Paper 2024/1883
A Fault Analysis on SNOVA
, Inria Saclay - Île-de-France Research Centre, Computer Science Laboratory of the École PolytechniqueAbstract
SNOVA is a post-quantum cryptographic signature scheme known for its efficiency and compact key sizes, making it a second-round candidate in the NIST post-quantum cryptography standardization process. This paper presents a comprehensive fault analysis of SNOVA, focusing on both permanent and transient faults during signature generation. We introduce several fault injection strategies that exploit SNOVA's structure to recover partial or complete secret keys with limited faulty signatures. Our analysis reveals that as few as $22$ to $68$ faulty signatures, depending on the security level, can suffice for key recovery. We propose a novel fault-assisted reconciliation attack, demonstrating its effectiveness in extracting the secret key space via solving a quadratic polynomial system. Simulations show transient faults in key signature generation steps can significantly compromise SNOVA’s security. To address these vulnerabilities, we propose a lightweight countermeasure to reduce the success of fault attacks without adding significant overhead. Our results highlight the importance of fault-resistant mechanisms in post-quantum cryptographic schemes like SNOVA to ensure robustness.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- Physical attackFault-attackSNOVAMQ-based cryptography
- Contact author(s)
-
gustavo @ cryptme in
ricardo polanco @ tii ae - History
- 2024-11-22: approved
- 2024-11-19: received
- See all versions
- Short URL
- https://ia.cr/2024/1883
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1883,
author = {Gustavo Banegas and Ricardo Villanueva-Polanco},
title = {A Fault Analysis on {SNOVA}},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/1883},
year = {2024},
url = {https://eprint.iacr.org/2024/1883}
}
