With the rapid adoption of 5G and the proliferation of IoT applications, microcontroller-based devices are increasingly entrusted with sensitive data. However, traditional public-key cryptography is insufficient against emerging quantum computing threats. To address this, the National Institute of Standards and Technology (NIST) introduced the Module Lattice Key Encapsulation Mechanism (ML-KEM) as part of its Post-quantum Cryptography (PQC) standards, offering both efficiency and quantum resistance for embedded systems. Despite its theoretical resilience, practical ML-KEM implementations remain susceptible to side-channel analysis (SCA).
In this work, we propose a deep learning-based power analysis framework to evaluate the side-channel vulnerability of ML-KEM. Using the ChipWhisperer CW308 platform with an STM32F415-RGT6 Cortex-M4 microcontroller, we capture power traces with a Picoscope 5244B oscilloscope and train neural networks on a Graphics Processing Unit (GPU) platform. Our experiments achieve 100% validation accuracy and a 99.98% attack success rate, recovering a 32-byte encapsulation key from a single power trace.
These results highlight the high risk of deep learning-based SCA against ML-KEM on microcontrollers, underscoring the need for robust physical-layer countermeasures to secure future PQC implementations.