Last updated: June 2025
Key Takeaways
- Adams Bridge’s RSI shuffling delivers only 6 bits of entropy per INTT layer (64 orderings) — not the 296-bit full-permutation entropy its CPA complexity claims of 2^46 (ML-DSA) and 2^96 (ML-KEM) implicitly assume
- A soft-analytical attack pipeline achieves a 37-bit enumeration reduction independent of Belief Propagation gains, and full-scale BP recovers 100% of coefficients across the complete INTT factor graph
- If your organization deploys Caliptra-based root-of-trust hardware, your ML-DSA and ML-KEM side-channel security margins require immediate reassessment — the gap between claimed and actual protection is not theoretical
[IMAGE: Macro photograph of a silicon hardware accelerator chip with glowing cyan circuit traces, dramatic side-lighting revealing the layered die structure, deep black background, 8K cinematic quality — no text or human faces]
The Security Margin That Wasn’t There
Picture your organization’s hardware security module completing a post-quantum key exchange. The chip vendor’s documentation states CPA complexity of 2^96 — a number so large it implies practical immunity to power-analysis attacks for decades. Your security architects sign off. Your compliance team files the attestation. Your CISO moves on to the next item.
Now picture a researcher opening that chip’s Register-Transfer Level description and counting: not 2^96 bits of shuffling entropy, but 6. Per layer. Sixty-four possible orderings, not the astronomical permutation space the scaling argument requires.
That is precisely what a June 2025 analysis of Adams Bridge — the hardware accelerator powering ML-DSA and ML-KEM inside the Caliptra root of trust — found. The paper, “Partial Number Theoretic Transform Masking in Post Quantum Cryptography Hardware: A Security Margin Analysis” (arXiv:2604.03813v1), does not claim a working key-recovery exploit. What it does establish is a fundamental discrepancy between the security model and the silicon reality — and for enterprise security teams betting their post-quantum migration on this hardware, that gap matters now.
What Adams Bridge Actually Does — and Where It Falls Short
The Design: One Masked Layer, Shuffling for the Rest
Adams Bridge is a hardware accelerator purpose-built for the NIST-standardized post-quantum algorithms ML-DSA (FIPS 204) and ML-KEM (FIPS 203), integrated into the Caliptra root-of-trust architecture. Its primary side-channel countermeasure against Correlation Power Analysis (CPA) combines two techniques:
- Arithmetic masking of one Inverse Number Theoretic Transform (INTT) layer
- Random Start Index (RSI) shuffling across the remaining INTT layers
The design’s security claims rest on the assumption that RSI shuffling approximates a full random permutation of butterfly operations — producing entropy sufficient to push CPA complexity to 2^46 for ML-DSA and 2^96 for ML-KEM.
RTL analysis of the actual implementation tells a different story.
The Entropy Gap: 6 Bits vs. 296 Bits
RSI shuffling, as implemented, produces 64 possible orderings per INTT layer — exactly 6 bits of entropy. The scaling argument Adams Bridge uses to reach its headline CPA complexity figures implicitly requires 296 bits of entropy from a full random permutation. The researchers confirmed this discrepancy directly from the RTL, not from theoretical inference.
“The RTL analysis confirms RSI shuffling provides 6 bits of entropy per layer (64 orderings), while the full random permutation assumed in Adams Bridge’s scaling argument would require 296 bits of entropy — a 290-bit gap in the foundational security assumption.” — arXiv:2604.03813v1
This is not a rounding error. It is a structural mismatch between the threat model used to derive security claims and the countermeasure actually deployed in silicon.
The Attack Pipeline: What Becomes Possible
Soft-Analytical Attacks and Belief Propagation
The researchers constructed a soft-analytical attack pipeline that exploits the entropy gap without requiring physical hardware measurements. Two results stand out:
37-bit enumeration reduction: The pipeline achieves a 37-bit reduction in key enumeration complexity, independent of any Belief Propagation (BP) gains. This quantifies the attack-model gap concretely — even before the more powerful BP stage runs.
