One Time is Enough: Chosen-Ciphertext Side-Channel Attack on ML-KEM Cryptosystems

Yuhan Qian; Jing Gao; Yuchen Zhong; Yaoling Ding; Jingjie Wu; Weiping Gong; Zihe Lin; An Wang

doi:10.1007/978-3-032-01806-9_2

One Time is Enough: Chosen-Ciphertext Side-Channel Attack on ML-KEM Cryptosystems

Yuhan Qian
, Jing Gao
, Yuchen Zhong
, Yaoling Ding^*
, Jingjie Wu^*
, Weiping Gong
, Zihe Lin
, An Wang

^*Corresponding author for this work

School of Cyberspace Science and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The emergence of quantum computers threatens traditional public key cryptographic algorithms like RSA and ECDSA, driving the development of post-quantum cryptography. Among post-quantum cryptography approaches, lattice-based cryptography is a key candidate for securing embedded systems. However, post-quantum cryptography implementations remain vulnerable to side-channel attacks, which exploit physical leakages such as timing, power, and electromagnetic emissions. In this paper, we propose a one-time chosen-ciphertext simple power attack targeting ML-KEM-512 scheme. Leveraging side-channel leakages from the inverse number theoretic transform operation and the decoding process, our method enables efficient recovery of the long-term secret key with AI algorithms for automated feature extraction and classification, eliminating the need for template construction or extensive parameter tuning. We introduce an adaptive classification method for ring- or sphere-shaped data distributions, enhancing adaptability and reducing parameter dependency. Experimental results on the reference ML-KEM implementation in the pqm4 library demonstrate that, compared to previous approaches, our method reduces the number of traces needed for key recovery by 66.67%. This significant reduction improves both the efficiency and practicality of the method in real-world applications.

Original language	English
Title of host publication	Applied Cryptography and Network Security Workshops - ACNS 2025 Satellite Workshops
Subtitle of host publication	AIHWS, AIoTS, QSHC, SCI, PrivCrypt, SPIQE, SiMLA, and CIMSS 2025, Revised Selected Papers
Editors	Mark Manulis
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	23-40
Number of pages	18
ISBN (Print)	9783032018052
DOIs	https://doi.org/10.1007/978-3-032-01806-9_2
Publication status	Published - 2026
Event	Satellite Workshops held in parallel with the 23rd International Conference on Applied Cryptography and Network Security, ACNS 2025 - Munich, Germany Duration: 23 Jun 2025 → 26 Jun 2025

Publication series

Name	Lecture Notes in Computer Science
Volume	15654 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	Satellite Workshops held in parallel with the 23rd International Conference on Applied Cryptography and Network Security, ACNS 2025
Country/Territory	Germany
City	Munich
Period	23/06/25 → 26/06/25

Keywords

Chosen-ciphertext attack
Key encapsulation mechanism
Lattice-based cryptography
Post-quantum cryptography
Public-key encryption
Side-channel attack

Access to Document

10.1007/978-3-032-01806-9_2

Cite this

Qian, Y., Gao, J., Zhong, Y., Ding, Y., Wu, J., Gong, W., Lin, Z., & Wang, A. (2026). One Time is Enough: Chosen-Ciphertext Side-Channel Attack on ML-KEM Cryptosystems. In M. Manulis (Ed.), Applied Cryptography and Network Security Workshops - ACNS 2025 Satellite Workshops: AIHWS, AIoTS, QSHC, SCI, PrivCrypt, SPIQE, SiMLA, and CIMSS 2025, Revised Selected Papers (pp. 23-40). (Lecture Notes in Computer Science; Vol. 15654 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-032-01806-9_2

Qian, Yuhan ; Gao, Jing ; Zhong, Yuchen et al. / One Time is Enough : Chosen-Ciphertext Side-Channel Attack on ML-KEM Cryptosystems. Applied Cryptography and Network Security Workshops - ACNS 2025 Satellite Workshops: AIHWS, AIoTS, QSHC, SCI, PrivCrypt, SPIQE, SiMLA, and CIMSS 2025, Revised Selected Papers. editor / Mark Manulis. Springer Science and Business Media Deutschland GmbH, 2026. pp. 23-40 (Lecture Notes in Computer Science).

