Paper 2024/1883
A Fault Analysis on SNOVA
Abstract
SNOVA, a post-quantum signature scheme with compact key sizes, is a second-round NIST candidate. This paper conducts a fault analysis of SNOVA, targeting permanent and transient faults during signature generation. We propose fault injection strategies that exploit SNOVA's structure, enabling key recovery with as few as $22$ to $68$ faulty signatures, depending on security levels. A novel fault-assisted reconciliation attack is introduced that effectively extracts the secret key space by solving a quadratic polynomial system. Simulations reveal that transient or permanent faults in signature generation can severely compromise security. We also suggest a lightweight countermeasure to mitigate fault attacks with minimal overhead. Our findings emphasize the need for fault-resistant mechanisms in post-quantum schemes like SNOVA.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- Physical attackFault-attackSNOVAMQ-based cryptography
- Contact author(s)
-
gustavo @ cryptme in
ricardo polanco @ tii ae - History
- 2025-02-13: last of 2 revisions
- 2024-11-19: received
- See all versions
- Short URL
- https://ia.cr/2024/1883
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1883, author = {Gustavo Banegas and Ricardo Villanueva-Polanco}, title = {A Fault Analysis on {SNOVA}}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/1883}, year = {2024}, url = {https://eprint.iacr.org/2024/1883} }