A Portable ML-KEM Implementation in ISO C11 with Reusable Decapsulation Pools

This paper presents a portable implementation of the ML-KEM post-quantum key encapsulation
mechanism standardized in FIPS 203. The implementation is written in ISO C11 with an emphasis on
portability, explicit memory management, and architectural clarity across userspace and Linux kernel-
oriented environments.

A pool-based decapsulation architecture is introduced to reduce repeated allocation and
reinitialization overhead during decapsulation operations. The design employs fixed-size preallocated
memory slots for sensitive decapsulation data that allow repeated reuse of allocated memory regions
between operations after secure clearing of previous slot contents. Constant-time ciphertext validation
logic is also employed to support efficient and predictable decapsulation behavior.

The implementation was evaluated using multiple testing methodologies, including NIST Known Answer Tests (KATs), stress testing, malformed ciphertext validation, AddressSanitizer (ASAN), ThreadSanitizer (TSAN), Valgrind-based memory analysis, and dudect-based timing leakage analysis under both GCC and Clang toolchains on x86-64 systems.

The project is intended as a portable engineering-oriented ML-KEM implementation and
experimental platform for evaluating reusable decapsulation architectures, portability-oriented ISO C11
design strategies, and practical constant-time testing workflows.