Search papers, labs, and topics across Lattice.
This paper identifies "Secure Coding Drift" as a socio-technical vulnerability arising from the reliance on LLM-generated code in Post-Quantum Cryptography (PQC) development, highlighting the risks of degraded secure coding practices over time. By framing security risk as a behavioral phenomenon linked to human-AI interaction, the authors propose a gamified framework that integrates adversarial evaluation and security scoring into coding workflows. The key finding is that this approach transforms LLMs into active security co-pilots, significantly enhancing the safety of PQC implementations.
Reliance on LLMs in coding can lead to a gradual decline in secure practices, but gamifying the development process can turn these models into proactive security partners.
The transition to Post Quantum Cryptography (PQC) introduces considerable implementation complexity, requiring strict adherence to constant-time execution, side channel resistance, and precise parametrisation. Simultaneously, large language models (LLMs) are heavily embedded in software development workflows, including cryptographic engineering. While LLMs improve productivity, evidence shows that they frequently generate insecure or suboptimal code, particularly in security critical domains. This paper introduces Secure Coding Drift in PQC, a novel socio technical vulnerability model capturing the gradual degradation of secure coding practices due to sustained reliance on LLM-generated code. Unlike prior work that focuses on static vulnerabilities, we conceptualise security risk as a longitudinal behavioural phenomenon rising from human AI interaction. To mitigate this, we propose a gamified, LLM augmented secure coding framework that embeds adversarial evaluation, behavioural feedback, and security scoring into development workflows. Our approach reframes LLMs from passive assistants into active security co-pilots, contributing toward safer PQC implementation in AI mediated environments.