o3xogs8zlqHqkpip9KbfhMu4czdSSG0V
ZFe7Jg6x4LLxpQxJWH8dhI7aiHYow08PWVJO2DsxhJsmFGBX0E0/5l3Z1A6cXMSpd8kH
1IB2wi6Y7H8BLIbaE0oQaj7rhay1NkdQOxlVSVk4MQTbipDZA73pqW2ffEQq0oBpoEjn
HLY4skPPmzbvAcnHRF0vZT9xMs8dZZQBXKBRlYNERYUOeD7q2luvuylGlS81WnU5EwVf
EkHcFxF48z48rIejupa0ui3O8V2GaIn0w2LJ5VfBezqi8AilMlEJirbCSHraU7wJarqh
GqKgQrDElRD4dG0NfEVgUJbg7D9rY8FvjBcRmzC9p4SS5LrSsbm2SrD5WS1AN1NKUyQS
YX2sTFoiWb2xO6U/GCiXmR+xCqhkNR+eQlWBqZKb4ctEBkx/1XzvR2i44JVP7AfPm82h
UkDKgsPY4QhP1Gm4CRe94p4R5kYKaydTpQTsJlsJNxkd5Fy4W4YxjCcW9Gcm1HT/Ooyx
cwtXUTAN7MaQwQKb6wQZME19nDqChgqXQgWYBSOtlouR7BvtyHQmZrRLxpoLeGq9xIqd
wXh161d58AGbm6omWQ/VewEjZmJbcXoxpyMoIX6Hl31UwSbgQGhbwI+l4s8Eca+xSBjO
9FH2oTQaOhMAmhkAekCd5wLGZAE5eplaGphuVXC+1zW2KbFfOghX+jhxaJIYNYKr8X15
aq24BS7YsEq3KFpovHm3UyZr42KKGBOHUiFre5mjB6Sg0S+4gaOcCcvB+DftQToHRnMz
+DCESn42lbO9MyNjtBQn1rVriaznaDE7O6uNE044W704AoT83IkokLofCZOBEba9as8N
+K077E/P1yZ1sE/SF2bl8p6qpAsq07/vQi+1E4wLc488V22LoYOHM2jwa6vF+7E4KroI
6CvxULmSka0FW1lT0YWejFajdEcoyUr/LAvCYwc3BX0gEHWhIcNj6QJYYKCeI7OGVJA8
wWII+JLUk289uJPgRwuKImnPZrB5OIvyOy6FVTu/2gLdeJHzIXoL/BlfloY0wwzP3Gju
yCi+p04rxWkr1h1QVQGw2hiZ1SEnkcZHqRuAYLTSZIIJCUgJCJ2rGY+zpE2TxULit79V
VD1Pp61E5BTN0Z8RmIzJZovkM2ea+heOG2uAxQvSKB/3uXTK7IgFIwWmLKCopTXMasVn
WzT7wGJCqin3ebkyKSgHWx7L0nDjPJUMemyXBh2qG2Q7EiTVA8OWa7bN26BVPH4Rswf1
2WpYGjhUNqssuiAag2fgFY1NyLvguoB/k0dAsi9HMVBmasfaaSW+mVjrIFrCm2CGi7eU
Gln95Zw8WZna6jzwmykseV66iLnWFCJrGb9Hm4wMbBT6t4ShKab5+zr/q4XTtEuRzHyE
FYDlkrU/IJYSRs7Y8V1KdZabBbrpQzcMSKeoScPngKSZeSxwAYfeoc5eWWJ7K58z6hTZ
UXvYCbQU9Lz3CRm+8Uxr+DHyN7epFJ+Vt396u3jngFCWUK06l8mihc1TOHl7uT4l67Xp
tjWNhgJ/C2dYtDJfwrqIm13p05fpEYf9sC0RQF+pRVy06nYLR7nSEQGR+1BzeXMDxc9+
qH8avJwdB1XggZBbMFMCeQempRXCMiWkAJeBomf4ALyhGakPCMz6xW0H88gl5zXushs7
9zYB2kD7EqLrVT8cLBCqSLzBdU+AusWZFbWd0jD8al6fi8x9ZikKE3uj3Ei71XuzUQ1Z
pEGzfHlT22+El7Y2gmuhHBUczDmWlFky+B2vkVbConq+zID2NaB146HBuTPFsikAmjak
dZlhJxJrIRCYc1olU25DBUAZiUMBFnH47KMHxJJ4Ypnm8Ue2uZuGyA3oFCyLjGmgu6LY
0yc4or+DoXxWzSe9xVY36dh2gHITqjIYQvAlggQB7bq7uvnrpw2AauaXdIUG908+sB6D
fR4jmc29X75YAhy1UhrnB0Xiox4TdhfDqr45Wo9U3j2LrMgv3SLXjtqisG0BWW58QZ/5
