Breaking Ground in Post-Quantum Cryptography Real World Implementation Security Research

January 16, 2025 -- Dr. Reza Azarderakhsh from Florida Atlantic University (FAU) and his graduate students at the Cryptographic Engineering Lab, in collaboration with researchers from PQSecure, have successfully demonstrated a groundbreaking Correlation Power Analysis (CPA) side-channel attack on an industry-grade hardware implementation of the ML-DSA digital signature algorithm within the Caliptra Silicon Root of Trust framework. This marks a significant milestone in exposing vulnerabilities in advanced post-quantum cryptographic (PQC) systems.

The research, published on the Cryptology ePrint Archive (2025/009), represents the first documented side-channel attack on a PQC root of trust implementation designed by a coalition of leading tech giants, including Google, AMD, and Microsoft. The attack targeted the modular reduction process of the ML-DSA algorithm, exploiting side-channel leakage in Adam’s Bridge—an advanced component in the post-quantum cryptographic design.

This achievement not only highlights the vulnerabilities in even the most advanced PQC hardware systems but also underscores the critical importance of robust side-channel protections in post-quantum security frameworks.

As a leader in post-quantum cryptographic engineering, PQSecure continues to push the boundaries of research, working closely with academic and industrial partners to ensure the security of next-generation cryptographic solutions. This work reinforces PQSecure’s commitment to advancing the field of cryptographic security and protecting critical infrastructures in the quantum computing era.

For more information, read the full paper: Efficient CPA Attack on Hardware Implementation of ML-DSA in Post-Quantum Root of Trust.