Paper 2026/1418

CT-KAT: A Multilayer Analysis Platform for Automated Screening of Constant-Time Risks in PQC C Implementations

Seung-Won Lee, Hansung University
Min-Seo Kim, Hansung University
Su-Min Jeong, Hansung University
Hwa-Jeong Seo, Hansung University
Abstract

Following the standardization of major post-quantum cryptography (PQC) algorithms, C implementations of ML-KEM, ML-DSA, and SLH-DSA have been rapidly deployed. However, known-answer tests (KATs) verify only functional correctness and do not establish the absence of timing leakage caused by secret-dependent branches, memory accesses, or variable-latency instructions. This paper presents CT-KAT, an integrated screening platform for assessing constant-time risks in PQC C implementations. CT-KAT is configured through a single YAML file. Using this configuration, it validates the build and KAT execution. It also automatically generates harnesses for the functions under analysis. It then performs several analyses within a unified pipeline. These include Valgrind/Memcheck-based structural checks, a ct-matrix over compiler and optimization-level combinations, and an assembly-level asm-scan. When configured, the pipeline also runs dudect-based timing tests. CT-KAT aggregates the results of these checks into a single verdict drawn from a nine-class taxonomy. CT-KAT does not treat a PASS result as proof of constant-time behavior. Instead, it applies a default-deny policy when assigning verdicts. It also provides supporting evidence to guide manual triage. When applied to a PQClean-based PQC corpus, CT-KAT produced four main classifications. The baseline ML-KEM target was classified as robust. The KyberSlash reproduction was flagged as a secret-dependent variable-latency risk, labeled varlat-secret-risk. The variable-time behavior of ML-DSA and SLH-DSA/SPHINCS+ was accepted under the label accepted-variable-time. Falcon-512 was retained for further analysis and labeled needs-analysis. These results show that CT-KAT provides a screening framework that integrates signals from multiple analysis layers while making the limitations of each tool explicit.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint.
Keywords
Post-quantum cryptographyConstant-time implementationTiming side channelsKyberSlashML-KEMBuild sensitivity
Contact author(s)
dkajdfhd1 @ gmail com
msgoo0212 @ gmail com
jeong9sumin @ gmail com
hwajeong84 @ gmail com
History
2026-07-16: approved
2026-07-11: received
See all versions
Short URL
https://ia.cr/2026/1418
License
No rights reserved
CC0

BibTeX

@misc{cryptoeprint:2026/1418,
      author = {Seung-Won Lee and Min-Seo Kim and Su-Min Jeong and Hwa-Jeong Seo},
      title = {{CT}-{KAT}: A Multilayer Analysis Platform for Automated Screening of Constant-Time Risks in {PQC} C Implementations},
      howpublished = {Cryptology {ePrint} Archive, Paper 2026/1418},
      year = {2026},
      url = {https://eprint.iacr.org/2026/1418}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.