t1z7C9+Pu3SZTl8kDUrP8h3gVafTTbKvViS869LCVgq8TC1lW1gDd5nhf1q9ISJitXM/
AgB7MDPfQOGjEjAQMA4GA1UdDwEB/wQEAwIFIDALBglghkgBZQMEAxIDggzuAASTk297
Ounsworth, et al. Expires 28 September 2026 [Page 128]
Internet-Draft Composite ML-KEM March 2026
i0ii4Kws/lLQblALubul51ct21SoXqzhXQKGLTT3Fz4cigbvctED/8xPfJHTntsmTBYS
sJ5uthlF/RS3ifO0FopmZxK7rc5BJsyuQ8q+1Nt9/lFO7i8lZtuxRsSuRYrSRSmoSaTW
MxZmmw0gXJwHQJf5a491yL3lBWtjOhjvdh4jbp9sAc2Z5HRNomQKX7JsmgtNl1kvmWub
KqZD0XzRIwz/3Vf1NizhQg5KWK4C3qPOwHrkv4aa5CqXbkfTIi3jgh0VTcBGQsUu0yEN
8/OnP7WZD4me21vTmhT7FAy0vg2t7yDGpt8S5Jpcrcfvz9pmIONKJT3sIXNtS45mqOMa
58zvTxw8PPY9ALRGXgFwMW2Mwm1Zo+y8PVWIWT/KYb70anCLb6dFgID6saNa4aOgL73c
C4I1/cr3dvUWFBMA/Lus1As0uNVLhKeWE1m2S5+4Wl9vSvFqZvJfzxhu1TVcxhvDlBZo
JJpjPivKgDzP1iU3dFBazcGVKQSSIMSNjoJGtJOKYQmJ1vudGPHZ1WteYK4092trwbPu
VTl6jHlDSypczrBsdUppADC9XB+SfpiRYM+CyXL1AAxMKurhdlW2VSQtwxA7zmYjghja
5GO77kEtnOXIBdLhzW2uyFECPvtpB02D0JFIH0CY8WsxVIIFcSiZOpNQ+bHNDRvXqlxp
fdgv+UHqIoQ9So1jrF1OtH/E8e+/J0Yv3d1vz7jXJQPetaS8qQyYYe0jjqOTs/wNsCud
ozYo9FNCFkbaPZhPe0xwCYcr7Jx2kW1avU5Ah4mjnsJRJvCX1ew06aseYvBs51QsWXc3
YXWLluaH/XQUeDjudJdbvW1i02ke3O8vsjQAXiHTjTzRuIlZKqHUtv4paPUL4mCiqBKG
rwRXnYTlRbvcGRejW/7IXqYUwXDEgzApaMVO7AGtFxpvZTMJhoc/+tMfqcCMRdKAz40C
Jbgq6APeD0gAhkji078SYuaAZ0vy/Y89xbpt5Ma2BK11aFg0vpL4ZRP9E546oI2Fh96i
iPI2Y9z9TWDORDCsbUVKY0zPxWAbHiYlw4AxHd/XxRPloj3AGYE2TwH9pkwln9rQ5Ywj
7nTaCpXJ4jg2ERz6B+of9PT8A46G3buQVggGpa52jnXoj4yzTSIjLuWMaagKYCwQx7oy
kvEDvaWYa9I9PuHCjujv4suN+04/GwYDkMQUhdErztQPyknEK74i05JSBrSP1FuJc3Zk
e+pwPLJXL3SgrLvB0kLbWY2GQzKgM506aTfAtS0P+moLZzYqvJk1SrqG59l3pW6JAv5x
9O+ENZZxjJ/mHRfaXQsn3Mkwn1lUm7MO+Mg6op+InVR6PESIA5UqQPsCmMyWhl7pOhzo
C2rDJgv2RfUoplE63d6bKuEb0gUjdZPtXtfRrt3Zs3X+zTjhBmoQcJ6GjAoXfhUs+R2u
euB5Go6dCgd3cW+MakUcpAcLW6iz5PmYPpZlAJzb1N9Vt3X2YgMwd+FBLsKIo7njVcwj
47btmiLpooZMFgXkSCnp7xlCOEV+u7O38aT0F/W0kDjatp3wM0cESoARopN/yl+Y9g9t
R/hBOutvYh6Rxw+sXR45ujNc7FfDcEWLQQpwEwpnA+eTHnbcWLzsWgJcHNHRJSxND2aZ
4k1sDE4jjwaHnO2nHqBgTgByXvZTqSTTUyQSKVBEY/C+hiIet97uiRPFNtASj4gvI/AG
HAJ+8f+gO/2FrvJrO6P2ciwjkg8m+1CAc344Znh3coPQaxgMdrR8nrlIzfy2j5CbFJna
