Welcome to the resource topic for 2025/2009
Title:
When Randomness Isn’t Random: Practical Fault Attack on Post-Quantum Lattice Standards
Authors: Hariprasad Kelassery Valsaraj, Prasanna Ravi, Shivam Bhasin
Abstract:Post-quantum cryptographic schemes like ML-KEM and ML-DSA have been standardized to secure digital communication against quantum threats. While their theoretical foundations are robust, we identify a critical implementation-level vulnerability in both: a single point of failure centered on the random seed pointer used in polynomial sampling. By corrupting this pointer, an attacker can deterministically compromise the entire scheme, bypassing standard countermeasures. We present the first practical fault-injection attacks exploiting this weakness and validate them on an STM32H7 microcontroller using laser fault injection. Our results demonstrate full key and message recovery for ML-KEM and signature forgery for ML-DSA, with success rates up to 100%. We further verify the presence of this vulnerable implementation style in widely used public libraries, including PQM4, LibOQS, PQClean, and WolfSSL, and propose effective countermeasures to mitigate this overlooked yet severe threat.
ePrint: https://eprint.iacr.org/2025/2009
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .