We investigate the risk of embedding stealthy hardware Trojans in implementations of multivariate quadratic (MQ) based post-quantum signature schemes that use the Keccak-based hashing module. Our study reveals that MAYO and UOV are more vulnerable due to the predictable interaction of message and secret seed within the Keccak module, while SNOVA and QR-UOV exhibit inherent resilience by deviating from this structure. We demonstrate how minimal hardware Trojans, occupying merely 0.03% of the circuit area, can be inserted into MAYO implementations to leak critical internal secrets such as the seed, potentially enabling key recovery under suitable conditions. Our results underscore the need for thorough hardware security evaluation of PQC implementations before they are deployed.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Stealthy Hardware Trojan Attacks on MQ-Based Post-quantum Digital Signatures

  • Aikata Aikata,
  • Anisha Mukherjee,
  • Sujoy Sinha Roy

摘要

We investigate the risk of embedding stealthy hardware Trojans in implementations of multivariate quadratic (MQ) based post-quantum signature schemes that use the Keccak-based hashing module. Our study reveals that MAYO and UOV are more vulnerable due to the predictable interaction of message and secret seed within the Keccak module, while SNOVA and QR-UOV exhibit inherent resilience by deviating from this structure. We demonstrate how minimal hardware Trojans, occupying merely 0.03% of the circuit area, can be inserted into MAYO implementations to leak critical internal secrets such as the seed, potentially enabling key recovery under suitable conditions. Our results underscore the need for thorough hardware security evaluation of PQC implementations before they are deployed.