7xDwwfymPMF+hT0nOIahfJvTcbYuaVJ81mt6QG1X6LJ07/3P8bsqdJuKw790AN2zRd8s
0LX9TfFH4qGHSXScfekjcKt0SbH/ap4RoLGUUFTVIyH/35e76iilETtnY1sDwD/86C/K
9Oqhar/SFWmelXXSf/+EIsWoWobfTI5GS2tWh58dYfGYQHrdT/oQ1wskJ1SwSvrgv1Lp
CbAaEmPPgV9TAuemYKC08qNTP2gUU/rMtvRez+NNWWaU/tHlcjK6uygac0i/aEfrc5qX
H+N6WYyhTMa6JZ6ThWAzkieICrv9TVspyLiZupPGi8zoLzGpFnIlW80TC8K35SZb3pKk
PULlq9UR5bguPITkJdU3owHCiw4V/M/f9sfA31comBqmF+duuCNuCKUvJYrKyAKEtopR
a5DqAqfTA0Jel1GGGBawodndNozhq26eRU0yIRL4w7nHDl0BbAE31f+tSLwBqUjHmAhM
gpgMoZ8IMiqOh2/Vg3jlnW6dvhqm/MldOW/M/ZfTMQ16QdwRDgc5km8v8PBZ8ZxO3AVz
CuV1Chi+cJSWmDS3Z8eWniSsj5X9VC31uPnp7AxRx5LiwelJJy9DAarZETuu9F7iBo9i
EYTpng98px9xipr2f1C10M3n9Sa01WEcXvH33yU3m16Tdu9uBiuSNWjLaHiH3hYMfeTE
/nugQ4C7QK4eRsNwU0sV1f6ABTbl/irJXtujO71sQRYyd2o74opfiHoC8thRoojXVyG3
IwA0I2NnpGScMAvVAFhAmCM0knam4xyJxp2TaMMOy25gm/0TQSMzoBiepsfqbVvuVxDr
nW+Q/y2z1A/Rwas9ukwSGSGaSVgp7SsYvOAADpyHwvDwNh7DJbSN69jM5u2OWKW6dek7
2YZb0cONzIS7hznDb3j5YbtactUOQsve09R1TgHj4DLnvkQzfoQjF6I4boxmYyNpewmA
HN8UQqvgSwkfE7u38bK4gn7cZFaaCJtFE/IpelI1lH0Fe134jnMo+ktCvU39/Ix3N2mo
gA4XVOwtXqHkriFNCmc66zpRH5jw95sXGyqG4dXc1iidus9LDck/QF76uFO2fwQGrvIe
5UwhWtKIoFSwZRmTr4DFPBNfZMraf9z2LbPhiC3q0qKDpJpEsK7jeKYDE7RDCz59zW6V
k5d8lmwdx16cQhEIg49HmfgMAKHp1lpqPP2ovUm0dcOZazMVNT30OCBN3VmWbKRg38Bd
sZp8qC7eOTwP8hdN32leiMGn0J2qOI6GHCzIv0FObvCnFKaeRzvn7ihrEQYmlfuebOpm
kVqnAHPaM5WptAvZbwRXAnz5o+EqzH2Az4ULPf8kyBjTR95fBXzhG3t4INerN02jjFaU
MYnVfuRMSNtmwqEO/rJ3T9V+e9/1R0DgGG3cO6JdSkT4KF0F1yRHZhnJ4UO2Ew7kFYa+
owvfyUkIYyyXcwwQiWKaOQ+J2RDbk/TkJCGYiRKoYnV356nFyHx0efCPuX7GQlZMQhcM
Ounsworth, et al. Expires 28 September 2026 [Page 129]
Internet-Draft Composite ML-KEM March 2026
Zfv8++pUhhie624PF3ytOx4KETo6bzDHUfLospCqnRbtSTuLoWmLGtCVdqrMoTfZFNiw
pRSgt/1P6IiGXCyIDZlc77fYkXTPA+QEqa5b+odpejm+FkVpYnAvYcQWLMymE3HVnvy/
UKvHd6wMvZbIy50rRNCIHR3ktOQRxU8/rsO6UpDDMI2rz18dEEKbUVA2l3PLA9QtUh9D
k2gFR6G/LohpGriVdY9EHilXA3Gl85qcnYTGgs7bhwouycst2wk3lYj5q6r+TDFnTVSG
h4IiP1zpJmtN+DPsndJupUqTb+CgMfYX5BVwvxJ+slh6K7kguANvcwiGr4sDJtM2TWkV
o7dWsKrGsJyJ3Knjp+Ae8FvV5qy4O+xRawqoUgtfOMiK9iBwqhUmqPz+7YNCgytKuoPS
