diff --git a/README.md b/README.md
index 25595c7982..db67a31152 100644
--- a/README.md
+++ b/README.md
@@ -40,7 +40,7 @@ Details on each supported algorithm can be found in the [docs/algorithms](https:
 
 The list below indicates all algorithms currently supported by liboqs, including experimental algorithms and already excluding algorithm variants pruned during the NIST competition, such as Kyber-90s or Dilithium-AES.
 
-The only algorithms in `liboqs` that implement NIST standards drafts are the [`ML-KEM`](https://csrc.nist.gov/pubs/fips/203/ipd) and [`ML-DSA`](https://csrc.nist.gov/pubs/fips/204/ipd) variants with their respective different bit strengths. `liboqs` will retain these algorithm names selected by NIST throughout the finishing stages of the standardization process, so users can rely on their presence going forward. If NIST changes the implementation details of these algorithms, `liboqs` will adjust the implementation so that users are protected from such potential changes. For users interested in explicitly selecting the current "proposed draft standard" code, the variants with the suffix "-ipd" are made available. At this stage, "ml-kem-ipd" and "ml-kem" as well as "ml-dsa-ipd" and "ml-dsa" are functionally equivalent, denoted by the "alias" moniker below.
+The only algorithms in `liboqs` that implement NIST standards are the [`ML-KEM`](https://csrc.nist.gov/pubs/fips/203/final) (final standard) and [`ML-DSA`](https://csrc.nist.gov/pubs/fips/204/ipd) (initial public draft) variants with their respective different bit strengths. `liboqs` will retain these algorithm names selected by NIST throughout the finishing stages of the standardization process, so users can rely on their presence going forward. If NIST changes the implementation details of these algorithms, `liboqs` will adjust the implementation so that users are protected from such potential changes. For users interested in explicitly selecting the current "proposed draft standard" code, the variants with the suffix "-ipd" are made available. At this stage, "ml-dsa-ipd" and "ml-dsa" are functionally equivalent, denoted by the "alias" moniker below.
 
 Falcon and SPHINCS+ have also been [selected for standardization](https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022), but the `liboqs` implementations of these algorithms are currently tracking Round 3 submissions and not NIST standards drafts.
 
diff --git a/scripts/copy_from_upstream/patches/pqcrystals-ml_kem_ipd.patch b/scripts/copy_from_upstream/patches/pqcrystals-ml_kem_ipd.patch
deleted file mode 100644
index ba138bf3cd..0000000000
--- a/scripts/copy_from_upstream/patches/pqcrystals-ml_kem_ipd.patch
+++ /dev/null
@@ -1,448 +0,0 @@
-diff --git a/Kyber1024_META.yml b/ML-KEM-1024-ipd_META.yml
-index baa5ca3..ffafcf0 100644
---- a/Kyber1024_META.yml
-+++ b/ML-KEM-1024-ipd_META.yml
-@@ -1,4 +1,4 @@
--name: Kyber1024
-+name: ML-KEM-1024-ipd
- type: kem
- claimed-nist-level: 5
- claimed-security: IND-CCA2
-@@ -6,8 +6,8 @@ length-public-key: 1568
- length-ciphertext: 1568
- length-secret-key: 3168
- length-shared-secret: 32
--nistkat-sha256: 5afcf2a568ad32d49b55105b032af1850f03f3888ff9e2a72f4059c58e968f60
