Post-quantum cryptography (PQC) is designed to be secure against attacks from quantum computers, yet it remains vulnerable to classic side-channel attacks (SCAs), which exploit physical implementation leaks. This manuscript examines the various SCAs used to evaluate PQC schemes, focusing on non-invasive techniques such as timing, power, and electromagnetic analysis. We provide a detailed account of the execution of these attacks against diverse PQC algorithms and identify common vulnerabilities and weaknesses. Our study reveals that, while various countermeasures have been proposed to protect PQC implementations, they are not entirely effective against sophisticated attacks. Stronger and more resilient countermeasures are needed, especially in IoT environments. The review highlights the weaknesses in the current defenses, including the necessity for more robust masking techniques, adequate security countermeasures tailored to IoT constraints, and methods to generalize SCAs across diverse hardware platforms. These issues must be addressed to enhance the practical security of PQC schemes in real-world scenarios.

Post-quantum cryptography (PQC); Side-Channel Attacks (SCAs); Countermeasures; Non-Invasive Attacks