CNSA 2.0 Deadline: January 2027
Time Until CNSA 2.0 Mandate
---
Days
--
Hours
--
Minutes
--
Seconds
All new NSS equipment must be CNSA 2.0 compliant

Pre-Silicon PQC Verification for Mission-Critical Systems

Find security vulnerabilities in post-quantum cryptographic hardware before tape-out. Formal verification that catches what testing misses.

17
Vulnerabilities confirmed
under coordinated disclosure
0
False positives on
OpenTitan reference design
0.04s
To find what takes
10,000 power traces
Apply for Early Access View Validation Results

NSA CNSA 2.0 Compliance Timeline

Defense contractors must verify PQC implementations meet security requirements before deployment to National Security Systems.

Jan 2027
All NEW NSS equipment must be CNSA 2.0 compliant
2030
All deployed firmware must use CNSA 2.0 signatures
2033
Final mandatory compliance deadline
2035
Pure post-quantum algorithms required

The Hidden Risk in PQC Hardware

Masked implementations can leak MORE information than unmasked designs if implemented incorrectly.

Carry Bit Leakage

Each carry observation reveals ~0.81 bits about the secret key. Modular arithmetic without proper masking exposes your cryptographic secrets through power analysis.

🔓

Unmasked Intermediates

Shares combined before modular reduction expose the full secret. A single unmasked intermediate defeats the entire masking countermeasure.

💥

Glitch Attacks

DOM (Domain-Oriented Masking) without proper pipelining is vulnerable to transient glitches. Combinational logic can leak before registers capture clean values.

⏱️

Timing Side-Channels

Non-constant-time NTT operations leak secret polynomial coefficients. Variable-time execution enables timing attacks even on masked implementations.

🎯

Harvest Now, Decrypt Later

Adversaries capture encrypted traffic today, waiting for quantum computers to decrypt. Flawed PQC implementations offer false protection.

💰

Post-Tapeout Discovery = $Millions

Finding security flaws after silicon fabrication means respins, delays, and potential compromise. Shift-left verification saves millions.

QANARY: Formal Verification for PQC Hardware

Pre-silicon verification that combines formal methods with side-channel analysis to find vulnerabilities before tape-out.

  • Formal Glitch Verification - SMT-based proofs that masking holds even under glitch attacks (RbR + PINI security)
  • Carry Leakage Detection - Automatically identifies modular arithmetic operations that leak through carries
  • NTT Butterfly Verification - Symbolically proves ML-DSA/ML-KEM Number Theoretic Transform correctness
  • Timing Analysis - Cycle-exact FSM extraction proves constant-time execution
  • FIPS 203/204/205 Compliance - Validates against NIST test vectors for ML-KEM, ML-DSA, and SLH-DSA
# QANARY Analysis Output Target: pqc_ml_dsa_accelerator_v2 Status: VULNERABILITIES FOUND ## High Severity Location: ntt_masked_BFU_mult.v Type: Unmasked Intermediate Impact: Full secret exposure Fix: Add pipeline register before modular reduction ## Medium Severity Type: Carry Leakage Modules: 6 affected Leakage: ~0.81 bits per observation ## Timing Analysis Status: PASS - Constant time verified Cycles: 2,048 (deterministic)

Validated on Production Hardware

Real vulnerabilities found in PQC accelerators. Zero false positives on known-secure designs.

Production PQC Accelerator Active Disclosure

Open-source ML-DSA/ML-KEM implementation under coordinated disclosure

  • Unmasked intermediatesHIGH
  • Carry leakage (multiple)MEDIUM
  • DOM pipeline issuesMEDIUM
  • Timing analysisPASS
  • Embargo endsMarch 2026

Methodology Validation Zero False Positives

OpenTitan AES S-Box (LowRISC) - known-secure reference design

  • Glitch security (RbR)PASS
  • Glitch security (PINI)PASS
  • Information flowPASS
  • False positives0
  • Why this mattersWe don't cry wolf

Independent confirmation: Academic researchers found the same vulnerability using 10,000 power traces.
QANARY found it in 0.04 seconds with just RTL code.

Responsible Disclosure: Our findings follow coordinated disclosure practices. Detailed vulnerability information is shared with vendors under embargo before public release.

Development Roadmap

Transparent progress toward production-ready verification.

Q1 2026
Coordinated disclosure complete • CVE assignment • Early access program active
Q2 2026
Academic publication • Open source core engine • Conference presentations
Q3 2026
Commercial beta • Enterprise integrations • First paying customers
2027
Full commercial availability • CNSA 2.0 compliance support

Early Access Program

Join the first organizations to verify PQC hardware security before tape-out.

Research Collaboration

Open

For academic researchers and security teams exploring PQC verification.

  • Access to methodology documentation
  • Technical discussions
  • Acknowledgment in publications
  • Early access to open source
Get in Touch

Design Analysis

Limited spots

Have QANARY analyze your PQC implementation during early access.

  • Full QANARY analysis
  • Detailed vulnerability report
  • Remediation guidance
  • Direct team access
  • Feature priority input
Apply for Early Access

Commercial (Q3 2026)

Coming

Full commercial licensing available after public release.

  • Site licenses
  • On-premise deployment
  • Enterprise support SLAs
  • Custom patterns
  • Training & certification
Join Waitlist

Get Early Access

Be among the first to verify PQC hardware security before tape-out.

Protected Contact

Our contact details are protected to prevent spam.

PGP Public Key

Complete verification to access PGP key

We practice what we preach. All sensitive communications are encrypted end-to-end.

Stay Connected

Get updates on PQC hardware security research. No spam, just signal.

Get Updates