Paper 2024/1522

Beware of Keccak: Practical Fault Attacks on SHA-3 to Compromise Kyber and Dilithium on ARM Cortex-M Devices

Yuxuan Wang, Shanghai Jiao Tong University
Jintong Yu, Shanghai Jiao Tong University
Shipei Qu, Shanghai Jiao Tong University
Xiaolin Zhang, Shanghai Jiao Tong University
Xiaowei Li, Shanghai Jiao Tong University
Chi Zhang, Shanghai Jiao Tong University
Dawu Gu, Shanghai Jiao Tong University
Abstract

Keccak acts as the hash algorithm and eXtendable-Output Function (XOF) specified in the NIST standard drafts for Kyber and Dilithium. The Keccak output is highly correlated with sensitive information. While in RSA and ECDSA, hash-like components are only used to process public information, such as the message. The importance and sensitivity of hash-like components like Keccak are much higher in Kyber and Dilithium than in traditional public-key cryptography. However, few works study Keccak regarding the physical security of Kyber and Dilithium. In this paper, we propose a practical fault attack scheme on Keccak to compromise Kyber and Dilithium on ARM Cortex-M devices. Specifically, by injecting loop-abort faults in the iterative assignments or updates of Keccak, we propose six attacks that can set the Keccak output to a known value. These attacks can be exploited to disrupt the random number expansion or other critical processes in Kyber and Dilithium, thereby recovering sensitive information derived from the Keccak output. In this way, we propose eight attack strategies on Kyber and seven on Dilithium, achieving key recovery, signature forgery, and verification bypass. To validate the practicality of the proposed attack strategies, we perform fault characterization on five real-world devices belonging to four different series (ARM Cortex-M0+, M3, M4, and M33). The success rate is up to 89.5%, demonstrating the feasibility of loop-abort faults. This paper also provides a guide for reliably inducing loop-abort faults on ARM Cortex-M devices using electromagnetic fault injection. We further validate our complete attacks on Kyber and Dilithium based on the official implementations, achieving a success rate of up to 55.1%. The results demonstrate that the excessive use of Keccak in generating and computing secret information leads to severe vulnerabilities. Our work can potentially be migrated to other post-quantum cryptographic algorithms that use Keccak, such as Falcon, BIKE, and HQC.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
Post-Quantum CryptographyFault Injection AttackKeccakKyberDilithiumARM Cortex-M
Contact author(s)
18588297218 @ sjtu edu cn
jintongyu @ sjtu edu cn
shipeiqu @ sjtu edu cn
xiaolinzhang @ sjtu edu cn
happy_lxw @ sjtu edu cn
zcsjtu @ sjtu edu cn
dwgu @ sjtu edu cn
History
2024-09-30: approved
2024-09-27: received
See all versions
Short URL
https://ia.cr/2024/1522
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/1522,
      author = {Yuxuan Wang and Jintong Yu and Shipei Qu and Xiaolin Zhang and Xiaowei Li and Chi Zhang and Dawu Gu},
      title = {Beware of Keccak: Practical Fault Attacks on {SHA}-3 to Compromise Kyber and Dilithium on {ARM} Cortex-M Devices},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1522},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1522}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.