100% coefficient recovery via BP: Full-scale Belief Propagation applied to the complete INTT factor graph recovers 100% of coefficients, compared to a single-layer baseline. A genie-aided information-theoretic bound confirms that observations contain sufficient mutual information for full recovery at SNR×N values as low as 15.
The critical caveat: this pipeline is analytical and simulated. No empirical power traces from physical Adams Bridge silicon are reported. The 37-bit reduction does not produce an actual recovered key. What it does produce is a rigorous lower bound on how much weaker the real security margin is compared to the claimed margin — and a clear methodology for an attacker who does have physical access.
Observation Topology: The Finding That Changes Hardware Design
The most operationally significant result from the layer-ablation analysis is this:
“Observation topology, not count, determines recovery: 4 evenly spread layers achieve 100% coefficient recovery while 4 consecutive layers achieve 0%, yielding a practical countermeasure design tool.” — arXiv:2604.03813v1
Four observation points, arranged evenly across the INTT pipeline: full key material recovered. Four observation points, bunched consecutively: zero recovery. The number of observations is identical. The arrangement is everything.
This finding has immediate design implications. It means that partial masking strategies — which are attractive precisely because full masking is expensive — must be evaluated on topology, not just coverage percentage.
Comparison: Adams Bridge Claimed vs. Actual Security Profile
| Parameter | Adams Bridge Claimed | RTL-Verified Reality |
|---|---|---|
| ML-DSA CPA complexity | 2^46 | Below designers’ estimates (margin unquantified) |
| ML-KEM CPA complexity | 2^96 | Below designers’ estimates (margin unquantified) |
| Shuffling entropy per INTT layer | ~296 bits (full permutation assumed) | 6 bits (64 orderings) |
| INTT layers with arithmetic masking | 1 | 1 |
| Enumeration reduction via soft-analytical attack | 0 bits (assumed) | 37 bits (demonstrated) |
| BP coefficient recovery (full factor graph) | Not modeled | 100% |
| Minimum SNR×N for full recovery | Not specified | 15 |
Source: arXiv:2604.03813v1, June 2025
Industry Context: Why This Surfaces Now
NIST Standardization Created Deployment Urgency
NIST finalized ML-DSA (FIPS 204) and ML-KEM (FIPS 205) in August 2024, triggering immediate procurement cycles across federal agencies, financial institutions, and critical infrastructure operators. Hardware vendors — including the Caliptra open-source silicon consortium — moved quickly to ship accelerators. Speed-to-market and speed-to-compliance created conditions where security margin audits lagged behind deployment decisions.
NIST’s post-quantum migration guidance explicitly warns that algorithm-level security does not guarantee implementation-level security. Side-channel resistance requires independent validation at the RTL and physical layers — validation that Adams Bridge’s published documentation did not fully support.
The Compliance Burden Shifts
For organizations subject to CMMC Level 2/3, FedRAMP High, or financial sector PQC readiness mandates, the Adams Bridge findings create a specific compliance question: does your hardware attestation chain include side-channel resistance validation, or only algorithm conformance testing?
Algorithm conformance (ACVTS testing) confirms that ML-KEM produces correct outputs. It says nothing about whether an attacker with oscilloscope access to your server’s power rail can recover the private key. These are different threat models, and regulators are beginning to distinguish them.
Who Is Exposed
Caliptra is an open-source root-of-trust specification backed by major hyperscalers and server OEMs. Adams Bridge is its PQC accelerator. Organizations running data center infrastructure that incorporates Caliptra-compliant silicon — or evaluating it for procurement — should treat this analysis as a required input to their hardware security review, not an academic footnote.
No disclosure timeline or vendor response is documented in the paper. Whether Caliptra maintainers have been notified and whether a patch or errata exists is not publicly confirmed as of this writing.
The BeQuantum Perspective: What Rigorous PQC Validation Looks Like
The Adams Bridge analysis illustrates a failure mode that BeQuantum’s security architecture is specifically designed to surface: the gap between a vendor’s security claim and the implementation reality.
