Saved in:
Bibliographic Details
Main Authors: Banegas, Gustavo, Villanueva-Polanco, Ricardo
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2509.12879
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912589658718208
author Banegas, Gustavo
Villanueva-Polanco, Ricardo
author_facet Banegas, Gustavo
Villanueva-Polanco, Ricardo
contents SNOVA is a post-quantum cryptographic signature scheme known for its efficiency and compact key sizes, making it a second-round candidate in the NIST post-quantum cryptography standardization process. This paper presents a comprehensive fault analysis of SNOVA, focusing on both permanent and transient faults during signature generation. We introduce several fault injection strategies that exploit SNOVA's structure to recover partial or complete secret keys with limited faulty signatures. Our analysis reveals that as few as 22 to 68 faulty signatures, depending on the security level, can suffice for key recovery. We propose a novel fault-assisted reconciliation attack, demonstrating its effectiveness in extracting the secret key space via solving a quadratic polynomial system. Simulations show transient faults in key signature generation steps can significantly compromise SNOVA's security. To address these vulnerabilities, we propose a lightweight countermeasure to reduce the success of fault attacks without adding significant overhead. Our results highlight the importance of fault-resistant mechanisms in post-quantum cryptographic schemes like SNOVA to ensure robustness.
format Preprint
id arxiv_https___arxiv_org_abs_2509_12879
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle A Fault Analysis on SNOVA
Banegas, Gustavo
Villanueva-Polanco, Ricardo
Cryptography and Security
SNOVA is a post-quantum cryptographic signature scheme known for its efficiency and compact key sizes, making it a second-round candidate in the NIST post-quantum cryptography standardization process. This paper presents a comprehensive fault analysis of SNOVA, focusing on both permanent and transient faults during signature generation. We introduce several fault injection strategies that exploit SNOVA's structure to recover partial or complete secret keys with limited faulty signatures. Our analysis reveals that as few as 22 to 68 faulty signatures, depending on the security level, can suffice for key recovery. We propose a novel fault-assisted reconciliation attack, demonstrating its effectiveness in extracting the secret key space via solving a quadratic polynomial system. Simulations show transient faults in key signature generation steps can significantly compromise SNOVA's security. To address these vulnerabilities, we propose a lightweight countermeasure to reduce the success of fault attacks without adding significant overhead. Our results highlight the importance of fault-resistant mechanisms in post-quantum cryptographic schemes like SNOVA to ensure robustness.
title A Fault Analysis on SNOVA
topic Cryptography and Security
url https://arxiv.org/abs/2509.12879