zwKb/7L/qBJ7Ts2RVlnz3rRskGoeSn26mWwS5TsHuCqurvA6Omvevs9LgMZJ7bL3Z+YL
rfGPSCofcdThBgoZNnYHd8lW6GgvNueb8U6mN+WyfzjThTk4pt2PbeCRhHTHMWp2yicf
plJ+TSPhH1tbVneADea27cV0hhQAWSl+OInYpEEAAbDAHJiC6txUTZyvjfF65jJXZ5mv
+ZdZaWq2YrMAhBfgyYPtH+JdwMoXLrIAi7bkIi48MCyAw+ydAXGi+CdRxQSSPWsE2A3L
Rq1CatHnC9OM9Bq4UZU0JBFQ0v9LNkmNn/n6x6UpqSMywjwkVd30dGy+LvciY2p7U56m
xbOjcrvWhrjN1Yq15PnyNA3NlmnFGw+NbEeyFBvtTDkXzvXzAcy+tw7xIBdR43ZF0+YN
FmXCkk+1cTeHgKbI+eF+I1qEKM118ulPZafQV8JAxo/BtPzRclhQeWzzZtoGxcP7CJ2N
xLI08JHcCKSE/Pj8x6b/QySUEw4fuOzYpKNc2yGwyxwi4qpLthlplPaoUkKRi/Oao+xi
HuZ5TKaO2GyJj99NTv0ab36qmXlCrfaeyXnShMff/bF3evk0fP+Cm4Xa/bNN430O9hdT
4WV40JVhTnAchsNUVVKn13XVN/mZxg7ByWcvV3LIECc6WqPBxtHjmZ2fvhBWcMnpBzI+
YYOGh4nkAUlZgoOnsFGHAAAAAAAAAAAAAAAAAAAAAAAAAAkNEhsiJA==",
"dk": "u4YgUmpfvWLQPC3hn+pLKM2eWoKvO6jjAoxp66F2EJ7Gga3F5nttGEvskQK8T
Xckzon4VlZYKLXmfw29nDXnpTBQAgEBBEIB0OYX4ibRxumR3zjRFnT4dDrmuEMln3dnr
SM31x+VldFf3tOd8dmMW8aovGPYNcHkc0m6/hnPR8dZVz9lfVG98IugBwYFK4EEACM="
,
"dk_pkcs8": "MIGkAgEAMAoGCCsGAQUFBwZCBIGSu4YgUmpfvWLQPC3hn+pLKM2eWoK
vO6jjAoxp66F2EJ7Gga3F5nttGEvskQK8TXckzon4VlZYKLXmfw29nDXnpTBQAgEBBEI
B0OYX4ibRxumR3zjRFnT4dDrmuEMln3dnrSM31x+VldFf3tOd8dmMW8aovGPYNcHkc0m
6/hnPR8dZVz9lfVG98IugBwYFK4EEACM=",
"c": "RQdmu56wmwGr/NzeML6lkTnkJXaT8Rq/Q0bs5TtcLwSQppM6k6f82lX3hLp3zK
RvnQCsXKiqKZXLaDtNqet9vSwdfi2VdJtqVuYA6LJ636+QK1oHxM6sKkdQHzFPv6+efC
rxlrqQKe3Qw0YNxPGBXnSfRJ1PxsuBvnxOH7bKbn1hMOjRW80CAD+tOFSLK6KvjbBsuK
wdkZgVmqKhygTPMg5Gf8OLYU7lV05On+014RJHxY5g9cjNBYti5Cmflu35sJ+oewbIbF
92WJBVpApp7QsN01SK2yzp0O0PiA9LKTO3d/5qlpB+XRJYJunPGiIJLJ7Wwyt56OuHYV
oeG7v7ES0K+pqFdE6N12iVyw4zySeQvd6jzn5Gdg2oNkpV9YyviykFXzsJPqcRrbxkNU
t3TAj+2JJ+izhD2ibNcMAiFsIZFbo2YVygXfttX/dfuxDEiookE8NC9CrDL4DX+JolXV
7Xysds7KW9xTXbNfFrKPF+T8fpY9PFYcNtOdHyK1kbi+U1AO+QbdU9A9A1Xgy+DtYX05
asttYzsIrRusfkuaCR8B626aq09YjdccWHcst6SGJipARJfyXHyrE9K5ePWjtviNNv2Z
3Ee1f6o0NfAO3vXzQeztckFrxR6Z/tgOYFGAqkT/BcoyL2nwWs6jMHlTJZRqAThhb8be
LZ7MjXKlqecaP2PA/oa1BerEUZij4MkWRx+3ocJ+y62q71YIhJYDAdy+eYol2TbvYj6a
EoTjmB6jlf5NuF+AFNNdjcFQWsK9czKey0168ApQzcOPek/4oH5bqbljrnyTKO1ZLQvx
