Skip to main content

NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Recommendations for Key-Encapsulation Mechanisms: NIST Publishes SP 800-227

This publication describes the basic definitions, properties, and applications of KEMs and provides recommendations for implementing and using KEMs securely.

NIST has published the final version of Special Publication (SP) 800-227, Recommendations for Key-Encapsulation Mechanisms. A key-encapsulation mechanism (KEM) is a set of algorithms that can be used by two parties under certain conditions to securely establish a shared secret key over a public channel. This publication describes the basic definitions, properties, and applications of KEMs and provides recommendations for implementing and using KEMs securely.

NIST greatly appreciates all the feedback and discussion and has incorporated several updates to SP 800-227 based on the comments received. The public comment period on the initial public draft (IPD) was open through March 7, 2025, and the feedback received is now linked from the SP 800-227 publication details. NIST also held a virtual Workshop on Guidance for KEMs on February 25-26, 2025, to gather additional input on SP 800-227. Presentations and the recording of the workshop are available on the event web page.

Released September 18, 2025
Was this page helpful?