(From EMVCo, Visa, Mastercard, NXP, and industry reports – December 2025)
Current Status: As of December 2025, ML-KEM is not integrated into production EMV payment cards. EMV still uses RSA/ECC for offline authentication (DDA/CDA) and 3DES/AES for session cryptograms. ML-KEM (NIST FIPS 203, formerly Kyber) is in early planning/evaluation phase for post-quantum migration.
Real 2025 Timeline (from EMVCo/VISA/Mastercard roadmaps):
Why No Production Integration Yet:
ML-KEM Advantages for EMV:
Hybrid Approach (Most Likely 2026–2032):
Challenges & Solutions (2025 Research):
NXP JCOP 5 (2025 Flagship):
Visa/Mastercard Plans (2025 White Papers):
EMVCo C-8 kernel lays foundation – quantum threat real but not immediate.
For legitimate research: Use NIST test vectors + open implementations (liboqs, pq-crystals).
Stay safe – PQC migration is coming.
Your choice.
– Based on EMVCo C-8, NIST FIPS 203, NXP JCOP 5 docs (2025).
Current Status: As of December 2025, ML-KEM is not integrated into production EMV payment cards. EMV still uses RSA/ECC for offline authentication (DDA/CDA) and 3DES/AES for session cryptograms. ML-KEM (NIST FIPS 203, formerly Kyber) is in early planning/evaluation phase for post-quantum migration.
Real 2025 Timeline (from EMVCo/VISA/Mastercard roadmaps):
- 2025: Research + hybrid prototypes (RSA/ECC + ML-KEM)
- 2026–2028: Pilot deployments + testing
- 2028–2032: Hybrid mandatory for new cards
- 2032+: Full PQC (remove RSA/ECC)
Why No Production Integration Yet:
- Billions of cards/terminals – migration cycle 10+ years
- Larger keys/signatures → terminal memory/performance issues
- Backward compatibility required
Why ML-KEM Is Being Considered for EMV
Quantum Threat to Current EMV:- RSA/ECC signatures (offline DDA/CDA) vulnerable to Shor’s algorithm (future CRQC ~2030+).
- Symmetric cryptograms (ARQC) safe (Grover only quadratic speedup – double key size fixes).
- Harvest-now-decrypt-later low impact (transaction data short-lived).
ML-KEM Advantages for EMV:
- Key encapsulation – replaces RSA/ECC key exchange in offline/online auth.
- Small keys/ciphertexts (ML-KEM-768: pk 1184 bytes, ct 1088 bytes vs ECC P-256 pk 65 bytes).
- Fast – comparable to ECC on modern chips.
- Quantum-resistant – based on MLWE problem.
Proposed Integration Path (From EMVCo C-8 Kernel + 2025 Bulletins)
EMVCo C-8 Kernel (Unified Contactless – 2025):- Supports ECC + AES now.
- Designed for PQC extensions (larger data blocks for ML-KEM signatures/ciphertexts).
- First approvals 2024–2025 (Ingenico DX8000).
Hybrid Approach (Most Likely 2026–2032):
- Offline DDA/CDA: ECC signature + ML-DSA (Dilithium) signature (dual).
- Key exchange: RSA/ECC + ML-KEM (hybrid KEM).
- Session cryptograms: AES (safe) + optional ML-KEM encapsulation.
Challenges & Solutions (2025 Research):
- Larger data: ML-KEM-768 ciphertext ~1088 bytes → C-8 kernel supports extended TLV.
- Performance: Slower on old terminals → hybrid + optimized implementations (NXP JCOP 5).
- Compatibility: Dual signatures → old terminals ignore PQC part.
NXP JCOP 5 (2025 Flagship):
- Supports ECC + AES now.
- Ready for ML-KEM/ML-DSA via firmware (2026 expected).
- Inductive coupling for wearables.
Visa/Mastercard Plans (2025 White Papers):
- Hybrid PQC – classical + ML-KEM/ML-DSA.
- Pilot 2026 – select issuers.
Bottom Line – December 2025
ML-KEM integration in EMV is in planning/research – no production cards yet. Hybrid RSA/ECC + ML-KEM/ML-DSA expected first (2026–2028). Full PQC likely 2030+.EMVCo C-8 kernel lays foundation – quantum threat real but not immediate.
For legitimate research: Use NIST test vectors + open implementations (liboqs, pq-crystals).
Stay safe – PQC migration is coming.
Your choice.
– Based on EMVCo C-8, NIST FIPS 203, NXP JCOP 5 docs (2025).