Saved in:
Bibliographic Details
Main Authors: Adjonyo, Olivier, Bardin, Sebastien, Bellini, Emanuele, Dione, Gilbert Ndollane, Ameen, Mahmudul Faisal Al, Merget, Robert, Recoules, Frederic, Sellami, Yanis
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2509.04010
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912570163593216
author Adjonyo, Olivier
Bardin, Sebastien
Bellini, Emanuele
Dione, Gilbert Ndollane
Ameen, Mahmudul Faisal Al
Merget, Robert
Recoules, Frederic
Sellami, Yanis
author_facet Adjonyo, Olivier
Bardin, Sebastien
Bellini, Emanuele
Dione, Gilbert Ndollane
Ameen, Mahmudul Faisal Al
Merget, Robert
Recoules, Frederic
Sellami, Yanis
contents The PQDSS standardization process requires cryptographic primitives to be free from vulnerabilities, including timing and cache side-channels. Resistance to timing leakage is therefore an essential property, and achieving this typically relies on software implementations that follow constant-time principles. Moreover, ensuring that all implementations are constant-time is crucial for fair performance comparisons, as secure implementations often incur additional overhead. Such analysis also helps identify scheme proposals that are inherently difficult to implement in constant time. Because constant-time properties can be broken during compilation, it is often necessary to analyze the compiled binary directly. Since manual binary analysis is extremely challenging, automated analysis becomes highly important. Although several tools exist to assist with such analysis, they often have usability limitations and are difficult to set up correctly. To support the developers besides the NIST committee in verifying candidates, we developed a toolchain that automates configuration, execution, and result analysis for several widely used constant-time analysis tools. We selected TIMECOP and Binsec/Rel2 to verify constant-time policy compliance at the binary level, and dudect and RTLF to detect side-channel vulnerabilities through statistical analysis of execution time behavior. We demonstrate its effectiveness and practicability by evaluating the NIST PQDSS round 1 and round 2 implementations. We reported 26 issues in total to the respective developers, and 5 of them have already been fixed. We also discuss our different findings, as well as the benefits of shortcomings of the different tools.
format Preprint
id arxiv_https___arxiv_org_abs_2509_04010
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Systematic Timing Leakage Analysis of NIST PQDSS Candidates: Tooling and Lessons Learned
Adjonyo, Olivier
Bardin, Sebastien
Bellini, Emanuele
Dione, Gilbert Ndollane
Ameen, Mahmudul Faisal Al
Merget, Robert
Recoules, Frederic
Sellami, Yanis
Cryptography and Security
The PQDSS standardization process requires cryptographic primitives to be free from vulnerabilities, including timing and cache side-channels. Resistance to timing leakage is therefore an essential property, and achieving this typically relies on software implementations that follow constant-time principles. Moreover, ensuring that all implementations are constant-time is crucial for fair performance comparisons, as secure implementations often incur additional overhead. Such analysis also helps identify scheme proposals that are inherently difficult to implement in constant time. Because constant-time properties can be broken during compilation, it is often necessary to analyze the compiled binary directly. Since manual binary analysis is extremely challenging, automated analysis becomes highly important. Although several tools exist to assist with such analysis, they often have usability limitations and are difficult to set up correctly. To support the developers besides the NIST committee in verifying candidates, we developed a toolchain that automates configuration, execution, and result analysis for several widely used constant-time analysis tools. We selected TIMECOP and Binsec/Rel2 to verify constant-time policy compliance at the binary level, and dudect and RTLF to detect side-channel vulnerabilities through statistical analysis of execution time behavior. We demonstrate its effectiveness and practicability by evaluating the NIST PQDSS round 1 and round 2 implementations. We reported 26 issues in total to the respective developers, and 5 of them have already been fixed. We also discuss our different findings, as well as the benefits of shortcomings of the different tools.
title Systematic Timing Leakage Analysis of NIST PQDSS Candidates: Tooling and Lessons Learned
topic Cryptography and Security
url https://arxiv.org/abs/2509.04010