Mind the Faulty Keccak: A Practical Fault Injection Attack Scheme Applied to All Phases of ML-KEM and ML-DSA

IF 8 1区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS

IEEE Transactions on Information Forensics and Security Pub Date : 2025-09-08 DOI:10.1109/TIFS.2025.3607242

Yuxuan Wang;Jintong Yu;Shipei Qu;Xiaolin Zhang;Xiaowei Li;Chi Zhang;Dawu Gu

{"title":"Mind the Faulty Keccak: A Practical Fault Injection Attack Scheme Applied to All Phases of ML-KEM and ML-DSA","authors":"Yuxuan Wang;Jintong Yu;Shipei Qu;Xiaolin Zhang;Xiaowei Li;Chi Zhang;Dawu Gu","doi":"10.1109/TIFS.2025.3607242","DOIUrl":null,"url":null,"abstract":"ML-KEM and ML-DSA are NIST-standardized lattice-based post-quantum cryptographic algorithms. In both algorithms, <sc>Keccak</small> is the designated hash algorithm extensively used for deriving sensitive information, making it a valuable target for attackers. In the field of fault injection attacks, few works targeted <sc>Keccak</small>, and they have not fully explored its impact on the security of ML-KEM and ML-DSA. Consequently, many attacks remain undiscovered. In this article, we first identify various fault vulnerabilities of <sc>Keccak</small> that determine the (partial) output by manipulating the control flow under a practical loop-abort model. Then, we systematically analyze the impact of a faulty <sc>Keccak</small> output and propose six attacks against ML-KEM and five attacks against ML-DSA, including key recovery, signature forgery, and verification bypass. These attacks cover the key generation, encapsulation, decapsulation, signing, and verification phases, making our scheme the first to apply to all phases of ML-KEM and ML-DSA. The proposed attacks are validated on the C implementations of the PQClean library’s ML-KEM and ML-DSA running on embedded devices. Experiments show that the required loop-abort faults can be realized on ARM Cortex-M0+, M3, M4, and M33 microprocessors with low-cost electromagnetic fault injection settings, achieving a success rate of 89.5%. Once the fault injection is successful, all proposed attacks can succeed with a probability of 100%.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"10035-10050"},"PeriodicalIF":8.0000,"publicationDate":"2025-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Information Forensics and Security","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/11153499/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

ML-KEM and ML-DSA are NIST-standardized lattice-based post-quantum cryptographic algorithms. In both algorithms, Keccak is the designated hash algorithm extensively used for deriving sensitive information, making it a valuable target for attackers. In the field of fault injection attacks, few works targeted Keccak, and they have not fully explored its impact on the security of ML-KEM and ML-DSA. Consequently, many attacks remain undiscovered. In this article, we first identify various fault vulnerabilities of Keccak that determine the (partial) output by manipulating the control flow under a practical loop-abort model. Then, we systematically analyze the impact of a faulty Keccak output and propose six attacks against ML-KEM and five attacks against ML-DSA, including key recovery, signature forgery, and verification bypass. These attacks cover the key generation, encapsulation, decapsulation, signing, and verification phases, making our scheme the first to apply to all phases of ML-KEM and ML-DSA. The proposed attacks are validated on the C implementations of the PQClean library’s ML-KEM and ML-DSA running on embedded devices. Experiments show that the required loop-abort faults can be realized on ARM Cortex-M0+, M3, M4, and M33 microprocessors with low-cost electromagnetic fault injection settings, achieving a success rate of 89.5%. Once the fault injection is successful, all proposed attacks can succeed with a probability of 100%.

查看原文本刊更多论文

一种实用的故障注入攻击方案，适用于ML-KEM和ML-DSA的所有阶段

ML-KEM和ML-DSA是nist标准化的基于格子的后量子加密算法。在这两种算法中，Keccak是指定的散列算法，广泛用于获取敏感信息，使其成为攻击者的宝贵目标。在故障注入攻击领域，针对Keccak的研究很少，也没有充分探讨其对ML-KEM和ML-DSA安全性的影响。因此，许多攻击仍未被发现。在本文中，我们首先识别Keccak的各种故障漏洞，这些漏洞通过在实际的循环中止模型下操纵控制流来确定（部分）输出。然后，我们系统地分析了Keccak输出错误的影响，并提出了针对ML-KEM的六种攻击和针对ML-DSA的五种攻击，包括密钥恢复、签名伪造和验证绕过。这些攻击涵盖密钥生成、封装、解封装、签名和验证阶段，使我们的方案第一个应用于ML-KEM和ML-DSA的所有阶段。在嵌入式设备上运行的PQClean库的ML-KEM和ML-DSA的C实现上验证了所提出的攻击。实验表明，采用低成本的电磁故障注入设置，可以在ARM Cortex-M0+、M3、M4和M33微处理器上实现所需的环中断故障，成功率为89.5%。一旦故障注入成功，所有建议的攻击都可以以100%的概率成功。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Information Forensics and Security 工程技术-工程：电子与电气

CiteScore

14.40

自引率

7.40%

发文量

234

审稿时长

6.5 months

期刊介绍： The IEEE Transactions on Information Forensics and Security covers the sciences, technologies, and applications relating to information forensics, information security, biometrics, surveillance and systems applications that incorporate these features