English

Fuzzing+Hardware Performance Counters-Based Detection of Algorithm Subversion Attacks on Post-Quantum Signature Schemes

Cryptography and Security 2022-03-15 v1 Emerging Technologies Software Engineering

Abstract

NIST is standardizing Post Quantum Cryptography (PQC) algorithms that are resilient to the computational capability of quantum computers. Past works show malicious subversion with cryptographic software (algorithm subversion attacks) that weaken the implementations. We show that PQC digital signature codes can be subverted in line with previously reported flawed implementations that generate verifiable, but less-secure signatures, demonstrating the risk of such attacks. Since, all processors have built-in Hardware Performance Counters (HPCs), there exists a body of work proposing a low-cost Machine Learning (ML)-based integrity checking of software using HPC fingerprints. However, such HPC-based approaches may not detect subversion of PQC codes. A miniscule percentage of qualitative inputs when applied to the PQC codes improve this accuracy to 98%. We propose grey-box fuzzing as a pre-processing step to obtain inputs to aid the HPC-based method.

Keywords

Cite

@article{arxiv.2203.06782,
  title  = {Fuzzing+Hardware Performance Counters-Based Detection of Algorithm Subversion Attacks on Post-Quantum Signature Schemes},
  author = {Animesh Basak Chowdhury and Anushree Mahapatra and Deepraj Soni and Ramesh Karri},
  journal= {arXiv preprint arXiv:2203.06782},
  year   = {2022}
}

Comments

Accepted in IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

R2 v1 2026-06-24T10:11:43.979Z