Testing Post-Quantum Cryptography Implementation Security
OPTIMIST (Open Tools, Interfaces, and Metrics for Implementation Security Testing) is an open-source initiative to improve standardization and interoperability in security testing for cryptographic implementations. As PQC schemes move toward real-world deployment, ensuring their resilience against implementation attacks is critical. This session will bring together researchers, industry professionals, and government stakeholders to discuss challenges, methodologies, and best practices for securing PQC implementations.
Talks
Markku-Juhani O. Saarinen, Professor of Practice, Tampere University — How to do Dilithium TVLA (with Adams Bridge examples) [Slides]
Abstract
TVLA leakage assessments are often used in academia and industry to demonstrate the effectiveness of PQC side-channel countermeasures. TVLA is discussed in the ISO/IEC 17825:2024 standard and may eventually be part of FIPS 140 testing procedures. However, applying TVLA to PQC algorithms such as ML-KEM and ML-DSA is not as straightforward as one might think; for example, test designer must understand which of the numerous key and internal variables are sensitive -- and which are not. We use the Adams Bridge accelerator as an example case. Adams Bridge is the ML-DSA (Dilithium) accelerator component of the Caliptra 2.0 Root of Trust unit. Caliptra is an open-source Root-of-Trust project jointly developed by AMD, Google, Microsoft, NVIDIA, and other partners. This is a "preview" of parts of my hardware.io 2025 talk (at the end of May), "Why 'Adams Bridge' Leaks: Attacking a PQC Root-of-Trust."
Sujoy Sinha Roy, Associate Professor, TU Graz — Hardware Challenges in PQC [Slides]
Abstract
I will give an overview of the challenges hardware designers typically face while implementing PQC algorithms. I will briefly touch on reproducibility/portability issues for PQC hardware designs.
Panasayya Yalla, Principal Security Analyst, Riscure Security Solutions / Keysight Technologies — TVLA on NTT transformations [Slides]
Abstract
I will provide a high-level overview of our efforts in generating test vectors to assess side-channel leakage in NTT transformations, with a particular focus on butterfly NTT transformations within the ML-DSA PQC algorithm.
Working Group Meetings
- 10 April, 3PM GMT (11AM EDT) - Working Group Meeting 1
- 24 April, 3PM GMT (11AM EDT) - Working Group Meeting 2
- 8 May, 3PM GMT (11AM EDT) - Working Group Meeting 3