Classification techniques can be used to analyze system behaviors, network protocols, and cryptographic primitives based on identifiable traits. While useful for defense, such classification can also be leveraged by attackers to infer system configurations, detect vulnerabilities, and tailor attacks such as denial-of-service, key recovery, or downgrade attacks. In this paper, we study the feasibility of classifying post-quantum (PQ) algorithms by analyzing implementations of key exchange and digital signatures, their use within secure protocols, and their integration into SNARK generation libraries. Unlike traditional cryptography, PQ algorithms have larger memory requirements and variable computational costs. Our research examines two post-quantum cryptography libraries, liboqs and CIRCL, evaluating TLS, SSH, QUIC, OpenVPN, and OpenID Connect (OIDC) across Windows, Ubuntu, and macOS. We also analyze pysnark and lattice_zksnark for SNARK generation and verification on Ubuntu. Experimental results show that (1) classical and PQ key exchange and signature algorithms can be distinguished with accuracies of 98% and 100%; (2) specific PQ algorithms can be identified with 97% accuracy for key exchange and 86% for signatures; (3) implementations of the same algorithm in liboqs and CIRCL are distinguishable with up to 100% accuracy; and (4) within CIRCL, PQ and hybrid key exchange implementations can be distinguished with 97% accuracy. For secure protocols, we can determine whether key exchange is classical or PQ and identify the PQ algorithm used. SNARK generation and verification in pysnark and lattice_zksnark are distinguishable with 100% accuracy. We demonstrate real-world applicability by identifying PQ-enabled TLS domains in the Tranco dataset and integrating our methods into QUARTZ, an open-source risk and threat analyzer by Cisco.

翻译：分类技术可用于基于可识别特征分析系统行为、网络协议及密码学原语。此类分类虽有助于防御，但攻击者亦可利用其推断系统配置、检测漏洞并定制攻击（如拒绝服务、密钥恢复或降级攻击）。本文通过分析密钥交换与数字签名实现、其在安全协议中的应用及其在SNARK生成库中的集成，研究后量子（PQ）算法分类的可行性。与传统密码学不同，PQ算法具有更大的内存需求和可变的计算成本。本研究评估了两个后量子密码库（liboqs和CIRCL），在Windows、Ubuntu和macOS系统上测试了TLS、SSH、QUIC、OpenVPN及OpenID Connect（OIDC）协议。同时分析了Ubuntu系统中用于SNARK生成与验证的pysnark和lattice_zksnark库。实验结果表明：（1）经典与PQ密钥交换及签名算法能以98%和100%的准确率区分；（2）特定PQ算法在密钥交换和签名场景中可分别以97%和86%的准确率识别；（3）同一算法在liboqs和CIRCL中的实现能以最高100%的准确率区分；（4）在CIRCL库内，PQ与混合密钥交换实现能以97%的准确率区分。对于安全协议，我们能够判定密钥交换采用经典或PQ算法并识别具体PQ算法。pysnark与lattice_zksnark中的SNARK生成与验证过程能以100%的准确率区分。我们通过识别Tranco数据集中支持PQ的TLS域名，并将方法集成至思科开源风险威胁分析器QUARTZ，证明了该技术的实际适用性。