The Urgent Need for Fault-Resilient Cryptography
As cyber threats increase, the vulnerabilities of cryptographic systems come under greater scrutiny. While the cryptographic algorithms are theoretically secure, their implementations often fail to withstand real-world attack scenarios. Fault injection attacks exploit weaknesses during computation by flipping bits, which can compromise the integrity of a cryptographic system. With post-quantum cryptography emerging as a necessity to counter quantum threats, ensuring that these advanced algorithms are resilient to implementation attacks is paramount.
Fraunhofer AISEC has addressed this issue with research work on Impeccable Keccak. Detailed information on our research can be found in the paper »Impeccable Keccak. Towards Fault Resilient SPHINCS+ Implementations«.
Keccak, Fault Injection, and Impeccable Circuits
Impeccable Keccak strengthens SPHINCS+, a stateless, hash-based digital signature scheme, against fault injection vulnerabilities. At the heart of this work lies Keccak, the cryptographic sponge function that powers the SHA-3 family of hash functions. Keccak is deployed in many cryptographic algorithms making its fault resilience essential for securing next-generation systems.
Fault injection attacks exploit weaknesses at the hardware level. An adversary can inject faults by flipping data bits during computation, e.g. by inducing an EM or laser pulse into the circuit. For SPHINCS+, it could allow the adversary to forge the signature, as it is described in [1]. The attack exploits the SPHINCS+ hyper-tree structure and grafts a forged sub-tree, compromising the signature generation process. Due to the non-linear structure of the Keccak function, it protection is a crucial part of the scheme (protection of other SPHINCS+ components (e.g., FSMs) is trivial). To counter these challenges, Fraunhofer AISEC turned to impeccable circuits, a design concept that protects data through redundancy and error detection mechanisms. Specifically, the proposed encoding ensures that any fault(s) affecting fewer than four bits can be detected, preserving computations integrity.
How Impeccable Keccak Delivers Active Security
The core innovation behind Impeccable Keccak is its ability to prove active security against fault injection attacks. Active security is a theoretical concept of circuit resilience against fault attacks, that can be used for formal verification.
The approach of cybersecurity researchers at Fraunhofer AISEC involves encoding input data with Hamming codes, which distribute redundancy across the data, making it difficult for attackers to introduce undetected errors. By combining error detection and innovative circuit design, Impeccable Keccak has been proven to achieve third-order active security. This means it can withstand up to three simultaneous faults without compromising the system.
Fraunhofer AISEC has also formally verified the robustness of their design. The impeccable circuits were subjected to rigorous tests, confirming their ability to detect and mitigate attacks under various fault models. The combination of theoretical proofs and practical validation ensures that this approach is ready for real-world applications.
Our impeccable Keccak design and all resources we used during the security evaluation of our design can be found on GitHub site »impeccable keccak«. [Link will be added shortly!].
Unprecedented Results in Fault-Resilient Post-Quantum Cryptography
The results of Impeccable Keccak demonstrate its resilience to fault injection attacks. For faults involving three or fewer bit flips, the design guarantees detection, ensuring the integrity of the cryptographic process. Even when four bits are flipped, the probability of detecting the fault remains high. These results make it one of the most robust designs in the field of cryptography today.
Despite its enhanced security, Impeccable Keccak remains efficient, with an area overhead of just 3.2 times compared to standard implementations. This efficiency makes it practical for deployment in real-world systems, particularly in environments where fault injection attacks are a concern. By securing Keccak, the researchers have also enhanced the overall security of SPHINCS+, ensuring that this post-quantum cryptography scheme remains reliable against structure-level threats.
Looking Ahead: Challenges and Opportunities
While Impeccable Keccak addresses critical vulnerabilities, the work is far from over. The cybersecurity landscape continues to evolve, and future research must extend fault resilience to cover side-channel attacks, which exploit physical emissions like power or electromagnetic signals. Scaling fault-resilient designs to more complex cryptographic frameworks is another challenge that researchers must tackle to ensure widespread applicability.
Advanced fault models, which account for increasingly precise attacks, also demand attention. As attackers develop more sophisticated techniques, cryptographic implementations must adapt to remain secure. Fraunhofer AISEC’s work is another step forward, but ongoing research will be essential to maintain resilience in an ever-changing threat landscape.
Bibliography
[1] Castelnovi, L., Martinelli, A., Prest, T. (2018). Grafting Trees: A Fault Attack Against the SPHINCS Framework. In: Lange, T., Steinwandt, R. (eds) Post-Quantum Cryptography. PQCrypto 2018. Lecture Notes in Computer Science(), vol 10786. Springer, Cham. https://doi.org/10.1007/978-3-319-79063-3_8
Author
Ivan Gavrilan
Ivan Gavrilan is a research associate at Fraunhofer AISEC interested in the development of secure processor platforms. His main focus lies on countermeasures against physical attacks and their integration into modern processing systems.
Contact: ivan.gavrilan@aisec.fraunhofer.de