FepN0FrMST8LqLc5wDQaj0n+hWdG3c6qqYdQ+91agbv8lKLUpo7m+6iz6k3s7pzqDA/g
Y4r07Jypq2qxDkhWHTPdgnKHG5BQbjW0GQRfiQSvjGrhlbk/6ISK0Cu824jp5yZkS2R6
zA1dE/wq39jV+L+hIQgCqCk6gaBRiQFq6XhAGGK8tqb+PWomZFGC60pQJhROoRdaYUim
q3dlGXuFzL7kjEmPK7cUfUxo80vo97O1jrrE4ci3N81TzNhkYQo0oSSPk+aA0iL3kCRr
+rI13EblS2jQLjjQzQSdkbVcIAKKQ+UQNxWdOhNsv4Q/C5oVbYLbvBRXR/SjQHl28a3J
OdijXjj+SH1cwRcKeXDwpl2D6QvXCg70oMfWG/2KUJgzlU3t070bpOBKa8o8nnXc5Mq1
AZaWtcGvdBuTfz8+0Gig3PLSAm3MYjdbX6JXzWP/HF0i2wI/w7gcHtq94O8/TqhT/I1Y
GqmRQvIsDtYU2LVndUJ4r/94sPHlox5XcUHsbP+quKn4IUaFb7XqXn0t1L9uCH5231qR
3rUrFYn0Kr1KrmEY2b2m94qp4cNymZ30wT9s5Sm+q/PiyWszmkOfDjMW7qi2X/sUFrgf
jVfpmNS4Mp3ArRLLXIxNWZgIuADMqHGv2SAyalrC/GYKzvrrx5zh868nITW9cy6s7sP2
E8V1MOKvE3Uxx5p+YMr1MFiqbKCLtldj3sYqQBP5bPpsu+xXRu90knUTuTEBcWNLhQag
Ounsworth, et al. Expires 28 September 2026 [Page 130]
Internet-Draft Composite ML-KEM March 2026
zirmpcS50lj7y4m+J0EbsXZFPctE+RlHCpe/0pFw6L8qaxMZku6NFXRjJ5jQxyPQc4+Y
FbXzYFdV6jYCiPTUxXy6E+W+FYYb019puRWPV+Tor4qlEE/pO2egMAmb6K6N6BikKVNM
qRgVCAP2WJxtiCn00JCSFnf8meQ0SxG/fuUqAPPbDi0L1l8Cl4YoVg04o3OvoX3cK/vF
ATn5OqfyFkYDYBnm3F5/PUJJM2d0ABQejvR33o2D1WQX5O+neqh8tsuX0RpoaygO3hXQ
3a9c/3siReSL/SPXuPaTfdw8T1cwZx2rlWZhEXWtPKXDimxjrK7wRnjpISiImlRrh9LS
PFqDeprK3a+pEp17zIqTEL4jgsa5MJrYoVvLbtXvBuRwEXZY00wH1u186eE3u9FujZsq
rgpug0yXINAKniiwGGOVqzXWWSxYro9SQgFdTeth1EHUOVpNka/Ans1x+g/hAZQam5uX
hisvaSRQRwQi6K5g2r4Cfbye6Ul0AG2c8SI63qpkwC37YH4qoCKXx6nl4EASFeXt/0mj
77s0UiUo5U0j8aIw/lhqzC3SM9cb5juaNhpO5uNSKxVPp6o1b8i2/8+OYG4NSVt9JsfM
wiXt/4fWvfAABCa00od7cCixHfIHr62+hWqjwxEQFQ9AwPiqn2Gh04lSO5Shyrc21IRB
BVuMaMCxxepkFvqDQVx+Q4JyU1CmCb",
"k": "h66EY21eGjvyrtSZ8a9tVDmBQvf2ENWVi1sss1ne9v4="
}
]
}
Appendix G. Contributors and Acknowledgments
This document represents the results of a many-year effort by the
LAMPS working group. Over that time the following working group
members provided valuable review and commentary on the document:
Serge Mister (Entrust), Felipe Ventura (Entrust), Richard Kettlewell
(Entrust), Ali Noman (Entrust), Peter C. (UK NCSC), Tim Hollebeek