--testvectors-sha256: ff1a854b9b6761a70c65ccae85246fe0596a949e72eae0866a8a2a2d4ea54b10
-+nistkat-sha256: 03d6494b74c45d010e61b0328c1ab318c4df3b7f9dbd04d0e35b3468848584b7
-+testvectors-sha256: 85ab251d6e749e6b27507a8a6ec473ba2e8419c1aef87d0cd5ec9903c1bb92df
- principal-submitters:
-   - Peter Schwabe
- auxiliary-submitters:
-@@ -22,22 +22,20 @@ auxiliary-submitters:
-   - Damien Stehlé
- implementations:
-   - name: ref
--    version: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff
-+    version: https://github.com/pq-crystals/kyber/tree/standard
-     folder_name: ref
-     compile_opts: -DKYBER_K=4
--    signature_keypair: pqcrystals_kyber1024_ref_keypair
--    signature_enc: pqcrystals_kyber1024_ref_enc
--    signature_dec: pqcrystals_kyber1024_ref_dec
--    sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h fips202.h symmetric-shake.c
--    common_dep: common_ref
-+    signature_keypair: pqcrystals_ml_kem_1024_ipd_ref_keypair
-+    signature_enc: pqcrystals_ml_kem_1024_ipd_ref_enc
-+    signature_dec: pqcrystals_ml_kem_1024_ipd_ref_dec
-+    sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h symmetric-shake.c
-   - name: avx2
--    version: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff
-+    version: https://github.com/pq-crystals/kyber/tree/standard
-     compile_opts: -DKYBER_K=4
--    signature_keypair: pqcrystals_kyber1024_avx2_keypair
--    signature_enc: pqcrystals_kyber1024_avx2_enc
--    signature_dec: pqcrystals_kyber1024_avx2_dec
--    sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h fips202.h fips202x4.h symmetric-shake.c
--    common_dep: common_avx2 common_keccak4x_avx2
-+    signature_keypair: pqcrystals_ml_kem_1024_ipd_avx2_keypair
-+    signature_enc: pqcrystals_ml_kem_1024_ipd_avx2_enc
-+    signature_dec: pqcrystals_ml_kem_1024_ipd_avx2_dec
-+    sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h symmetric-shake.c
-     supported_platforms:
-       - architecture: x86_64
-         operating_systems:
-diff --git a/Kyber512_META.yml b/ML-KEM-512-ipd_META.yml
-index b251701..d20f0b1 100644
---- a/Kyber512_META.yml
-+++ b/ML-KEM-512-ipd_META.yml
-@@ -1,4 +1,4 @@
--name: Kyber512
-+name: ML-KEM-512-ipd
- type: kem
- claimed-nist-level: 1
- claimed-security: IND-CCA2
-@@ -6,8 +6,8 @@ length-public-key: 800
- length-ciphertext: 768
- length-secret-key: 1632
- length-shared-secret: 32
--nistkat-sha256: bb0481d3325d828817900b709d23917cefbc10026fc857f098979451f67bb0ca
--testvectors-sha256: 6730bb552c22d9d2176ffb5568e48eb30952cf1f065073ec5f9724f6a3c6ea85
-+nistkat-sha256: 76aae1fa3f8367522700b22da635a5bc4ced4298edb0eb9947aa3ba60d62676f
-+testvectors-sha256: e1ac6fb45e2511f4170a3527c0c50dcd61336f47113df7a299a61ef8394bd669
- principal-submitters:
-   - Peter Schwabe
- auxiliary-submitters:
-@@ -22,22 +22,20 @@ auxiliary-submitters:
-   - Damien Stehlé
- implementations:
-   - name: ref
--    version: https://github.com/pq-crystals/kyber/commit/74cad307858b61e434490c75f812cb9b9ef7279b
-+    version: https://github.com/pq-crystals/kyber/tree/standard
-     folder_name: ref
-     compile_opts: -DKYBER_K=2 
