Reza Azarderakhsh
Reza Azarderakhsh, Ph.D., is a Full Professor in the Department of Electrical and Computer Engineering and Computer Science at Florida Atlantic University and the Founder and CEO of PQSecure Technologies. His research focuses on cryptographic engineering with an emphasis on post-quantum cryptography, side-channel and fault attack protections, and efficient hardware/software co-design for embedded systems. He has more than 140 publications in the field of cryptographic engineering and secure protocol design, with a focus on post-quantum cryptography. Dr. Azarderakhsh has extensive experience in implementing and securing PQC algorithms such as ML-KEM and ML-DSA on constrained platforms like ARM and FPGA. He actively contributes to the standardization and deployment of post-quantum cryptography and has played a leading role in transitioning quantum-safe solutions from research to practical, real-world applications.
Session
Post-quantum cryptographic (PQC) algorithms such as ML-KEM and ML-DSA are becoming essential components for securing embedded systems in a quantum-resilient future. However, their integration into resource-constrained environments presents significant challenges—particularly in achieving both formal assurance and side-channel resistance. In this talk, we highlight the limitations of existing software implementations of PQC for embedded devices, focusing on common vulnerabilities such as timing leakage, memory access patterns, and data-dependent branching. We discuss the challenges in formally verifying correctness and side-channel resistance for PQC software, especially when adopting masking or constant-time countermeasures. Furthermore, we examine how these protected implementations can be integrated into existing protocols such as TLS using libraries like OpenSSL, where maintaining modularity and performance without sacrificing security becomes nontrivial. Our insights are based on hands-on experience with verifying and benchmarking protected PQC implementations on ARM Cortex-M devices. The talk concludes with recommendations for combining formal methods, lightweight countermeasures, and pre-silicon validation techniques to support trustworthy deployment of PQC software in embedded security stacks.