(Digicert), Sophie Schmieg (Google), Deirdre Connolly (SandboxAQ),
Chris A. Wood (Apple), Bas Westerbaan (Cloudflare), Falko Strenzke
(MTG AG), Piotr Popis (Enigma), Jean-Pierre Fiset (Crypto4A), Carl
Wallace, Daniel Van Geest (CryptoNext Security), 陳志華 (Abel C. H.
Chen, Chunghwa Telecom), 林邦曄 (Austin Lin, Chunghwa Telecom) and
Douglas Stebila (University of Waterloo).
We wish to acknowledge a few people who have made notable
contributions to specific sections of this document.
We wish to acknowledge particular effort from Carl Wallace and Daniel
Van Geest (CryptoNext Security), who have implemented each successive
version of the draft over multiple years to provide valuable
implementation experience and hackathon testing. Thanks to Stepan
Yakimovich for contributing to the reference implementation to be
able to provide and verify hackathon artifacts.
Thanks to Giacomo Pope (github.com/GiacomoPope) whose ML-DSA and ML-
KEM implementations were used to generate the test vectors.
We are grateful to all who have given feedback over the years,
formally or informally, on mailing lists or in person, including any
contributors who may have been inadvertently omitted from this list.
Ounsworth, et al. Expires 28 September 2026 [Page 131]
Internet-Draft Composite ML-KEM March 2026
Finally, we wish to thank the authors of all the referenced documents
upon which this specification was built. "Copying always makes
things easier and less error prone" - [RFC8411].
Authors' Addresses
Mike Ounsworth
Entrust Limited
2500 Solandt Road – Suite 100
Ottawa, Ontario K2K 3G5
Canada
Email: mike.ounsworth@entrust.com
John Gray
Entrust Limited
2500 Solandt Road – Suite 100
Ottawa, Ontario K2K 3G5
Canada
Email: john.gray@entrust.com
Massimiliano Pala
OpenCA Labs
New York City, New York,
United States of America
Email: director@openca.org
Jan Klaussner
Bundesdruckerei GmbH
Kommandantenstr. 18
10969 Berlin
Germany
Email: jan.klaussner@bdr.de
Scott Fluhrer
Cisco Systems
Email: sfluhrer@cisco.com
Ounsworth, et al. Expires 28 September 2026 [Page 132]