kth.sePublications KTH
Operational message
There are currently operational disruptions. Troubleshooting is in progress.
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A Single-Trace Fault Injection Attack on Hedged Module Lattice Digital Signature Algorithm (ML-DSA)
KTH, School of Electrical Engineering and Computer Science (EECS), Electrical Engineering, Electronics and Embedded systems.ORCID iD: 0009-0000-0070-9595
Ericsson Research, Stockholm, Sweden.
KTH, School of Electrical Engineering and Computer Science (EECS), Electrical Engineering, Electronics and Embedded systems.ORCID iD: 0000-0001-7382-9408
2024 (English)In: Proceedings - 2024 Workshop on Fault Detection and Tolerance in Cryptography, FDTC 2024, Institute of Electrical and Electronics Engineers (IEEE) , 2024, p. 34-43Conference paper, Published paper (Refereed)
Abstract [en]

Module Lattice Digital Signature Algorithm (MLDSA) is a post-quantum digital signature algorithm currently being standardised by the NIST. Devices making use of MLDSA are expected to soon become generally available in various environments. It is thus important to assess the resistance of ML-DSA implementations to physical attacks. This paper presents a fault injection attack on hedged ML-DSA in ARM Cortex-M4. First, voltage glitching is performed to skip computation of a seed during the generation of the signature. We identified settings that allowed us to consistently skip the necessary function without crashing the device. After the fault injection, the secret key vector s<inf>1</inf> is derived directly from the resulting faulty signature. The attack succeeds in recovering s<inf>1</inf> from a single trace with a probability of around 53%. We also propose countermeasures against the presented attack.
Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE) , 2024. p. 34-43
Keywords [en]
CRYSTALSDilithium, Digital signature, Dilithium, Fault injection, Key recovery attack, ML-DSA, PQC
National Category
Security, Privacy and Cryptography
Identifiers
URN: urn:nbn:se:kth:diva-367300DOI: 10.1109/FDTC64268.2024.00013ISI: 001413051800005Scopus ID: 2-s2.0-85210867422OAI: oai:DiVA.org:kth-367300DiVA, id: diva2:1984513
Conference
21st Workshop on Fault Detection and Tolerance in Cryptography, FDTC 2024, Halifax, Canada, September 4, 2024
Note

Part of ISBN 9798350380361

QC 20250716

Available from: 2025-07-16 Created: 2025-07-16 Last updated: 2025-07-16Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Jendral, SönkeDubrova, Elena

Search in DiVA

By author/editor
Jendral, SönkeDubrova, Elena
By organisation
Electronics and Embedded systems
Security, Privacy and Cryptography

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 58 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
KTH Library
|
DiVA support
|
Register in DiVA
|
Posting your thesis
|
SwePub
|
About Open Access