BeQuantum’s PQC Layer applies a three-stage validation methodology to hardware-backed cryptographic operations:
Stage 1 — RTL Entropy Audit: Before any hardware accelerator enters a customer’s trust boundary, we verify that the entropy sources claimed in the security argument match what the RTL actually generates. The Adams Bridge case — 6 bits delivered against 296 bits assumed — is exactly the class of discrepancy this stage catches.
Stage 2 — Topology-Aware Side-Channel Modeling: The finding that observation topology determines BP convergence success means that security margin analysis must model where an attacker can observe, not just how many points they can observe. BeQuantum’s analytical pipeline maps the full INTT factor graph for any submitted accelerator design and identifies topological vulnerabilities before physical silicon is cut.
Stage 3 — Digital Notary Attestation: Once a hardware component passes RTL and side-channel validation, BeQuantum’s Digital Notary issues a cryptographically signed attestation that binds the validated security properties to the specific RTL revision. If the RTL changes — even a minor update to the shuffling logic — the attestation invalidates automatically, triggering re-review.
For organizations deploying IceCase hardware security modules, this pipeline runs as a pre-deployment gate. No PQC accelerator enters production without a topology-aware side-channel clearance.
The Adams Bridge situation also highlights why epistemic confidence tagging matters. A security claim of 2^96 CPA complexity carries very different weight depending on whether it derives from a formal proof, an RTL-verified simulation, or an extrapolation from a theoretical shuffling model. BeQuantum’s attestation documents include explicit confidence tiers for each security property — so your security architects know exactly what has been proven versus assumed.
What You Should Do Next
Within 30 days — Inventory your Caliptra exposure: Identify every server, HSM, or embedded system in your environment that incorporates Caliptra-compliant silicon or Adams Bridge specifically. Your hardware vendors’ bill-of-materials documentation and silicon datasheets are the starting point. If you cannot confirm the root-of-trust architecture from documentation, request RTL-level security disclosures directly from your OEM.
Within 60 days — Audit your side-channel attestation chain: For each PQC hardware component in your environment, determine whether your existing security attestations cover side-channel resistance or only algorithm conformance. ACVTS certificates do not cover CPA resistance. If your attestation chain has this gap, flag it for your compliance team and begin remediation planning.
Within 90 days — Evaluate countermeasure adequacy: The paper identifies strategic masking of 3 consecutive mid-INTT layers as a countermeasure that defeats soft-analytical attacks at 43% overhead versus full masking — significantly cheaper than masking every layer. If your hardware vendor issues an errata or firmware update addressing the entropy gap, validate that the fix implements topology-aware masking rather than simply adding more shuffling entropy. More entropy in the wrong topology does not close the vulnerability.
Frequently Asked Questions
Q: Does this finding mean Adams Bridge is broken and ML-KEM/ML-DSA keys are at immediate risk?
A: Not in the sense of a demonstrated, end-to-end key recovery attack. The 37-bit enumeration reduction and 100% BP coefficient recovery are established analytically and in simulation — no physical power traces from real Adams Bridge hardware are reported. However, the entropy gap between claimed and actual shuffling security is confirmed at the RTL level, which means the published CPA complexity figures are not reliable. Organizations should treat the security margin as unvalidated until an independent physical-layer assessment is completed.
Q: Does this affect the ML-DSA and ML-KEM algorithms themselves, or only this specific hardware implementation?
A: The algorithms are unaffected. ML-DSA and ML-KEM are mathematically sound NIST standards. This vulnerability is specific to the Adams Bridge hardware implementation’s side-channel countermeasure design — specifically, the RSI shuffling mechanism applied to INTT layers. A software implementation of ML-KEM running on a general-purpose CPU has a completely different side-channel profile and is not implicated by this research.
Q: What is the practical minimum SNR an attacker needs to exploit this?
A: The genie-aided information-theoretic bound establishes that full coefficient recovery is achievable at SNR×N as low as 15. What this means in a real deployment depends on the physical measurement conditions — cable length, shielding, power supply noise, and measurement equipment quality all affect achievable SNR. The paper does not characterize real-world Adams Bridge deployment SNR conditions, so the distance between this threshold and a practical attack remains an open question requiring empirical measurement on physical hardware.