--    signature_keypair: pqcrystals_kyber512_ref_keypair
--    signature_enc: pqcrystals_kyber512_ref_enc
--    signature_dec: pqcrystals_kyber512_ref_dec
--    sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h fips202.h symmetric-shake.c
--    common_dep: common_ref
-+    signature_keypair: pqcrystals_ml_kem_512_ipd_ref_keypair
-+    signature_enc: pqcrystals_ml_kem_512_ipd_ref_enc
-+    signature_dec: pqcrystals_ml_kem_512_ipd_ref_dec
-+    sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h symmetric-shake.c
-   - name: avx2
--    version: https://github.com/pq-crystals/kyber/commit/36414d64fc1890ed58d1ca8b1e0cab23635d1ac2
-+    version: https://github.com/pq-crystals/kyber/tree/standard
-     compile_opts: -DKYBER_K=2 
--    signature_keypair: pqcrystals_kyber512_avx2_keypair
--    signature_enc: pqcrystals_kyber512_avx2_enc
--    signature_dec: pqcrystals_kyber512_avx2_dec
--    sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h fips202.h fips202x4.h symmetric-shake.c
--    common_dep: common_avx2 common_keccak4x_avx2
-+    signature_keypair: pqcrystals_ml_kem_512_ipd_avx2_keypair
-+    signature_enc: pqcrystals_ml_kem_512_ipd_avx2_enc
-+    signature_dec: pqcrystals_ml_kem_512_ipd_avx2_dec
-+    sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h symmetric-shake.c
-     supported_platforms:
-       - architecture: x86_64
-         operating_systems:
-diff --git a/Kyber768_META.yml b/ML-KEM-768-ipd_META.yml
-index 7a0cc3d..e768cd5 100644
---- a/Kyber768_META.yml
-+++ b/ML-KEM-768-ipd_META.yml
-@@ -1,4 +1,4 @@
--name: Kyber768
-+name: ML-KEM-768-ipd
- type: kem
- claimed-nist-level: 3
- claimed-security: IND-CCA2
-@@ -6,8 +6,8 @@ length-public-key: 1184
- length-ciphertext: 1088
- length-secret-key: 2400
- length-shared-secret: 32
--nistkat-sha256: 89e82a5bf2d4ddb2c6444e10409e6d9ca65dafbca67d1a0db2c9b54920a29172
--testvectors-sha256: 667c8ca2ca93729c0df6ff24588460bad1bbdbfb64ece0fe8563852a7ff348c6
-+nistkat-sha256: c7e76b4b30c786b5b70c152a446e7832c1cb42b3816ec048dbeaf7041211b310
-+testvectors-sha256: 2586721a714c439f6fef26e29ee1c4c67c6207186f810617f278e6ce3e67ea0d
- principal-submitters:
-   - Peter Schwabe
- auxiliary-submitters:
-@@ -22,22 +22,20 @@ auxiliary-submitters:
-   - Damien Stehlé
- implementations:
-   - name: ref
--    version: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff
-+    version: https://github.com/pq-crystals/kyber/tree/standard
-     folder_name: ref
-     compile_opts: -DKYBER_K=3
--    signature_keypair: pqcrystals_kyber768_ref_keypair
--    signature_enc: pqcrystals_kyber768_ref_enc
--    signature_dec: pqcrystals_kyber768_ref_dec
--    sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h fips202.h symmetric-shake.c
--    common_dep: common_ref
-+    signature_keypair: pqcrystals_ml_kem_768_ipd_ref_keypair
-+    signature_enc: pqcrystals_ml_kem_768_ipd_ref_enc
-+    signature_dec: pqcrystals_ml_kem_768_ipd_ref_dec
-+    sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c reduce.c ntt.c cbd.c verify.c kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h ntt.h cbd.h verify.h symmetric.h symmetric-shake.c
-   - name: avx2
