The post-quantum transition is underway. ML-KEM and ML-DSA are now NIST standards, and embedded systems are being redesigned to use them. But mathematical security and physical security are not the same thing, and in the rush to adopt quantum-resistant algorithms, one critical question is being overlooked: are the implementations physically secure?

At the center of this problem sits Keccak, standardized as SHA-3. It is the default hash primitive in the entire PQC landscape: e.g., used in ML-KEM for key derivation, in ML-DSA at multiple points in the signing and verification flow, and in most other standardized schemes. When a single primitive sits on the critical path of every PQC algorithm, a vulnerability in its implementation is a systemic risk.

Two attacks, one primitive on ML-KEM & ML-DSA

Side-channel analysis (SCA) exploits what a device leaks during normal operation (power consumption, electromagnetic emissions, …) to recover secret values. Because of the ephemeral nature of the Keccak input in ML-KEM & ML-DSA, differential approaches like Correlation Power Analysis (CPA) are unfeasible. However, single trace attacks like Soft Analytical Side-Channel Analysis (SASCA) overcomes this by profiling the leakage, modelling the entire Keccak computation as a factor graph and using belief propagation.

Fault injection (FI) takes an active route: deliberately altering the device's computation via voltage or clock glitches to induce a controlled error. Research on "Mind the Faulty Keccak" has shown that a single fault injected in the Keccak sponge construction can compromise the security of all phases of ML-KEM & ML-DSA. In the context of a Root of Trust, faulting the verification process of ML-DSA allows bypassing the secure boot chain, causing a device to accept and execute malicious firmware. Protecting against this scenario is the exact goal of the European project Fully Optimized Root of Trust for Robust Embedded Security Systems (FORTRESS), of which eShard is a member.

In our webinar, we exploit physical vulnerabilities of Keccak on PQC.

Join us on July 7th

Choose the session that works for your timezone:

• 10:00 CEST | 04:00 EDT | 16:00 SGT → Register here
• 17:00 CEST | 11:00 EDT | 23:00 SGT → Register here

The session is aimed at hardware security engineers, cryptographic implementation teams, and security architects working on PQC deployments. Basic familiarity with side-channel concepts is assumed; no prior knowledge of Keccak internals is required.