At Cyber On Board 2026, our cryptography engineer, Davide Alessio, presented on the transition to post-quantum cryptography in embedded systems, focusing on the implementation-level risks that remain once an algorithm is standardized.
NIST finalized the first post-quantum standards in 2024, and its CAVP program can confirm that an implementation is mathematically correct. Runtime security is a separate property, and an implementation can pass validation while still leaking its secret key.
Timing attacks are how that leak gets exploited.
Known since Kocher described them in 1996, they reconstruct a secret key from minor differences in execution time, operate remotely, and leave no trace on the hardware. The post-quantum case is harder than the classical one, because thirty years of mitigation knowledge does not transfer cleanly to new mathematics and new implementation structures. The community is rebuilding that expertise in a fraction of the time it originally took.
Embedded systems raise the stakes further, with clean timing signals for attackers and verification tooling that was never designed for bare-metal targets.
The session is condensed into a single-page briefing note covering the four sources of temporal leakage, the countermeasures available today, a Clang versus GCC comparison on ML-KEM, the audit tools currently in use and their limits, and the reasons embedded systems sit at the sharpest edge of the problem.
Read the Briefing Note
More categories:
