Talk Title:

Why 'Adams Bridge' Leaks: Attacking a PQC Root-of-Trust

Abstract:

We take a look at Adams Bridge [1], the ML-DSA (Dilithium) accelerator component of the Caliptra 2.0 Root of Trust unit [2]. Caliptra is an open-source project jointly developed by AMD, Google, Microsoft, NVIDIA, and other partners. Caliptra 1.0 has already been fielded as a part of commercial data center silicon, and some prominent semiconductor companies have announced plans to integrate the new version into a wide array of products.

There have already been works such as [4] on attacks against Adams Bridge, but the attacks were against an earlier "unprotected" version. This talk discusses various ways to break through the partial masking countermeasures of the "secure" version and the overall architectural considerations when building hardware and hardware APIs for PQC. We will use both pre-silicon leakage simulation and FPGA targets.

[1] Chips Alliance. "Adams Bridge Post-Quantum Cryptography IP Core" (Crystals-Dilithium) https://github.com/chipsalliance/adams-bridge

[2] Chips Alliance. "Caliptra IP and firmware for integrated Root of Trust block." https://github.com/chipsalliance/Caliptra

[3] AMD Corporate Blog / Alex Tzonkov. "Addressing Security: Integrating Project Caliptra into AMD's Product Lineup" 10-11-2024 https://community.amd.com/t5/corporate/addressing-security-integrating-project-caliptra-into-amd-s/ba-p/716837

[4] Merve Karabulut, Reza Azarderakhsh. "Efficient CPA Attack on Hardware Implementation of ML-DSA in Post-Quantum Root of Trust" https://eprint.iacr.org/2025/009.pdf

Speaker Bio:

Markku-Juhani O. Saarinen, Professor of Practice and a Docent (Information Security and Cryptography). Tampere University, Finland. Previously a penetration tester, but has also created some RISC-V cryptography instructions. PhD Royal Holloway, University of London 2009.