This study is the first to systematically expose the fingerprintability of post-quantum (PQ) cryptographic algorithms in real-world systems. PQ implementations exhibit distinguishable behavioral artifacts across protocols (e.g., TLS, SSH, QUIC, OIDC), key exchange and signature schemes, and SNARK libraries (e.g., pysnark, lattice_zksnark), enabling passive identification. Method: We propose a fine-grained, cross-protocol, cross-implementation (liboqs/CIRCL), and cross-mode (pure PQ/hybrid) fingerprinting framework, integrating multidimensional side-channel analysis (timing, memory access patterns, network behavior), protocol message parsing, and random forest classification—implemented in the open-source tool QUARTZ. Contribution/Results: Our approach achieves 97–100% accuracy in algorithm-level identification, perfectly distinguishes major SNARK libraries, and successfully detects PQ-TLS adoption among Tranco’s top domains, enabling real-time situational awareness of PQ deployment.

Fingerprinting is a technique used to create behavioral profiles of systems to identify threats and weaknesses. When applied to cryptographic primitives and network protocols, it can be exploited by attackers for denial-of-service, key recovery, or downgrade attacks. In this paper, we evaluate the feasibility of fingerprinting post-quantum (PQ) algorithms by analyzing key exchange and digital signature primitives, their integration into protocols like TLS, SSH, QUIC, OpenVPN, and OIDC, and their usage in SNARK libraries (pysnark and lattice_zksnark). PQ algorithms differ from classical ones in memory and computation demands. We examine implementations across liboqs and CIRCL libraries on Windows, Ubuntu, and MacOS. Our experiments show that we can distinguish classical from PQ key exchange and signatures with 98% and 100% accuracy, respectively; identify the specific PQ algorithm used with 97% and 86% accuracy; distinguish between liboqs and CIRCL implementations with up to 100% accuracy; and identify PQ vs. hybrid implementations within CIRCL with 97% accuracy. In protocol-level analysis, we can detect the presence and type of PQ key exchange. SNARK libraries are distinguishable with 100% accuracy. To demonstrate real-world applicability, we apply our fingerprinting methods to the Tranco dataset to detect domains using PQ TLS and integrate our methods into QUARTZ, an open-source threat analysis tool developed by Cisco.