Contact Us
News & Events

SemiIsrael Expo 2025 - Post-quantum Algorithms MS-KEM and MS-DSA Protected Against Physical Attacks,
in Hardware and in Software

November 1, 2025

Events

Share:

Yaacov Belenky,
Chief Innovation Officer

Short Bio

Yaacov was born in the USSR, studied mathematics there, and immigrated to Israel in 1987. Since 1998, he has been working in security, primarily on the hardware level, initially for NDS (which Cisco later acquired), and later (2017) on Intel’s red team. In 2020, he joined FortifyIQ as Chief Innovation Officer. Since 2013, his focus has been physical attacks and algorithmic protections against them. He has 30 granted patents and 6 academic papers, all security-related.

Join me

November 11 at the SemIsrael Conference, Airport City, Israel 15:10-15:30 in the IP and Cores Track

Short Abstract

Post-quantum algorithms ML-KEM and ML-DSA, based on Crystals Kyber and Crystals Dilithium, respectively, have been recently standardized by NIST in FIPS 203 and FIPS 204, and are rapidly being adopted worldwide. Unfortunately, these algorithms are extremely prone to side-channel attacks, including side-channel attacks that require only one trace. Masking-based approaches to their security have a significant cost in performance, gate count, and power consumption. In addition, many practical attacks on these masking-based protected implementations have been published in academic papers.

 

FortifyIQ has developed a unique algorithmic protection against physical attacks for both ML-KEM and ML-DSA, which is not based on masking and has a significantly better PPA than masking-based protections. 

It switches the calculations into a large redundant domain, following the same design principles as FortifyIQ’s AES protection schemes, which have passed AVA.VAN.5 evaluation by a leading Common Criteria lab, and are deployed in millions of devices. The protection extends to operations such as composition and decomposition, which are known to be easy targets for side-channel attacks.

 

FortifyIQ offers a combined hardware + firmware solution. For already produced devices or when limitations prevent the use of this solution, FortifyIQ offers software libraries for both ML-KEM and ML-DSA in which the same algorithmic protection is implemented. Both products use the same unified API.

Fortify’s AES security evaluation by SGS

“Summary. The leakage analysis (Welch t-test) on over 30 million traces did not show statistically significant first- and second-order differences between trace sets with fixed and random inputs. The template-based DPA analysis, on the pseudo-random trace set for the profiling phase (15 million traces) and on a sub-set of 300k fix input traces for matching phase targeting the first-round S-box output, and template attack on ciphertext, did not indicate any potential information leakage.”

” The results for the soft IP presented in the report were obtained on the TOE which is the basic hardware implementation of the soft IP without additional levels of security (e.g. that are present in a secure silicon layout). Therefore the internal strength of the soft IP itself was evaluated. This indicates that the investigated features and parameters of the soft IP implementation should be robust against SCA and fault injection attacks in different implementations including ASIC. Nevertheless, according to the Common Criteria rules, the strength of the final composite product must be evaluated on its own.”

Request Technical Details