Paper 2025/2009
When Randomness Isn’t Random: Practical Fault Attack on Post-Quantum Lattice Standards
Abstract
Post-quantum cryptographic schemes like ML-KEM and ML-DSA have been standardized to secure digital communication against quantum threats. While their theoretical foundations are robust, we identify a critical implementation-level vulnerability in both: a single point of failure centered on the random seed pointer used in polynomial sampling. By corrupting this pointer, an attacker can deterministically compromise the entire scheme, bypassing standard countermeasures. We present the first practical fault-injection attacks exploiting this weakness and validate them on an STM32H7 microcontroller using laser fault injection. Our results demonstrate full key and message recovery for ML-KEM and signature forgery for ML-DSA, with success rates up to 100%. We further verify the presence of this vulnerable implementation style in widely used public libraries, including PQM4, LibOQS, PQClean, and WolfSSL, and propose effective countermeasures to mitigate this overlooked yet severe threat.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- Post quantum cryptographyML-KEMML-DSAlaser fault injection
- Contact author(s)
-
haripras003 @ e ntu edu sg
prasanna ravi @ ntu edu sg
sbhasin @ ntu edu sg - History
- 2025-11-01: approved
- 2025-10-28: received
- See all versions
- Short URL
- https://ia.cr/2025/2009
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2025/2009,
author = {Hariprasad Kelassery Valsaraj and Prasanna Ravi and Shivam Bhasin},
title = {When Randomness Isn’t Random: Practical Fault Attack on Post-Quantum Lattice Standards},
howpublished = {Cryptology {ePrint} Archive, Paper 2025/2009},
year = {2025},
url = {https://eprint.iacr.org/2025/2009}
}