--    version: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff
-+    version: https://github.com/pq-crystals/kyber/tree/standard
-     compile_opts: -DKYBER_K=3
--    signature_keypair: pqcrystals_kyber768_avx2_keypair
--    signature_enc: pqcrystals_kyber768_avx2_enc
--    signature_dec: pqcrystals_kyber768_avx2_dec
--    sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h fips202.h fips202x4.h symmetric-shake.c
--    common_dep: common_avx2 common_keccak4x_avx2
-+    signature_keypair: pqcrystals_ml_kem_768_ipd_avx2_keypair
-+    signature_enc: pqcrystals_ml_kem_768_ipd_avx2_enc
-+    signature_dec: pqcrystals_ml_kem_768_ipd_avx2_dec
-+    sources: ../LICENSE kem.c indcpa.c polyvec.c poly.c fq.S shuffle.S ntt.S invntt.S basemul.S consts.c rejsample.c cbd.c verify.c align.h kem.h params.h api.h indcpa.h polyvec.h poly.h reduce.h fq.inc shuffle.inc ntt.h consts.h rejsample.h cbd.h verify.h symmetric.h symmetric-shake.c
-     supported_platforms:
-       - architecture: x86_64
-         operating_systems:
-diff --git a/avx2/indcpa.c b/avx2/indcpa.c
-index 4f3b782..572ce49 100644
---- a/avx2/indcpa.c
-+++ b/avx2/indcpa.c
-@@ -175,7 +175,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
-   unsigned int ctr0, ctr1, ctr2, ctr3;
-   ALIGNED_UINT8(REJ_UNIFORM_AVX_NBLOCKS*SHAKE128_RATE) buf[4];
-   __m256i f;
--  keccakx4_state state;
-+  shake128x4incctx state;
- 
-   f = _mm256_loadu_si256((__m256i *)seed);
-   _mm256_store_si256(buf[0].vec, f);
-@@ -204,6 +204,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
-     buf[3].coeffs[33] = 1;
-   }
- 
-+  shake128x4_inc_init(&state);
-   shake128x4_absorb_once(&state, buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, 34);
-   shake128x4_squeezeblocks(buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, REJ_UNIFORM_AVX_NBLOCKS, &state);
- 
-@@ -225,6 +226,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
-   poly_nttunpack(&a[0].vec[1]);
-   poly_nttunpack(&a[1].vec[0]);
-   poly_nttunpack(&a[1].vec[1]);
-+  shake128x4_inc_ctx_release(&state);
- }
- #elif KYBER_K == 3
- void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
-@@ -232,8 +234,8 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
-   unsigned int ctr0, ctr1, ctr2, ctr3;
-   ALIGNED_UINT8(REJ_UNIFORM_AVX_NBLOCKS*SHAKE128_RATE) buf[4];
-   __m256i f;
--  keccakx4_state state;
--  keccak_state state1x;
-+  shake128x4incctx state;
-+  shake128incctx state1x;
- 
-   f = _mm256_loadu_si256((__m256i *)seed);
-   _mm256_store_si256(buf[0].vec, f);
-@@ -262,6 +264,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
-     buf[3].coeffs[33] = 1;
-   }
- 
-+  shake128x4_inc_init(&state);
-   shake128x4_absorb_once(&state, buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, 34);
-   shake128x4_squeezeblocks(buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, REJ_UNIFORM_AVX_NBLOCKS, &state);
- 
-@@ -327,6 +330,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
-     ctr2 += rej_uniform(a[2].vec[0].coeffs + ctr2, KYBER_N - ctr2, buf[2].coeffs, SHAKE128_RATE);
-     ctr3 += rej_uniform(a[2].vec[1].coeffs + ctr3, KYBER_N - ctr3, buf[3].coeffs, SHAKE128_RATE);
-   }
-+  shake128x4_inc_ctx_release(&state);
