Testing Post-Quantum Cryptography Implementation Security
This document consolidates community-driven insights and recommendations for implementation security testing of post-quantum cryptography, detailing essential terminology, open-source tools, hardware/software implementations, and strategies for creating reproducible side-channel datasets tailored to the unique challenges of PQC algorithms.
Latest version: Testing Post-Quantum Cryptography Implementation Security v0.5 (6/4/2025)
BibTex
@misc{pqc-optimist2025,
author = {Aydin Aysu and Daniel Dinu and Kris Gaj and Fatemeh Ganji and Mona Hashemi and Renita J and Dev Mehta and Markku-Juhani O. Saarinen and Patrick Schaumont and Caner Tol},
title = {Open Tools, Interfaces and Metrics for Implementation Security Testing: Testing Post-Quantum Cryptography Implementation Security},
year = {2025},
month = {June},
day = {4},
version = {0.5},
note = {Working Document},
url = {https://optimist-ose.org/assets/files/pqc05-06308116ce3dcd2d2edd34255985f303.pdf},
institution = {Optimist OSE},
howpublished = {Online},
}
Opening Talks
Markku-Juhani O. Saarinen, Professor of Practice, Tampere University — How to do Dilithium TVLA (with Adams Bridge examples) [Slides]
Abstract
TVLA leakage assessments are often used in academia and industry to demonstrate the effectiveness of PQC side-channel countermeasures. TVLA is discussed in the ISO/IEC 17825:2024 standard and may eventually be part of FIPS 140 testing procedures. However, applying TVLA to PQC algorithms such as ML-KEM and ML-DSA is not as straightforward as one might think; for example, test designer must understand which of the numerous key and internal variables are sensitive -- and which are not. We use the Adams Bridge accelerator as an example case. Adams Bridge is the ML-DSA (Dilithium) accelerator component of the Caliptra 2.0 Root of Trust unit. Caliptra is an open-source Root-of-Trust project jointly developed by AMD, Google, Microsoft, NVIDIA, and other partners. This is a "preview" of parts of my hardware.io 2025 talk (at the end of May), "Why 'Adams Bridge' Leaks: Attacking a PQC Root-of-Trust."
Sujoy Sinha Roy, Associate Professor, TU Graz — Hardware Challenges in PQC [Slides]
Abstract
I will give an overview of the challenges hardware designers typically face while implementing PQC algorithms. I will briefly touch on reproducibility/portability issues for PQC hardware designs.
Panasayya Yalla, Principal Security Analyst, Riscure Security Solutions / Keysight Technologies — TVLA on NTT transformations [Slides]
Abstract
I will provide a high-level overview of our efforts in generating test vectors to assess side-channel leakage in NTT transformations, with a particular focus on butterfly NTT transformations within the ML-DSA PQC algorithm.
References
- The MITRE Corporation, Post-Quantum Cryptography (PQC) Migration Roadmap, 2025 [Online] https://pqcc.org/wp-content/uploads/2025/05/PQC-Migration-Roadmap-PQCC-2.pdf
Working Group Meetings
- April 10, 2025, 3PM GMT (11AM EDT) - Working Group Meeting 1
- April 24, 2025, 3PM GMT (11AM EDT) - Working Group Meeting 2
- May 8, 2025, 3PM GMT (11AM EDT) - Working Group Meeting 3