Post-quantum algorithms ML-KEM and ML-DSA, based on Crystals Kyber and Crystals Dilithium, respectively, have been recently standardized by NIST in FIPS 203 and FIPS 204, and are rapidly being adopted worldwide. Unfortunately, these algorithms are extremely prone to side-channel attacks, including side-channel attacks that require only one trace. Masking-based approaches to their security have a significant cost in performance, gate count, and power consumption. In addition, many practical attacks on these masking-based protected implementations have been published in academic papers.

FortifyIQ has developed a unique algorithmic protection against physical attacks for both ML-KEM and ML-DSA, which is not based on masking and has a significantly better PPA than masking-based protections.

It switches the calculations into a large redundant domain, following the same design principles as FortifyIQ’s AES protection schemes, which have passed AVA.VAN.5 evaluation by a leading Common Criteria lab, and are deployed in millions of devices. The protection extends to operations such as composition and decomposition, which are known to be easy targets for side-channel attacks.

FortifyIQ offers a combined hardware + firmware solution. For already produced devices or when limitations prevent the use of this solution, FortifyIQ offers software libraries for both ML-KEM and ML-DSA in which the same algorithmic protection is implemented. Both products use the same unified API.