Paper 2018/674

Practical Fault Injection Attacks on SPHINCS

Aymeric Genêt, Matthias J. Kannwischer, Hervé Pelletier, and Andrew McLauchlan


The majority of currently deployed cryptographic public-key schemes are at risk of becoming insecure once large scale quantum computers become practical. Therefore, substitutes resistant to quantum attacks楊nown as post-quantum cryptography預re required. In particular, hash-based signature schemes appear to be the most conservative choice for post-quantum digital signatures. In this work, we mount the first practical fault attack against hash-based cryptography. The attack was originally proposed by Castelnovi, Martinelli, and Prest [9] and allows the creation of a universal signature forgery that applies to all current standardisation candidates (XMSS, LMS, SPHINCS+, and Gravity-SPHINCS). We perform the attack on an Arduino Due board featuring an ARM Cortex-M3 microprocessor running the original stateless scheme SPHINCS with a focus on practicality. We describe how the attack is mountable with a simple voltage glitch injection on the targeted platform, which allowed us to collect enough faulty signatures to create a universal forgery within seconds. As the attack also applies to stateful schemes, we show how caching one-time signatures can entirely prevent the attack for stateful schemes, such as XMSS and LMS. However, we discuss how protecting stateless schemes, like SPHINCS, SPHINCS+, and Gravity-SPHINCS, is more challenging, as this countermeasure does not apply as efficiently as in stateful schemes.

Available format(s)
Public-key cryptography
Publication info
SPHINCShash-based signaturevoltage glitchingfault attackdigital signature
Contact author(s)
matthias @ kannwischer eu
2018-10-15: revised
2018-07-13: received
See all versions
Short URL
Creative Commons Attribution


      author = {Aymeric Genêt and Matthias J.  Kannwischer and Hervé Pelletier and Andrew McLauchlan},
      title = {Practical Fault Injection Attacks on SPHINCS},
      howpublished = {Cryptology ePrint Archive, Paper 2018/674},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.