As quantum computers advance, traditional public-key cryptosystems like RSA and ECC are expected to be broken, threatening digital confidentiality and authentication across critical systems. In response, the National Institute of Standards and Technology (NIST) launched a multi-year effort to standardize post-quantum cryptographic (PQC) algorithms resistant to quantum attacks. This resulted in the selection of ML-KEM (formerly Kyber) for key encapsulation and ML-DSA (formerly Dilithium) for digital signatures, along with alternate signature schemes such as SLH-DSA (formerly SPHINCS+). Simultaneously, the NSA’s Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) mandates migration to quantum-resistant cryptography for national security systems by the end of the decade.
As organizations begin integrating these new algorithms, ensuring trust in their implementation and deployment becomes paramount. While open-source codebases provide transparency and research value, production deployment—especially in mission-critical environments—demands hardened engineering, accountability, supply chain security, formal assurance, and lifecycle support from responsible vendors.
🚨 The Hidden Dangers of Open or Untrusted Crypto IP
Many publicly available implementations of PQC standards—including ML‑KEM, ML‑DSA, and SLH‑DSA—lack essential production‑grade properties:
- No side‑channel protections
- Absence of formal verification
- Weak or nonexistent integration tooling
- No vendor accountability or patch support
- Lack of supply chain security controls, leaving IP vulnerable to counterfeit, tampered, or maliciously modified components
Treating open reference code as “drop-in” for embedded or hardware-secure environments poses serious risks. Cryptographic code integrated into secure enclaves, firmware, and system roots of trust must be engineered defensively against sophisticated attack vectors—and traced end‑to‑end through the supply chain to guarantee provenance and integrity.
⚠️ djb’s Critique of Open‑Source Cryptography
Daniel J. Bernstein—cryptographer and developer of foundational tools like Curve25519 and Ed25519—has voiced sharp criticism of open-source cryptographic libraries. In public talks, he revealed severe bugs in well-known open-source projects:
- A one-bit comparison error in OpenSSL’s CRYPTO_memcmp
- A broken AVX2 Montgomery multiplication routine in OpenSSL’s RSA/DSA logic
He also warns that so-called “crypto agility”—designed to make algorithms swappable—can dangerously increase attack surface and weaken verifiability [5].
Lesson: Open-source visibility is no substitute for sound engineering. Real-world cryptographic security must be built on misuse-resistant design and implementation correctness—not just published code.
🛑 TETRA: Cryptographic Backdoor in Proprietary Systems
The TETRA:BURST vulnerability uncovered a deliberate weakness in the TEA1 encryption algorithm used in police and military radios. Though marketed as 80-bit encryption, the actual key space was silently reduced to 32 bits—allowing real-time decryption using commodity hardware [2].
Because the algorithm was proprietary and undocumented, this vulnerability remained hidden from public view for decades.
Lesson: Whether code is proprietary or open, if it’s not subject to transparent validation and robust implementation assurance, it can harbor catastrophic flaws.
🧪 Galois, Inc.: Formal Verification as a Countermeasure
Galois Inc., a leader in formal methods and verified cryptographic engineering, has emphasized that open-source does not mean secure. Their team has proven the correctness of real-world libraries like AWS s2n and blst using formal methods tools such as SAW and Cryptol [6][7].
Galois reports that open-source cryptographic code frequently suffers from:
- Hidden undefined behavior
- Memory safety errors
- Incomplete or unverified correctness
Formal verification enables mathematical proofs of functional correctness, ensuring not just transparency—but assurance.
Lesson: Verified code is secure code. Publishing open-source repositories without verifying them doesn't eliminate risk—it can amplify it.
🔍 Case Study: Caliptra Root of Trust Vulnerability
Our own research uncovered side-channel vulnerabilities in Caliptra, an open-source Root of Trust architecture co-developed by major chipmakers. While the architecture was conceptually sound, its reference implementation lacked protection against differential power analysis (DPA), allowing secret key leakage during cryptographic execution [1].
Lesson: Even cutting-edge, collaborative frameworks can fail if implementation assurance and hardened engineering are not prioritized.
🪧 Aligning with National Cybersecurity Strategy: Vendor Responsibility Is Essential
The Atlantic Council’s Cyber Statecraft Initiative (CSI) advocates that cybersecurity burden should fall on best-positioned actors—those who design and deploy foundational technologies. Unfortunately, the U.S. National Cybersecurity Strategy Implementation Plan has softened its boldest reforms, including secure-by-design mandates and liability shifts [4].
Conclusion: True implementation security and supply chain resilience cannot be offloaded to community-maintained reference code. The responsibility must rest with vendors that offer accountable, verified, and supported cryptographic IP.
✅ Our Approach at PQSecure™
At PQSecure™, we deliver production-grade cryptographic IP—both hardware and software—designed for assurance, integration, and lifecycle security. Our offerings include:
- Side-channel and fault-injection protections
- Formal functional verification and TVLA-based evaluation
- Secure boot, root-of-trust, and embedded system integration
- Supply chain traceability and long-term vendor support
We provide hardened implementations of ML‑KEM, ML‑DSA, SLH‑DSA, and hybrid classical/PQC digital signatures for defense, IoT, and embedded sectors.
📚 References
1. Azarderakhsh et al., “Attacking the Caliptra Root of Trust,” HOST 2025.
2. 'Backdoor in Police Radios,' Vice.
3. 'Chinese Encryption Chips Found in US Military and Government Devices,' Wired.
4. Atlantic Council, 'The National Cybersecurity Strategy Implementation Plan: A CSI Markup.'
5. Bernstein, D.J., 'Does Open‑Source Cryptographic Software Work Correctly?', 2019 talk.
6. Dodds, M. et al., 'Formally Verifying Industry Cryptography,' IEEE Security & Privacy, May 2022.
7. Galois Blog, 'Who Is Verifying Their Cryptographic Protocols?' and SAW/Cryptol documentation.
About the author: Dr. Reza Azarderakhsh is a thought leader in software and hardware post-quantum cryptographic (PQC) protocol design and secure implementations. He is a professor, trainer, and one of the pioneers in the development of various cryptographic algorithms and protocols. Dr. Azarderakhsh is the founder of PQSecure Technologies and has authored over 150 publications and multiple patents in cryptographic engineering and secure hardware systems
About PQSecure Technologies: Founded in 2017, PQSecure Technologies designs, develops, deploys, and integrates quantum-resistant cryptographic solutions for hyper-scale hyper-connected IoT devices for commercial and defense industry. Utilizing deep domain expertise with a strong patent portfolio, PQSecure Technologies is building highly scalable, agile, and reconfigurable quantum-safe cryptographic hardware IPs and software libraries to help customers to adopt and integrate seamlessly with low footprint and minimal overhead.