Fingerprinting post-quantum cryptographic implementations: Threats beyond mathematical security

Post-quantum cryptographic (PQC) algorithms are designed to defend against quantum attacks. Their advanced security exhibits unique runtime characteristics due to their computational intensity and memory requirements. 

Our study, Fingerprinting implementations of cryptographic primitivies and protocols that use post-quantum algorithms, shows that these features make PQC implementations identifiable, or  able to be fingerprinted, through side-channel analysis. Across libraries and secure protocols, machine learning (ML) models achieve up to 100% accuracy in classifying PQC schemes, revealing a new class of threats. 

Fingerprinting is not merely theoretical: It has been integrated into Cisco’s risk analysis platform and used to identify PQC connections across the internet. 

Why does fingerprinting PQC matter?

Post-quantum cryptography offers resistance against quantum attacks but introduces implementation level side channels due to unique computational resource consumption. This work raises the question: Can attackers or analysts identify which PQC algorithms, libraries, or protocols are being used, regardless of cryptographic strength? Our research explores the possibility in real-world threat scenarios, from local system access (e.g., in a multi-tenant cloud) to network visibility (e.g., handshake capture). 

Understanding the motivation: Beyond algorithmic security

Assuming the mathematical security of PQC schemes, their implementations are often characterized by large key sizes, complex internal structures, and elevated computational overhead. 

These resource patterns are observable and consistent enough to allow fingerprinting. The distinctiveness of these patterns, especially in early PQC deployments, creates an opportunity for both attackers and security analysts.  For example, an adversary might exploit this to detect PQC adoption, launch downgrade attacks, or profile vulnerable deployments. 

How we tested PQC fingerprinting in practice 

The study evaluates the ability to fingerprint at two levels: implementations and protocols. 

• Implementations: At this level, PQC key exchange and signature schemes from liboqs and CIRCL are tested on Ubuntu, macOS, and Windows. We measured metrics such as CPU cycle counts and memory footprints across multiple system loads. Among the ML models evaluated, XGBoost demonstrates the highest accuracy in classifying implementations based on these features. 
• Protocols: Protocol-level analysis targets PQC-integrated versions of TLS (Transport Layer Security), QUIC, SSH (SecureShell), OpenVPN, and OIDC (OpenIDConnect). By inspecting packet captures, especially handshake messages, we analyzed whether PQC key exchanges could be identified based on public key sizes and protocol metadata. We also considered PQC versus classical SNARK implementations using PySnark and Lattice-zk-Snark. 

What the data reveals: 

Key exchange

• The XGBoost classifier performs with near-perfect accuracy. 
• We reliably distinguish classical from PQC key exchange algorithms (98-100% accuracy).
• Identification of specific PQC key exchange schemes achieves 97% accuracy.
• Distinguishing between library implementations (liboqs vs. CIRCL) of the same algorithm is also highly accurate, ranging from 96-100%. 
• Hybrid schemes combining classical and PQC keys are distinguishable from pure PQC with 97-98% accuracy. 

Signatures

• Classification between classical and PQC schemes reaches 100% accuracy. Differentiating among PQC signature schemes like Dilithium, Falcon, and SPHINCS+ yields around 86-88%.
• Library-level differences (e.g., Dilithium in liboqs vs CIRCL) are also detected with perfect accuracy. 

Protocols

• We successfully fingerprinted PQC key exchanges by parsing handshake packets.
• TLS 1.3 connections reveal key sizes in the extensions field, while SSH exposes them in key exchange in messages. 
• The pair of key sizes exchanged in plain text during the client and server handshake messages uniquely identifies the key exchange algorithm in use. 
• Even in cases involving hybrid keys, public key sizes remain distinctive. 
• Limitations exist, with certain fragmented TLS 1.2 packets or customized Windows headers. 

SNARK performance

• PQC and classical SNARK schemes are perfectly distinguishable based on memory and CPU usage, even with system noise.  

Real-world application and early adoption trends

Fingerprinting methods are integrated into Cisco’s post-network threat analyzer. It includes classifiers for PQC usage in TLS, as well as tools to analyze runtime behavior of cryptographic libraries. 

In a scan of one million domains from the Tranco list, the system identified nearly 5,000 IPs likely using PQC key exchange, primarily associated with major cloud and CDN providers such as Cloudflare, Google, Microsoft, and Amazon. This indicates that early PQC adoption is concentrated within large-scale infrastructure.

Security implications and ways to defend

Fingerprinting challenges the assumption that secure algorithms imply secure deployments. The ability to infer cryptographic usage passively introduces risks of selective targeting and surveillance. Defenses include memory randomization, encrypted handshakes (e.g., TLS Encrypted Client Hello), and OS-level protections on process telemetry. However, these are either incomplete or impose performance trade-offs. 

Addressing side-channel exposure

Our research reveals that PQC schemes have a high ability to be fingerprinted via their runtime and network characteristics. High classification accuracy across libraries, protocols, and platforms confirms that side-channel observables expose meaningful cryptographic metadata. As PQC adoption accelerates, eliminating these side channels is crucial for preserving not just security, but operational privacy. 

If you’re interested in Cisco’s ongoing research on post-quantum cryptography and related quantum computing and security topics, explore more of our published work on the Cisco Research website. 

For a more detailed dive into the data and findings, read the full study: Fingerprinting Implementations of Cryptographic Primitives and Protocols that Use Post-Quantum Algorithms.