Paper 2026/1266
Practical End-to-end Fault Attacks on PERK
Abstract
This paper presents the first practical end-to-end fault injection attacks on the post-quantum signature scheme PERK, based on the MPC-in-the-Head paradigm and relies on GGM tree expansions for efficient randomness generation. While GGM trees reduce memory requirements, they introduce implementation-level deviations from the theoretical model. We show that these implementation choices fundamentally alter the fault surface and enable new attack vectors that are not captured by the original security assumptions. We propose two attacks targeting distinct stages of the GGM tree construction. The first attack fixes the root seed, resulting in deterministic tree generation and enabling full reconstruction of all leaf labels. The second attack induces reuse of GGM roots via an instruction skip, allowing recovery of hidden leaf values across consecutive rounds. Both attacks require only a single fault to recover the secret key. We demonstrate both attacks end-to-end on the pqm4 reference implementation compiled with optimization levels -O3 as well as -Os for ARM Cortex-M4 microcontrollers. Our evaluation is performed on two hardware platforms (ChipWhisperer-Lite with STM32F303 and Nucleo-L4R5ZI-P) using clock glitching and electromagnetic fault injection (EMFI). We achieve success probabilities of 100% and 85% for the two attacks, respectively. Finally, we propose countermeasures for both attacks.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- Fault Injection AttackPost-Quantum CryptographyMPCitHPERK
- Contact author(s)
-
tanguy stekke @ gmail com
durba chatterjee94 @ gmail com
lejla @ cs ru nl - History
- 2026-06-19: approved
- 2026-06-16: received
- See all versions
- Short URL
- https://ia.cr/2026/1266
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2026/1266,
author = {Tanguy Stekke and Durba Chatterjee and Lejla Batina},
title = {Practical End-to-end Fault Attacks on {PERK}},
howpublished = {Cryptology {ePrint} Archive, Paper 2026/1266},
year = {2026},
url = {https://eprint.iacr.org/2026/1266}
}