PQShield Webinar Details ML-KEM Attacks and Protection Steps

ML-KEM, the first key encapsulation mechanism selected by NIST, is demonstrably vulnerable to a Concrete Passive Analysis attack when implemented with NTT-based multiplication, revealing weaknesses in a widely adopted post-quantum standard. Researchers discovered this vulnerability not through analysis of physical hardware, but by successfully extracting secrets from simulated traces, highlighting the potential for pre-deployment code analysis to expose critical flaws. Rafael Carrera Rodriguez and Dr. Adrian Thilliard will present these findings in an upcoming webinar, detailing how a CPA attack targets ML-KEM’s NTT multiplication. PQShield emphasizes that securing data against future quantum decryption is a critical, near-term imperative for every organization, as this need becomes increasingly urgent.

Physical Attacks Targeting Post-Quantum Cryptographic Schemes

The initial promise of post-quantum cryptography faces a stark reality: theoretical resilience does not guarantee practical security. Recent analysis demonstrates that even simulated attacks, not requiring physical hardware, can compromise implementations of key encapsulation mechanisms like ML-KEM, formerly known as CRYSTALS-Kyber, the first scheme selected by the National Institute of Standards and Technology. A Concrete Passive Analysis (CPA) attack targeting ML-KEM’s NTT-based multiplication revealed secrets using only simulated traces, indicating vulnerabilities exist within the code itself before deployment. This highlights a critical gap in current security assessments, as pre-deployment code analysis can expose weaknesses previously thought to be protected by algorithmic complexity. Rafael Carrera Rodriguez, a Hardware Security Analyst at eShard, and Dr. Adrian Thilliard, Principal Security Analyst, are detailing these findings and emphasizing the need to proactively address physical attack vectors.

Dr. Thilliard brings over twelve years of experience in hardware security, including work with Ledger’s Donjon team and the French National Security Agency, which lends significant weight to the presented vulnerabilities. Initial steps toward protection involve shielding NTT operations from side-channel leakage, but the researchers stress that robust security requires a combined approach; hardening and validation must proceed in tandem when deploying post-quantum cryptography in real-world devices to ensure comprehensive protection against evolving threats.

This finding suggests current security evaluations may not adequately address these risks prior to hardware construction. The researchers’ work explores side-channel and fault injection attacks, and their central question is how cryptographic algorithms and their implementations can be targeted by physical attacks.