Exploring Side-Channel Protections in Hardware Implementations of PQC ML-KEM Verification

📅 2026-06-30
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This work presents the first systematic evaluation of side-channel security for three verification schemes—unprotected, first-order, and higher-order masking—in ML-KEM’s FrodoKEM (FO) implementation on both microcontrollers and FPGAs. The study demonstrates that the high-bandwidth parallel processing inherent to FPGA architectures introduces significant first-order leakage during the verification step, rendering even higher-order masking insufficient to prevent full key recovery via power and electromagnetic side-channel attacks. These findings reveal that current hardware countermeasures for post-quantum cryptography face substantial challenges when deployed on highly parallel platforms, highlighting a critical gap in the practical security of lattice-based key encapsulation mechanisms in real-world high-performance environments.
📝 Abstract
As ML-KEM is adopted as a post-quantum cryptographic standard, resilience against physical side-channel attacks has become essential. Among the constituent steps, the decapsulation Fujisaki-Okamoto (FO) verification is particularly vulnerable to side-channel power and electromagnetic (EM) analysis. In this work, we focus on common FPGA-based implementations and examine their side-channel vulnerabilities, and compare them with those of microcontroller implementations. Three verification implementations, unprotected, hash-based (first-order), and higher-order masked, are evaluated for side-channel security on both a microcontroller and an FPGA. While FPGAs offer higher speed and parallelism, they often exhibit stronger side-channel leakage, especially in high bandwidth configurations. The higher-order masked designs still leak information about the underlying data due to hardware-level effects and data-dependent processing. Our experiments show that their parallelized processing on FPGAs introduces sufficient first-order leakage for full secret-key recovery. These results underscore the persistent challenge of securing PQC algorithms in performance-constrained and parallelized hardware environments.
Problem

Research questions and friction points this paper is trying to address.

side-channel attacks
ML-KEM
Fujisaki-Okamoto verification
FPGA
post-quantum cryptography
Innovation

Methods, ideas, or system contributions that make the work stand out.

side-channel analysis
ML-KEM
FPGA
higher-order masking
post-quantum cryptography