{"paper_id":"2cb057a4-6bbd-4734-be6c-eab91e76e7de","body_text":"Adaptive ML-Driven Side-Channel Defense for Post-Quantum Cryptographic Implementations | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Adaptive ML-Driven Side-Channel Defense for Post-Quantum Cryptographic Implementations Subin S R, S. Daniel Madan Raja This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-9533349/v1 This work is licensed under a CC BY 4.0 License Status: Under Review Version 1 posted 5 You are reading this latest preprint version Abstract Post-quantum cryptographic (PQC) algorithms standardized by NIST in 2024 (FIPS 203 ML-KEM, FIPS 204 ML-DSA) are designed to withstand quantum adversaries, yet their physical implementations remain critically vulnerable to side-channel attacks. Recent work has demonstrated full ML-KEM secret key recovery in under ten minutes using only 15 power traces, exposing a dangerous gap between algorithmic and implementation security. Existing countermeasures---Boolean masking, operation shuffling, noise injection---are deployed \\emph{statically}, imposing constant performance overhead regardless of whether an attack is occurring. This work addresses the question: \\emph{can side-channel defenses be deployed adaptively, activating only when an attack is detected, without compromising security?} We present an adaptive defense framework that combines real-time machine-learning-based attack detection with threat-proportional countermeasure activation. A Random Forest classifier trained on 81 extracted trace features detects ongoing attacks with ROC-AUC of~1.000 on ML-KEM-768 and 0.77 F1-score on ML-DSA-65. A four-level threat assessment engine with hysteresis-stabilized state transitions maps the probability to one of four threat levels (LOW, MEDIUM, HIGH, CRITICAL), each associated with a specific set of countermeasures and an expected overhead budget. The framework reduces attack success rates by 54--75% across five PQC parameter sets while imposing overhead only when threats are detected (5--60%, proportional to severity). Compared to always-on 3-share ISW masking, the adaptive approach achieves a $240\\times$ reduction in computational waste under realistic deployment conditions. Robustness evaluation across signal-to-noise ratios of 5--25,dB confirms sustained detection performance under realistic noise conditions. Post-quantum cryptography Side-channel attack Adaptive defense Machine learning Anomaly detection · ML-KEM ML-DSA Power analysis Random Forest Embedded security Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Under Review Version 1 posted Reviewers agreed at journal 10 May, 2026 Reviewers invited by journal 05 May, 2026 Editor assigned by journal 27 Apr, 2026 Submission checks completed at journal 27 Apr, 2026 First submitted to journal 26 Apr, 2026 You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {\"props\":{\"pageProps\":{\"initialData\":{\"identity\":\"rs-9533349\",\"acceptedTermsAndConditions\":true,\"allowDirectSubmit\":false,\"archivedVersions\":[],\"articleType\":\"Research Article\",\"associatedPublications\":[],\"authors\":[{\"id\":639226866,\"identity\":\"f3ecdd03-8aea-4d4b-b5a6-aed278e1b4b9\",\"order_by\":0,\"name\":\"Subin S R\",\"email\":\"\",\"orcid\":\"\",\"institution\":\"Karunya University\",\"correspondingAuthor\":false,\"prefix\":\"\",\"firstName\":\"Subin\",\"middleName\":\"S\",\"lastName\":\"R\",\"suffix\":\"\"},{\"id\":639226867,\"identity\":\"be1ad4b5-4c06-4137-8f38-5dd9b96eea8c\",\"order_by\":1,\"name\":\"S. Daniel Madan Raja\",\"email\":\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAABIElEQVRIie2RMWuDUBDHT4R0udbVYDBf4cKDLqXJVzEIcTEhXUohQzazSGel0M/g1FkR6mLqKrzdyYKjg0NNSwgF0zoW+n7c8OeOH8e7ByAQ/EXCQ62/AgCCrp5mxg8KnRTWS4GTAjD3flOukn0UVvQybsNrVY+mlr/bF9qdMwXlwqYuZZiujMgjPvHTlem7aC6f0LrWfMeEoVt2KhTaFCNxKQhtBojy8hkWA+3SkYHy7i2UlRQ3xGdBVjKpwa2lK8VB2cLsnNL2YyA+D3KbyYixoamfW9qmeuYteUmRS9z085LJI0wmvlfIN/iWoJoW686LZTar6gd++9gG6d3djNVsIXG83+jKzgw6r/wNyT2GQfur/aiPoekpCAQCwX/gA1aVZhFCSAvZAAAAAElFTkSuQmCC\",\"orcid\":\"\",\"institution\":\"Karunya University\",\"correspondingAuthor\":true,\"prefix\":\"\",\"firstName\":\"S.