@inproceedings{155833983b1f4d5c8119e6b6a9c2c7d2,

title = "One Time is Enough: Chosen-Ciphertext Side-Channel Attack on ML-KEM Cryptosystems",

abstract = "The emergence of quantum computers threatens traditional public key cryptographic algorithms like RSA and ECDSA, driving the development of post-quantum cryptography. Among post-quantum cryptography approaches, lattice-based cryptography is a key candidate for securing embedded systems. However, post-quantum cryptography implementations remain vulnerable to side-channel attacks, which exploit physical leakages such as timing, power, and electromagnetic emissions. In this paper, we propose a one-time chosen-ciphertext simple power attack targeting ML-KEM-512 scheme. Leveraging side-channel leakages from the inverse number theoretic transform operation and the decoding process, our method enables efficient recovery of the long-term secret key with AI algorithms for automated feature extraction and classification, eliminating the need for template construction or extensive parameter tuning. We introduce an adaptive classification method for ring- or sphere-shaped data distributions, enhancing adaptability and reducing parameter dependency. Experimental results on the reference ML-KEM implementation in the pqm4 library demonstrate that, compared to previous approaches, our method reduces the number of traces needed for key recovery by 66.67\%. This significant reduction improves both the efficiency and practicality of the method in real-world applications.",

keywords = "Chosen-ciphertext attack, Key encapsulation mechanism, Lattice-based cryptography, Post-quantum cryptography, Public-key encryption, Side-channel attack",

author = "Yuhan Qian and Jing Gao and Yuchen Zhong and Yaoling Ding and Jingjie Wu and Weiping Gong and Zihe Lin and An Wang",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.; Satellite Workshops held in parallel with the 23rd International Conference on Applied Cryptography and Network Security, ACNS 2025 ; Conference date: 23-06-2025 Through 26-06-2025",

year = "2026",

doi = "10.1007/978-3-032-01806-9\_2",

language = "English",

isbn = "9783032018052",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "23--40",

editor = "Mark Manulis",

booktitle = "Applied Cryptography and Network Security Workshops - ACNS 2025 Satellite Workshops",

address = "Germany",

}

Qian, Y, Gao, J, Zhong, Y, Ding, Y, Wu, J, Gong, W, Lin, Z & Wang, A 2026, One Time is Enough: Chosen-Ciphertext Side-Channel Attack on ML-KEM Cryptosystems. in M Manulis (ed.), Applied Cryptography and Network Security Workshops - ACNS 2025 Satellite Workshops: AIHWS, AIoTS, QSHC, SCI, PrivCrypt, SPIQE, SiMLA, and CIMSS 2025, Revised Selected Papers. Lecture Notes in Computer Science, vol. 15654 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 23-40, Satellite Workshops held in parallel with the 23rd International Conference on Applied Cryptography and Network Security, ACNS 2025, Munich, Germany, 23/06/25. https://doi.org/10.1007/978-3-032-01806-9_2

One Time is Enough: Chosen-Ciphertext Side-Channel Attack on ML-KEM Cryptosystems. / Qian, Yuhan; Gao, Jing; Zhong, Yuchen et al.
Applied Cryptography and Network Security Workshops - ACNS 2025 Satellite Workshops: AIHWS, AIoTS, QSHC, SCI, PrivCrypt, SPIQE, SiMLA, and CIMSS 2025, Revised Selected Papers. ed. / Mark Manulis. Springer Science and Business Media Deutschland GmbH, 2026. p. 23-40 (Lecture Notes in Computer Science; Vol. 15654 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - One Time is Enough

T2 - Satellite Workshops held in parallel with the 23rd International Conference on Applied Cryptography and Network Security, ACNS 2025

AU - Qian, Yuhan

AU - Gao, Jing

AU - Zhong, Yuchen

AU - Ding, Yaoling

AU - Wu, Jingjie

AU - Gong, Weiping

AU - Lin, Zihe

AU - Wang, An

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.

