Presenter Information

Dr. Reza Azarderakhsh is a professor at Florida Atlantic University and the CEO of PQSecure. He earned his Ph.D. in electrical and computer engineering from Western University in Canada. Dr. Azarderakhsh is internationally recognized for his ground- breaking contributions to applied cryptographic engineering, with a particular focus on post-quantum cryptography, secure protocol development, and hardware security. He has authored over 140 peer-reviewed publications in prestigious journals and conferences, earning several best paper awards for his innovative research. His work has advanced the field of cryptography, addressing challenges in implementing secure and efficient cryp- tographic systems. Dr. Azarderakhsh also serves as an Associate Editor for the IEEE Transactions on Circuits and Systems - Cryptography Track, where he plays a vital role in shaping the discourse and direction of cutting-edge research in cryptographic systems.

Merve Karabulut is a Ph.D. student in Computer Engineering at Florida Atlantic University, specializing in embedded systems, post-quantum cryptography (PQC), and hardware security. Her research focuses on advancing cryptographic engineering and an- alyzing side-channel vulnerabilities in PQC designs. Merve has hands-on experience with SoC development, FPGA-based design, and side-channel analysis tools such as Chip- Whisperer. She has contributed to optimizing NTT implementations for PQC, evaluat- ing cryptographic libraries on embedded systems, and conducting side-channel attacks on PQC hardware designs to identify and mitigate vulnerabilities. Additionally, Merve has presented her work at interdisciplinary forums, fostering collaboration between mathematics and computer engineering.

Overview

This tutorial provides an in-depth exploration of side-channel attacks (SCA) on post- quantum cryptography (PQC) designs, focusing specifically on Correlation Power Anal- ysis (CPA) and its application to the Module-Lattice-Based Digital Signature Algorithm (ML-DSA) within a Silicon Root of Trust. We begin with an overview of PQC algorithms, emphasizing ML-DSA, a quantum-resistant cryptographic method gaining significant at- tention. The session will then delve into the side-channel vulnerabilities present in hard- ware implementations and demonstrate how attackers can exploit power consumption data to recover secret keys and forge signatures.

Participants will gain a comprehensive understanding of non-profiled side-channel at- tacks, learning to effectively apply Test Vector Leakage Assessment (TVLA) for detecting leakage in cryptographic systems. The tutorial will introduce the use of tools like Chip- Whisperer and PicoScope for capturing and analyzing power traces, as well as guiding participants through the setup for CPA attacks. Emphasis will be placed on the mod- ular reduction and zeroization steps in ML-DSA, showing how these processes can be exploited in a side-channel attack.

By the end of the session, attendees will have hands-on experience in performing CPA attacks, extracting secret keys from power traces, and understanding how to implement countermeasures to safeguard embedded systems against such vulnerabilities. The tuto- rial will also address the importance of securing hardware-based PQC solutions, ensuring their resilience to future threats posed by quantum computing and sophisticated attack methodologies.

Prerequisites and Required Materials

• Prerequisites:
  • Basic understanding of PQC concepts, particularly the ML-DSA algorithm.
  • Familiarity with side-channel attacks, especially CPA and non-profiled attacks.
  • Basic knowledge of FPGA hardware and cryptographic hardware implementations.
• Required Materials: N/A