The Silicon Leak: Side-Channel Analysis of CRYSTALS-Dilithium on FPGA Architectures

RJH Rizo
May 14, 2026
The Silicon Leak: Side-Channel Analysis of CRYSTALS-Dilithium on FPGA Architectures

The Silicon Leak: Side-Channel Analysis of CRYSTALS-Dilithium on FPGA Architectures

By Rizowan Ahmed (@riz1raj)
Senior Technology Analyst | Covering Enterprise IT, Hardware & Emerging Trends

The Quantum Mirage: Why Your Hardware is Already Leaking

The industry has focused on the mathematical hardness of Module Learning With Errors (M-LWE). While CRYSTALS-Dilithium provides a cryptographic framework, the security of these implementations depends on the silicon executing them. As we transition to production-grade deployment, side-channel vulnerabilities in lattice-based signature schemes have become a significant operational risk.

The FPGA Vulnerability Surface

When deploying Dilithium on FPGA architectures, such as Xilinx Zynq UltraScale+ or Intel Stratix 10, the primary attack vector involves side-channel analysis. Side-channel analysis of CRYSTALS-Dilithium implementations on FPGA architectures has shown that Number Theoretic Transform (NTT) operations can be susceptible to power and electromagnetic analysis.

The Anatomy of the Leak

  • Power Profiling: Correlation Power Analysis (CPA) targeting the rejection sampling phase of the signature generation.
  • Electromagnetic Emissions: Near-field EM probes capturing the high-frequency switching noise of the modular multiplication logic.
  • Timing Jitter: Exploiting the non-constant time nature of the rejection sampling loop to infer secret key coefficients.

The NISQ-Era Paradox

NISQ devices may be used to assist in signal processing to analyze side-channel leakage. Attackers utilize signal processing to filter out noise inherent in high-density FPGA fabrics. If implementations are not hardened, secret key information may be leaked through the physical characteristics of the underlying hardware.

Architectural Mitigation Strategies

When architecting a PQ-secure system, developers should consider the following mitigations:

  • Masking Schemes: Implementing first-order or higher-order masking to decouple power consumption from secret data. This incurs a latency penalty, but it is a standard method to neutralize simple power analysis.
  • Shuffling: Randomizing the order of polynomial coefficients during the NTT execution to break the temporal correlation required for CPA.
  • Constant-Time Logic: Mandating that the rejection sampling process executes in fixed clock cycles, regardless of the input data, to mitigate timing-based leakage.

The Hard Truth About Hardware

Hardware must be evaluated for its ability to handle the performance overhead of masking Dilithium, which can impact thermal design power (TDP) limitations in edge devices. Prioritizing throughput over side-channel mitigation in the software layer can leave systems vulnerable if the hardware provides amplification for the side-channel signal.

The Outlook

The development of automated side-channel analysis tools may increase the risk to current FPGA-based Dilithium implementations. There is an industry trend toward dedicated cryptographic accelerators (ASICs) that incorporate masking and shuffling into the silicon gates. Relying on off-the-shelf FPGA IP cores for PQC requires careful evaluation of physical-layer security.