- 
-   poly_nttunpack(&a[1].vec[1]);
-   poly_nttunpack(&a[1].vec[2]);
-@@ -337,6 +341,8 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
-   _mm256_store_si256(buf[0].vec, f);
-   buf[0].coeffs[32] = 2;
-   buf[0].coeffs[33] = 2;
-+
-+  shake128_inc_init(&state1x);
-   shake128_absorb_once(&state1x, buf[0].coeffs, 34);
-   shake128_squeezeblocks(buf[0].coeffs, REJ_UNIFORM_AVX_NBLOCKS, &state1x);
-   ctr0 = rej_uniform_avx(a[2].vec[2].coeffs, buf[0].coeffs);
-@@ -344,6 +350,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
-     shake128_squeezeblocks(buf[0].coeffs, 1, &state1x);
-     ctr0 += rej_uniform(a[2].vec[2].coeffs + ctr0, KYBER_N - ctr0, buf[0].coeffs, SHAKE128_RATE);
-   }
-+  shake128_inc_ctx_release(&state1x);
- 
-   poly_nttunpack(&a[2].vec[2]);
- }
-@@ -353,7 +360,8 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
-   unsigned int i, ctr0, ctr1, ctr2, ctr3;
-   ALIGNED_UINT8(REJ_UNIFORM_AVX_NBLOCKS*SHAKE128_RATE) buf[4];
-   __m256i f;
--  keccakx4_state state;
-+  shake128x4incctx state;
-+  shake128x4_inc_init(&state);
- 
-   for(i=0;i<4;i++) {
-     f = _mm256_loadu_si256((__m256i *)seed);
-@@ -405,6 +413,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[32], int transposed)
-     poly_nttunpack(&a[i].vec[2]);
-     poly_nttunpack(&a[i].vec[3]);
-   }
-+  shake128x4_inc_ctx_release(&state);
- }
- #endif
- 
-diff --git a/avx2/params.h b/avx2/params.h
-index bc70ebf..fdc688e 100644
---- a/avx2/params.h
-+++ b/avx2/params.h
-@@ -12,19 +12,19 @@
- #ifdef KYBER_90S
- #define KYBER_NAMESPACE(s) pqcrystals_kyber512_90s_avx2_##s
- #else
--#define KYBER_NAMESPACE(s) pqcrystals_kyber512_avx2_##s
-+#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_512_ipd_avx2_##s
- #endif
- #elif (KYBER_K == 3)
- #ifdef KYBER_90S
- #define KYBER_NAMESPACE(s) pqcrystals_kyber768_90s_avx2_##s
- #else
--#define KYBER_NAMESPACE(s) pqcrystals_kyber768_avx2_##s
-+#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_768_ipd_avx2_##s
- #endif
- #elif (KYBER_K == 4)
- #ifdef KYBER_90S
- #define KYBER_NAMESPACE(s) pqcrystals_kyber1024_90s_avx2_##s
- #else
--#define KYBER_NAMESPACE(s) pqcrystals_kyber1024_avx2_##s
-+#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_1024_ipd_avx2_##s
- #endif
- #else
- #error "KYBER_K must be in {2,3,4}"
-diff --git a/avx2/poly.c b/avx2/poly.c
-index ab148a2..96bad86 100644
---- a/avx2/poly.c
-+++ b/avx2/poly.c
-@@ -2,6 +2,7 @@
- #include <immintrin.h>
- #include <string.h>
- #include "align.h"
-+#include "fips202x4.h"
- #include "params.h"
- #include "poly.h"
- #include "ntt.h"
-@@ -412,7 +413,7 @@ void poly_getnoise_eta1_4x(poly *r0,
- {
-   ALIGNED_UINT8(NOISE_NBLOCKS*SHAKE256_RATE) buf[4];
-   __m256i f;
--  keccakx4_state state;
-+  shake256x4incctx state;
- 
-   f = _mm256_loadu_si256((__m256i *)seed);
-   _mm256_store_si256(buf[0].vec, f);
-@@ -425,8 +426,10 @@ void poly_getnoise_eta1_4x(poly *r0,
-   buf[2].coeffs[32] = nonce2;
-   buf[3].coeffs[32] = nonce3;
- 
-+  shake256x4_inc_init(&state);
-   shake256x4_absorb_once(&state, buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, 33);