\",\"middleName\":\"Daniel Madan\",\"lastName\":\"Raja\",\"suffix\":\"\"}],\"badges\":[],\"createdAt\":\"2026-04-26 16:08:27\",\"currentVersionCode\":1,\"declarations\":\"\",\"doi\":\"10.21203/rs.3.rs-9533349/v1\",\"doiUrl\":\"https://doi.org/10.21203/rs.3.rs-9533349/v1\",\"draftVersion\":[],\"editorialEvents\":[],\"editorialNote\":\"\",\"failedWorkflow\":false,\"files\":[{\"id\":109249485,\"identity\":\"dd2f2bce-4802-4ce8-9d88-34c7ea99d598\",\"added_by\":\"auto\",\"created_at\":\"2026-05-14 08:53:53\",\"extension\":\"pdf\",\"order_by\":1,\"title\":\"\",\"display\":\"\",\"copyAsset\":false,\"role\":\"manuscript-pdf\",\"size\":2362647,\"visible\":true,\"origin\":\"\",\"legend\":\"\",\"description\":\"\",\"filename\":\"JCENmanuscriptv2.pdf\",\"url\":\"https://assets-eu.researchsquare.com/files/rs-9533349/v1_covered_3d4e5725-322d-486f-8c0b-c63f96b467f0.pdf\"}],\"financialInterests\":\"No competing interests reported.\",\"formattedTitle\":\"Adaptive ML-Driven Side-Channel Defense for Post-Quantum Cryptographic Implementations\",\"fulltext\":[],\"fulltextSource\":\"\",\"fullText\":\"\",\"funders\":[],\"hasAdminPriorityOnWorkflow\":false,\"hasManuscriptDocX\":false,\"hasOptedInToPreprint\":true,\"hasPassedJournalQc\":\"\",\"hasAnyPriority\":false,\"hideJournal\":false,\"highlight\":\"\",\"institution\":\"\",\"isAcceptedByJournal\":false,\"isAuthorSuppliedPdf\":true,\"isDeskRejected\":\"\",\"isHiddenFromSearch\":false,\"isInQc\":false,\"isInWorkflow\":false,\"isPdf\":true,\"isPdfUpToDate\":true,\"isWithdrawnOrRetracted\":false,\"journal\":{\"display\":true,\"email\":\"info@researchsquare.com\",\"identity\":\"journal-of-cryptographic-engineering\",\"isNatureJournal\":false,\"hasQc\":true,\"allowDirectSubmit\":false,\"externalIdentity\":\"jcen\",\"sideBox\":\"Learn more about [Journal of Cryptographic Engineering](http://link.springer.com/journal/13389)\",\"snPcode\":\"13389\",\"submissionUrl\":\"https://submission.nature.com/new-submission/13389/3\",\"title\":\"Journal of Cryptographic Engineering\",\"twitterHandle\":\"\",\"acdcEnabled\":true,\"dfaEnabled\":true,\"editorialSystem\":\"em\",\"reportingPortfolio\":\"Springer Hybrid\",\"inReviewEnabled\":true,\"inReviewRevisionsEnabled\":false},\"keywords\":\"Post-quantum cryptography, Side-channel attack, Adaptive defense, Machine learning, Anomaly detection · ML-KEM, ML-DSA, Power analysis, Random Forest, Embedded security\",\"lastPublishedDoi\":\"10.21203/rs.3.rs-9533349/v1\",\"lastPublishedDoiUrl\":\"https://doi.org/10.21203/rs.3.rs-9533349/v1\",\"license\":{\"name\":\"CC BY 4.0\",\"url\":\"https://creativecommons.org/licenses/by/4.0/\"},\"manuscriptAbstract\":\"\\nPost-quantum cryptographic (PQC) algorithms standardized by NIST in 2024\\n(FIPS~203 ML-KEM, FIPS~204 ML-DSA) are designed to withstand quantum\\nadversaries, yet their physical implementations remain critically vulnerable\\nto side-channel attacks. Recent work has demonstrated full ML-KEM secret\\nkey recovery in under ten minutes using only 15 power traces, exposing a\\ndangerous gap between algorithmic and implementation security. Existing\\ncountermeasures---Boolean masking, operation shuffling, noise\\ninjection---are deployed \\\\emph{statically}, imposing constant performance\\noverhead regardless of whether an attack is occurring. This work addresses\\nthe question: \\\\emph{can side-channel defenses be deployed adaptively,\\nactivating only when an attack is detected, without compromising security?