Summary
| Property | VORTEX-256 | ML-KEM-512 | ML-KEM-768 |
|---|---|---|---|
| Hardness assumption | RotMLWE | MLWE | MLWE |
| Standardised | ❌ Research | ✅ FIPS 203 | ✅ FIPS 203 |
| Public key | 800 B | 800 B | 1 184 B |
| Private key | 1 248 B | 1 632 B | 2 400 B |
| Ciphertext | 768 B | 768 B | 1 088 B |
| Shared secret | 32 B | 32 B | 32 B |
| Keygen XOF calls | 1 | 4 | 9 |
| Secret type | Scalar | Vector (k=2) | Vector (k=3) |
| Est. quantum security | ~128-bit | ~128-bit | ~192-bit |
VORTEX-256 vs ML-KEM-512 (Kyber-512)
What's the same
- Ring:
ℤ₃₃₂₉[x]/(x²⁵⁶+1) - Public key and ciphertext wire sizes
- FO transform for CCA security
- SHA-3 / SHAKE hash functions
- CBD noise sampling
- Implicit rejection on bad ciphertexts
What's different
| Dimension | ML-KEM-512 | VORTEX-256 | Winner |
|---|---|---|---|
| Maturity / audit history | Extensive (NIST, academia) | Research preview | ML-KEM |
| Novelty / research value | Standard | New assumption | VORTEX |
| Key expansion cost | 4 XOF calls | 1 XOF + permutations | VORTEX |
| Private key size | 1 632 B | 1 248 B | VORTEX |
| Production readiness | ✅ | ❌ (needs review) | ML-KEM |
| Wire compatibility | — | Same pk/ct sizes | Tie |
When to choose which
| Scenario | Recommendation |
|---|---|
| Government / regulated / FIPS-required | ML-KEM (FIPS 203) via Kyber-PQC |
| Production TLS, VPN, messaging | ML-KEM until VORTEX receives independent audit |
| Research on lattice assumptions | VORTEX-256 — novel RotMLWE structure |
| Education / benchmarking | Either — VORTEX shows alternative construction at same sizes |
| Exploring Frobenius-based key compression | VORTEX-256 |
| Need 192-bit quantum security | ML-KEM-768 or ML-KEM-1024 |
Comparison with other PQC families
| Family | Examples | Assumption | vs VORTEX |
|---|---|---|---|
| Lattice (module) | ML-KEM, Saber | MLWE / MLWR | Closest competitor; VORTEX uses RotMLWE variant |
| Lattice (NTRU) | NTRU, HPS | NTRU / SVP | Different structure; VORTEX has smaller sk |
| Code-based | Classic McEliece | Decoding random codes | Much larger keys (100+ KB); mature but bulky |
| Hash-based | SPHINCS+ | Hash function security | Signatures, not KEM; different use case |
| Isogeny | SIKE (broken) | Supersingular isogeny | Not recommended — broken 2022 |
Migration notes
From ML-KEM / Kyber to VORTEX
VORTEX-256 has the same public key and ciphertext sizes as Kyber-512, but different byte layouts and algorithms. You cannot interchange keys or ciphertexts between the two.
Migration requires:
1. Replace crypto library (kyber-pqc → vortex-pqc)
2. Re-generate all key pairs
3. Update PEM labels (KYBER512 → VORTEX256)
4. Re-validate your protocol security with the new assumptionCoexistence
Both libraries can coexist in the same organisation for different purposes:
| Library | Repo | Use |
|---|---|---|
kyber-pqc | krish567366/Kyber-PQC | Production ML-KEM-512 |
vortex-pqc | bajpai-labs/vortex-pqc | Research RotMLWE |