Sebastien Rousseau

FIPS 203 · ML-KEM · BANKING MIGRATION

KyberLib — production-grade ML-KEM in Rust

Evaluated by Qtonic Quantum Lab — independent post-quantum cryptography registry — and adopted by QGram (Quantum2pi) for end-to-end-encrypted messaging. Both verifiable without going through me.

Read case study

Evaluated by Qtonic Quantum Lab — independent post-quantum cryptography registry — and adopted by QGram (Quantum2pi) for end-to-end-encrypted messaging. Both verifiable without going through me.

Problem

Banks face a November 14, 2026 SWIFT structured-address cutover and a longer NIST post-quantum migration window. Existing PQC implementations ship as policy papers, lab code, or proprietary HSM black boxes — none of which a payments architect can read, test, or sign.

What I built

KyberLib turns FIPS 203 ML-KEM (CRYSTALS-Kyber) into inspectable Rust. Hybrid classical-plus-quantum handshakes, no_std compilation for HSM embedding, crypto-agile abstraction boundaries, and the DORA Article 5 governance evidence boards now need to support PQC migration without taking on opaque vendor risk.

By the numbers

FIPS 203
NIST publication track aligned
Top 44 %
Of ~182 PQC libraries (Qtonic Lab)
no_std
Embeds in HSMs + secure enclaves
1 adopter
QGram (Quantum2pi) post-quantum messenger

Engineering rigour

  • Cryptographic standard

    FIPS 203 (ML-KEM, formerly CRYSTALS-Kyber)

  • Hybrid handshake support

    Classical TLS + ML-KEM-768 X25519MLKEM768 mode

  • Compilation

    no_std — embeds in HSMs, secure enclaves, embedded targets

  • Crypto-agility

    Abstraction boundaries enable algorithm swap without API change

  • License

    Apache-2.0 / MIT

Independently verified

  • Cited in EPAA Quantum-Safe Payments white paper (September 2025)
  • Featured in the 2026-06-12 article: KyberLib and the Post-Quantum Banking Migration
  • Aligned to NIST FIPS 203 / 204 / 205 publication track
  • Evaluated by Qtonic Quantum Lab — independent post-quantum cryptography evaluation registry, ~182 PQC libraries assessed (top 44%, no vendor pay-for-inclusion)
  • Adopted by QGram (Quantum2pi) — a post-quantum end-to-end-encrypted peer-to-peer messenger that uses KyberLib for message encryption (verifiable at f6s.com/software/qgram)

Related articles

NEXT

Want this kind of evidence in your bank?

Architecture reviews, post-quantum migration plans, treasury-API programmes — all signed, all verifiable.

Get in touch

MORE CASE STUDIES

More case studies