Mind the Faulty Keccak: A Practical Fault Injection Attack Scheme Apply to All Phases of ML-KEM and ML-DSA

Yuxuan Wang; Jintong Yu; Shipei Qu; Xiaolin Zhang; Xiaowei Li; Chi Zhang; Dawu Gu

Paper 2024/1522

Mind the Faulty Keccak: A Practical Fault Injection Attack Scheme Apply to All Phases of ML-KEM and ML-DSA

Yuxuan Wang

, Shanghai Jiao Tong University

Jintong Yu, Shanghai Jiao Tong University

Shipei Qu, Shanghai Jiao Tong University

Xiaolin Zhang, Shanghai Jiao Tong University

Xiaowei Li, Shanghai Jiao Tong University

Chi Zhang, Shanghai Jiao Tong University

Dawu Gu, Shanghai Jiao Tong University

Abstract

ML-KEM and ML-DSA are NIST-standardized lattice-based post-quantum cryptographic algorithms. In both algorithms, Keccak is the designated hash algorithm extensively used for deriving sensitive information, making it a valuable target for attackers. In the field of fault injection attacks, few works targeted Keccak, and they have not fully explored its impact on the security of ML-KEM and ML-DSA. Consequently, many attacks remain undiscovered. In this article, we first identify various fault vulnerabilities of KECCAK that determine the (partial) output by manipulating the control flow under a practical loop-abort model. Then, we systematically analyze the impact of a faulty Keccak output and propose six attacks against ML-KEM and five attacks against ML-DSA, including key recovery, signature forgery, and verification bypass. These attacks cover the key generation, encapsulation, decapsulation, signing, and verification phases, making our scheme the first to apply to all phases of ML-KEM and ML-DSA. The proposed attacks are validated on the C implementations of the PQClean library’s ML-KEM and ML-DSA running on embedded devices. Experiments show that the required loop-abort faults can be realized on ARM Cortex-M0+, M3, M4, and M33 microprocessors with low-cost electromagnetic fault injection settings, achieving a success rate of 89.5%. Once the fault injection is successful, all proposed attacks can succeed with a probability of 100%.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Preprint.
Keywords: Post-Quantum Cryptography Fault Injection Attack Keccak Kyber Dilithium ARM Cortex-M
Contact author(s): 18588297218 @ sjtu edu cn
jintongyu @ sjtu edu cn
shipeiqu @ sjtu edu cn
xiaolinzhang @ sjtu edu cn
happy_lxw @ sjtu edu cn
zcsjtu @ sjtu edu cn
dwgu @ sjtu edu cn
History: 2025-02-13: last of 2 revisions; 2024-09-27: received; See all versions
Short URL: https://ia.cr/2024/1522
License: CC BY

BibTeX

@misc{cryptoeprint:2024/1522,
      author = {Yuxuan Wang and Jintong Yu and Shipei Qu and Xiaolin Zhang and Xiaowei Li and Chi Zhang and Dawu Gu},
      title = {Mind the Faulty Keccak: A Practical Fault Injection Attack Scheme Apply to All Phases of {ML}-{KEM} and {ML}-{DSA}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1522},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1522}
}