-   shake256x4_squeezeblocks(buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, NOISE_NBLOCKS, &state);
-+  shake256x4_inc_ctx_release(&state);
- 
-   poly_cbd_eta1(r0, buf[0].vec);
-   poly_cbd_eta1(r1, buf[1].vec);
-@@ -447,7 +450,7 @@ void poly_getnoise_eta1122_4x(poly *r0,
- {
-   ALIGNED_UINT8(NOISE_NBLOCKS*SHAKE256_RATE) buf[4];
-   __m256i f;
--  keccakx4_state state;
-+  shake256x4incctx state;
- 
-   f = _mm256_loadu_si256((__m256i *)seed);
-   _mm256_store_si256(buf[0].vec, f);
-@@ -460,8 +463,10 @@ void poly_getnoise_eta1122_4x(poly *r0,
-   buf[2].coeffs[32] = nonce2;
-   buf[3].coeffs[32] = nonce3;
- 
-+  shake256x4_inc_init(&state);
-   shake256x4_absorb_once(&state, buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, 33);
-   shake256x4_squeezeblocks(buf[0].coeffs, buf[1].coeffs, buf[2].coeffs, buf[3].coeffs, NOISE_NBLOCKS, &state);
-+  shake256x4_inc_ctx_release(&state);
- 
-   poly_cbd_eta1(r0, buf[0].vec);
-   poly_cbd_eta1(r1, buf[1].vec);
-diff --git a/avx2/symmetric.h b/avx2/symmetric.h
-index 627b891..e4941f7 100644
---- a/avx2/symmetric.h
-+++ b/avx2/symmetric.h
-@@ -8,10 +8,10 @@
- #include "fips202.h"
- #include "fips202x4.h"
- 
--typedef keccak_state xof_state;
-+typedef shake128incctx xof_state;
- 
- #define kyber_shake128_absorb KYBER_NAMESPACE(kyber_shake128_absorb)
--void kyber_shake128_absorb(keccak_state *s,
-+void kyber_shake128_absorb(shake128incctx *s,
-                            const uint8_t seed[KYBER_SYMBYTES],
-                            uint8_t x,
-                            uint8_t y);
-diff --git a/ref/indcpa.c b/ref/indcpa.c
-index 5d74518..4a8b4c8 100644
---- a/ref/indcpa.c
-+++ b/ref/indcpa.c
-@@ -164,6 +164,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed)
-   unsigned int buflen, off;
-   uint8_t buf[GEN_MATRIX_NBLOCKS*XOF_BLOCKBYTES+2];
-   xof_state state;
-+  xof_init(&state, seed);
- 
-   for(i=0;i<KYBER_K;i++) {
-     for(j=0;j<KYBER_K;j++) {
-@@ -186,6 +187,7 @@ void gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed)
-       }
-     }
-   }
-+  xof_release(&state);
- }
- 
- /*************************************************
-diff --git a/ref/params.h b/ref/params.h
-index 0802c74..36b2b98 100644
---- a/ref/params.h
-+++ b/ref/params.h
-@@ -8,11 +8,11 @@
- 
- /* Don't change parameters below this line */
- #if   (KYBER_K == 2)
--#define KYBER_NAMESPACE(s) pqcrystals_kyber512_ref_##s
-+#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_512_ipd_ref_##s
- #elif (KYBER_K == 3)
--#define KYBER_NAMESPACE(s) pqcrystals_kyber768_ref_##s
-+#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_768_ipd_ref_##s
- #elif (KYBER_K == 4)
--#define KYBER_NAMESPACE(s) pqcrystals_kyber1024_ref_##s
-+#define KYBER_NAMESPACE(s) pqcrystals_ml_kem_1024_ipd_ref_##s
- #else
- #error "KYBER_K must be in {2,3,4}"
- #endif
-diff --git a/ref/symmetric-shake.c b/ref/symmetric-shake.c
-index 6a99071..20f4518 100644
---- a/ref/symmetric-shake.c
-+++ b/ref/symmetric-shake.c
-@@ -15,7 +15,7 @@
- *              - uint8_t i: additional byte of input
- *              - uint8_t j: additional byte of input
- **************************************************/
--void kyber_shake128_absorb(keccak_state *state,