}\\n\\nWe present an adaptive defense framework that combines real-time\\nmachine-learning-based attack detection with threat-proportional\\ncountermeasure activation. A Random Forest classifier trained on 81\\nextracted trace features detects ongoing attacks with ROC-AUC of~1.000 on\\nML-KEM-768 and 0.77 F1-score on ML-DSA-65. A four-level threat assessment\\nengine with hysteresis-stabilized state transitions maps the probability to\\none of four threat levels (LOW, MEDIUM, HIGH, CRITICAL), each associated\\nwith a specific set of countermeasures and an expected overhead budget. The\\nframework reduces attack success rates by 54--75\\\\% across five PQC parameter\\nsets while imposing overhead only when threats are detected (5--60\\\\%,\\nproportional to severity). Compared to always-on 3-share ISW masking, the\\nadaptive approach achieves a $240\\\\times$ reduction in computational waste\\nunder realistic deployment conditions. Robustness evaluation across\\nsignal-to-noise ratios of 5--25\\\\,dB confirms sustained detection performance\\nunder realistic noise conditions.\\n\",\"manuscriptTitle\":\"Adaptive ML-Driven Side-Channel Defense for Post-Quantum Cryptographic Implementations\",\"msid\":\"\",\"msnumber\":\"\",\"nonDraftVersions\":[{\"code\":1,\"date\":\"2026-05-13 17:50:19\",\"doi\":\"10.21203/rs.3.rs-9533349/v1\",\"editorialEvents\":[{\"type\":\"communityComments\",\"content\":0},{\"type\":\"reviewerAgreed\",\"content\":\"143466417846869129699335733986953507009\",\"date\":\"2026-05-10T13:05:44+00:00\",\"index\":\"hide\",\"fulltext\":\"\"},{\"type\":\"reviewersInvited\",\"content\":\"\",\"date\":\"2026-05-05T12:42:39+00:00\",\"index\":\"\",\"fulltext\":\"\"},{\"type\":\"editorAssigned\",\"content\":\"\",\"date\":\"2026-04-27T05:45:39+00:00\",\"index\":\"\",\"fulltext\":\"\"},{\"type\":\"checksComplete\",\"content\":\"\",\"date\":\"2026-04-27T05:45:24+00:00\",\"index\":\"\",\"fulltext\":\"\"},{\"type\":\"submitted\",\"content\":\"Journal of Cryptographic Engineering\",\"date\":\"2026-04-26T16:02:27+00:00\",\"index\":\"\",\"fulltext\":\"\"}],\"status\":\"published\",\"journal\":{\"display\":true,\"email\":\"info@researchsquare.com\",\"identity\":\"journal-of-cryptographic-engineering\",\"isNatureJournal\":false,\"hasQc\":true,\"allowDirectSubmit\":false,\"externalIdentity\":\"jcen\",\"sideBox\":\"Learn more about [Journal of Cryptographic Engineering](http://link.springer.com/journal/13389)\",\"snPcode\":\"13389\",\"submissionUrl\":\"https://submission.nature.com/new-submission/13389/3\",\"title\":\"Journal of Cryptographic Engineering\",\"twitterHandle\":\"\",\"acdcEnabled\":true,\"dfaEnabled\":true,\"editorialSystem\":\"em\",\"reportingPortfolio\":\"Springer Hybrid\",\"inReviewEnabled\":true,\"inReviewRevisionsEnabled\":false}}],\"origin\":\"\",\"ownerIdentity\":\"6df56fd0-0b44-4963-a45b-01e11adcde38\",\"owner\":[],\"postedDate\":\"May 13th, 2026\",\"published\":true,\"recentEditorialEvents\":[{\"type\":\"reviewerAgreed\",\"content\":\"143466417846869129699335733986953507009\",\"date\":\"2026-05-10T13:05:44+00:00\",\"index\":13,\"fulltext\":\"\"},{\"type\":\"reviewersInvited\",\"content\":\"9\",\"date\":\"2026-05-05T12:42:39+00:00\",\"index\":\"\",\"fulltext\":\"\"}],\"rejectedJournal\":[],\"revision\":\"\",\"amendment\":\"\",\"status\":\"under-review\",\"subjectAreas\":[],\"tags\":[],\"updatedAt\":\"2026-05-13T17:50:19+00:00\",\"versionOfRecord\":[],\"versionCreatedAt\":\"2026-05-13 17:50:19\",\"video\":\"\",\"vorDoi\":\"\",\"vorDoiUrl\":\"\",\"workflowStages\":[]},\"version\":\"v1\",\"identity\":\"rs-9533349\",\"journalConfig\":\"researchsquare\"},\"__N_SSP\":true},\"page\":\"/article/[identity]/[[...version]]\",\"query\":{\"redirect\":\"/article/rs-9533349\",\"identity\":\"rs-9533349\",\"version\":[\"v1\"]},\"buildId\":\"XKTyCvWXoU3ODBz1xrDgd\",\"isFallback\":false,\"isExperimentalCompile\":false,\"dynamicIds\":[84888],\"gssp\":true,\"scriptLoader\":[]}","source_license":"CC-BY-4.0","license_restricted":false}