Quantum computers are on the horizon. Deploying secure implementations of post-quantum cryptography is therefore of paramount importance. In our project Leakage Evaluation and Protection for Post-Quantum Cryptography on Complex Software Platforms (LEAP-CSP), we are developing an AI-assisted framework to design and test novel countermeasures automatically. This will allow implementation security analyses to be performed with unparalleled speed and thoroughness. The project is commissioned by the Agentur für Innovation in der Cybersicherheit GmbH (Cyberagentur) and part of their Side-channel resistance in post-quantum cryptology (SCA4PQC) program.

Our project is based on five main work tracks:

Establishing Solid Baselines

We will catalogue the existing side-channel countermeasures, start from a well-maintained open-source baseline, rely on general protocol-level countermeasures to limit the scope of possible attacks, establish reasonable criteria for improvements to the baseline, and implement countermeasures that fix the identified gaps.

Automating Evaluation

We will develop an automated test harness for our implementations that evaluates correctness, performance and side-channel resistance in a uniform way. This will allow efficient experimental iteration and prevent regression. The side-channel test suite will consist of tests for specific weaknesses detected in the course of the project, ML-based attacks with leakage attribution, and regression tests based on static and dynamic analysis tools.

Building Countermeasures Against ML Attacks

We will particularly focus on countermeasures that prevent leakage exploitation by machine learning models, as they are known as the most effective distinguisher dealing with labelled samples and relatively easy to implement. We will then harden the newly identified countermeasures against classical (non-ML) attacks. Our goals are to identify new efficient countermeasures, but also to develop a robust automated evaluation framework for the next stages of the project.

Automated Countermeasure Design

Based on the test suite, we will develop a framework for automated countermeasure design and optimisation. The framework consists of three tiers with increasing autonomy: the lowest tier will treat countermeasure development as a standard hyperparameter optimisation problem; the second tier will automatically select countermeasures from a pool of published candidates and implement them when necessary; and the third tier will use an AlphaEvolve-style algorithm to automate implementation improvements. Experiments in the last tier will cover a range of settings, from merely trying to gain efficiency when employing known countermeasures to finding fundamentally new countermeasures.

Human Oversight

All evaluations and implementations that contribute to the final product or to a scientific publication will undergo rigorous human review. Additionally, optimisations found in the automated discovery framework will be combined, contrasted with, and further developed by human insights.

Team

• Gregor Leander
• Friedrich Wiemer
• Lukas Stennes
• Aron Gohr
• Amir Moradi
• Peter Schwabe
• Asja Fischer

Links

• Website Cyberagentur: https://www.cyberagentur.de/programme/sca4pqc/