-+void kyber_shake128_absorb(shake128incctx *state,
-                            const uint8_t seed[KYBER_SYMBYTES],
-                            uint8_t x,
-                            uint8_t y)
-@@ -63,11 +63,12 @@ void kyber_shake256_prf(uint8_t *out, size_t outlen, const uint8_t key[KYBER_SYM
- **************************************************/
- void kyber_shake256_rkprf(uint8_t out[KYBER_SSBYTES], const uint8_t key[KYBER_SYMBYTES], const uint8_t input[KYBER_CIPHERTEXTBYTES])
- {
--  keccak_state s;
-+  shake256incctx s;
- 
--  shake256_init(&s);
--  shake256_absorb(&s, key, KYBER_SYMBYTES);
--  shake256_absorb(&s, input, KYBER_CIPHERTEXTBYTES);
--  shake256_finalize(&s);
--  shake256_squeeze(out, KYBER_SSBYTES, &s);
-+  shake256_inc_init(&s);
-+  shake256_inc_absorb(&s, key, KYBER_SYMBYTES);
-+  shake256_inc_absorb(&s, input, KYBER_CIPHERTEXTBYTES);
-+  shake256_inc_finalize(&s);
-+  shake256_inc_squeeze(out, KYBER_SSBYTES, &s);
-+  shake256_inc_ctx_release(&s);
- }
-diff --git a/ref/symmetric.h b/ref/symmetric.h
-index 58e6ece..2acc66f 100644
---- a/ref/symmetric.h
-+++ b/ref/symmetric.h
-@@ -7,10 +7,10 @@
- 
- #include "fips202.h"
- 
--typedef keccak_state xof_state;
-+typedef shake128incctx xof_state;
- 
- #define kyber_shake128_absorb KYBER_NAMESPACE(kyber_shake128_absorb)
--void kyber_shake128_absorb(keccak_state *s,
-+void kyber_shake128_absorb(shake128incctx *s,
-                            const uint8_t seed[KYBER_SYMBYTES],
-                            uint8_t x,
-                            uint8_t y);
-@@ -25,8 +25,10 @@ void kyber_shake256_rkprf(uint8_t out[KYBER_SSBYTES], const uint8_t key[KYBER_SY
- 
- #define hash_h(OUT, IN, INBYTES) sha3_256(OUT, IN, INBYTES)
- #define hash_g(OUT, IN, INBYTES) sha3_512(OUT, IN, INBYTES)
-+#define xof_init(STATE, SEED) shake128_inc_init(STATE)
- #define xof_absorb(STATE, SEED, X, Y) kyber_shake128_absorb(STATE, SEED, X, Y)
- #define xof_squeezeblocks(OUT, OUTBLOCKS, STATE) shake128_squeezeblocks(OUT, OUTBLOCKS, STATE)
-+#define xof_release(STATE) shake128_inc_ctx_release(STATE)
- #define prf(OUT, OUTBYTES, KEY, NONCE) kyber_shake256_prf(OUT, OUTBYTES, KEY, NONCE)
- #define rkprf(OUT, KEY, INPUT) kyber_shake256_rkprf(OUT, KEY, INPUT)
- 
diff --git a/tests/constant_time/kem/issues.json b/tests/constant_time/kem/issues.json
index 4431f4746f..8b28f3e443 100644
--- a/tests/constant_time/kem/issues.json
+++ b/tests/constant_time/kem/issues.json
@@ -24,9 +24,6 @@
   "Kyber1024": [],
   "Kyber512": [],
   "Kyber768": [],
-  "ML-KEM-512-ipd": [],
-  "ML-KEM-768-ipd": [],
-  "ML-KEM-1024-ipd": [],
   "ML-KEM-512": [],
   "ML-KEM-768": [],
   "ML-KEM-1024": [],
diff --git a/tests/constant_time/kem/passes.json b/tests/constant_time/kem/passes.json
index 64f56c8ead..7d20bc3876 100644
--- a/tests/constant_time/kem/passes.json
+++ b/tests/constant_time/kem/passes.json
@@ -24,9 +24,6 @@
   "Kyber1024": ["kyber"],
   "Kyber512": ["kyber"],
   "Kyber768": ["kyber"],
-  "ML-KEM-512-ipd": ["ml_kem"],
-  "ML-KEM-768-ipd": ["ml_kem"],
-  "ML-KEM-1024-ipd": ["ml_kem"],
   "ML-KEM-512": ["ml_kem"],
   "ML-KEM-768": ["ml_kem"],
   "ML-KEM-1024": ["ml_kem"],