This paper presents a portable implementation of the ML-KEM post-quantum key encapsulationmechanism standardized in FIPS 203. The implementation is written in ISO C11 with an emphasis onportability, explicit memory management, and architectural clarity across userspace and Linux kernel-oriented environments. A pool-based decapsulation architecture is introduced to reduce repeated allocation andreinitialization overhead during decapsulation operations. The design employs fixed-size preallocatedmemory slots for sensitive decapsulation data that allow repeated reuse of allocated memory regionsbetween operations after secure clearing of previous slot contents. Constant-time ciphertext validationlogic is also employed to support efficient and predictable decapsulation behavior. The implementation was evaluated using multiple testing methodologies, including NIST Known Answer Tests (KATs), stress testing, malformed ciphertext validation, AddressSanitizer (ASAN), ThreadSanitizer (TSAN), Valgrind-based memory analysis, and dudect-based timing leakage analysis under both GCC and Clang toolchains on x86-64 systems. The project is intended as a portable engineering-oriented ML-KEM implementation andexperimental platform for evaluating reusable decapsulation architectures, portability-oriented ISO C11design strategies, and practical constant-time testing workflows.
Kostiantyn Zavertailo (Tue,) studied this question.