PY - 2026

Y1 - 2026

N2 - The emergence of quantum computers threatens traditional public key cryptographic algorithms like RSA and ECDSA, driving the development of post-quantum cryptography. Among post-quantum cryptography approaches, lattice-based cryptography is a key candidate for securing embedded systems. However, post-quantum cryptography implementations remain vulnerable to side-channel attacks, which exploit physical leakages such as timing, power, and electromagnetic emissions. In this paper, we propose a one-time chosen-ciphertext simple power attack targeting ML-KEM-512 scheme. Leveraging side-channel leakages from the inverse number theoretic transform operation and the decoding process, our method enables efficient recovery of the long-term secret key with AI algorithms for automated feature extraction and classification, eliminating the need for template construction or extensive parameter tuning. We introduce an adaptive classification method for ring- or sphere-shaped data distributions, enhancing adaptability and reducing parameter dependency. Experimental results on the reference ML-KEM implementation in the pqm4 library demonstrate that, compared to previous approaches, our method reduces the number of traces needed for key recovery by 66.67%. This significant reduction improves both the efficiency and practicality of the method in real-world applications.

AB - The emergence of quantum computers threatens traditional public key cryptographic algorithms like RSA and ECDSA, driving the development of post-quantum cryptography. Among post-quantum cryptography approaches, lattice-based cryptography is a key candidate for securing embedded systems. However, post-quantum cryptography implementations remain vulnerable to side-channel attacks, which exploit physical leakages such as timing, power, and electromagnetic emissions. In this paper, we propose a one-time chosen-ciphertext simple power attack targeting ML-KEM-512 scheme. Leveraging side-channel leakages from the inverse number theoretic transform operation and the decoding process, our method enables efficient recovery of the long-term secret key with AI algorithms for automated feature extraction and classification, eliminating the need for template construction or extensive parameter tuning. We introduce an adaptive classification method for ring- or sphere-shaped data distributions, enhancing adaptability and reducing parameter dependency. Experimental results on the reference ML-KEM implementation in the pqm4 library demonstrate that, compared to previous approaches, our method reduces the number of traces needed for key recovery by 66.67%. This significant reduction improves both the efficiency and practicality of the method in real-world applications.

KW - Chosen-ciphertext attack

KW - Key encapsulation mechanism

KW - Lattice-based cryptography

KW - Post-quantum cryptography

KW - Public-key encryption

KW - Side-channel attack

UR - https://www.scopus.com/pages/publications/105021005404

U2 - 10.1007/978-3-032-01806-9_2

DO - 10.1007/978-3-032-01806-9_2

M3 - Conference contribution

AN - SCOPUS:105021005404

SN - 9783032018052

T3 - Lecture Notes in Computer Science

SP - 23

EP - 40

BT - Applied Cryptography and Network Security Workshops - ACNS 2025 Satellite Workshops

A2 - Manulis, Mark

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 23 June 2025 through 26 June 2025

ER -

Qian Y, Gao J, Zhong Y, Ding Y, Wu J, Gong W et al. One Time is Enough: Chosen-Ciphertext Side-Channel Attack on ML-KEM Cryptosystems. In Manulis M, editor, Applied Cryptography and Network Security Workshops - ACNS 2025 Satellite Workshops: AIHWS, AIoTS, QSHC, SCI, PrivCrypt, SPIQE, SiMLA, and CIMSS 2025, Revised Selected Papers. Springer Science and Business Media Deutschland GmbH. 2026. p. 23-40. (Lecture Notes in Computer Science). doi: 10.1007/978-3-032-01806-9_2