Fault tolerant quantum computers pose a real current risk/threat to the current digital infrastructure, because they can break all asymmetric encryptions (RSA, ECDSA, etc.) and implementations of symmetric encryptions, which use asymmetric encryptions for keys exchanges. It is not a theoretical or postponed to the future threat/risk, it is an urgent current threat/risk, which all businesses, governments and organizations must address, as soon as possible. Recognizing this current threat/risk NIST published (on August 13, 2024) post quantum algorithms for implementation (see [1]). The three algorithms were selected from 82 post quantum algorithms submitted to NIST for evaluation and testing.
In this post, we try to understand ML-KEM algorithms. Firstly, we consider an analogy between encryptions and multi-story buildings standing on foundations. In this analogy, the foundation is a complex mathematical problem, which is super hard to solve for computers. For example, RSA is based on complexity of big numbers factorization on prime numbers problem. ECDSA, which secure most of blockchains and cryptos, is based on complexity of finding of discrete logarithms. ML-KEM is based on the computational difficulty of solving certain systems of noisy linear equations, specifically the Module Learning With Errors (MLWE) problem.
Secondly, all cryptographic algorithms require generators of random numbers. In our analogy, we put random numbers generators (RNGs) on the first floor of the building. From the random numbers, created by RNGs, private and public keys are created. In our analogy, we put creation of private/public keys on the second floor of the building. NIST does not use (and do not recommend to use) phrases “private/public keys” in ML-KEM to avoid confusion, errors and misuse. Instead, NIST uses the phrase “decapsulation key” instead of the phrase “private key” and the phrase “encapsulation key” instead of the phrase “public key”. The table below gives us a comparative summary.

Thirdly, ML-KEM has additional floors, in our analogy. On the third floor is an algorithm, which creates a shared secret key and an associated ciphertext from the encapsulation key. On the fourth floor is an algorithm, which creates the shared secret key from the decapsulation key and the ciphertext. If we add these floors to our multi-story building then we get the following summary table.

Use cases for ML-KEM are:
1. Secure Messaging and Communication.
a). Messaging Apps:
ML-KEM can establish quantum-resistant encryption keys between users, safeguarding messages from future threats, etc.
b). VPNs and Secure Tunnels:
It can be used to set up initial session keys for VPNs and secure tunnels, creating a quantum-resistant foundation for encrypted communication.
c). Data Center Interconnection:
ML-KEM can secure the key exchange for connecting data centers, ensuring long-term data security.
2. Data Protection and Cloud Services
a). Cloud Storage Encryption:
ML-KEM can protect the keys used to encrypt data in cloud storage services, ensuring user data remains secure in a post-quantum world.
b). Medical and Financial Data:
It is suitable for securing critical data such as medical records, medical image sharing, and financial data, notes the arXiv.
c). Long-Term Data Archiving:
Its high security levels are beneficial for protecting data that requires long-term security, such as in governmental or military applications.
3. Other Key Applications
a). Software and Firmware Security:
As a post-quantum algorithm, ML-KEM contributes to the broader security efforts for securing software and firmware distribution.
b). General-Purpose Use:
The National Cyber Security Centre (NCSC) and the National Institute of Standards and Technology (NIST) recommend ML-KEM-768 as providing appropriate security and efficiency for most general-purpose and enterprise use cases.
The table below shows how the ML-KEM encryption is working.

Many businesses, organizations have implemented ML-KEM in their post quantum or hybrid encryptions defenses against quantum computers attacks. To check if a website has hybrid or post quantum encryptions in TSL or SSH protocols a user can use TLS/SSH post quantum scanner (see [2]).
ML-KEM is an approved standard that is presently believed to be secure, even against adversaries in possession of a large-scale fault-tolerant quantum computer. ML-KEM is derived from the round-three version of the CRYSTALS-KYBER KEM, a submission in the NIST Post-Quantum Cryptography Standardization project. NIST recommends to use three standards of ML-KEM. ML-KEM-512 is claimed to be in security category 1, ML-KEM-768 is claimed to be in security category 3, and ML-KEM-1024 is claimed to be in security category 5.
Sizes (in bytes) of keys and ciphertexts of ML-KEM are given in the table below.

References:
1. https://csrc.nist.gov/publications