Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

8-2025

Abstract

Signature schemes are a fundamental component of cyber-security infrastructure. While they are designed to be mathematically secure against cryptographic attacks, they are vulnerable to Rowhammer fault-injection attacks. Since all existing attacks are ad-hoc in that they target individual parameters of specific signature schemes, it remains unclear about the impact of Rowhammer on signature schemes as a whole.In this paper, we present Achilles, a formal framework that aids in leaking secrets in various real-world signature schemes via Rowhammer. Particularly, Achilles can be used to find potentially more vulnerable parameters in schemes that have been studied before and also new schemes that are potentially vulnerable. Achilles mainly describes a formal procedure where Rowhammer faults are induced to key parameters of a generalized signature scheme, called G-sign, and a post-Rowhammer analysis is then performed for secret recovery on it. To illustrate the viability of Achilles, we have evaluated six signature schemes (with five CVEs assigned to track their respective Rowhammer vulnerability), covering traditional and post-quantum signatures with different mathematical problems. Based on the analysis with Achilles, all six schemes are proved to be vulnerable, and two new vulnerable parameters are identified for EdDSA. Further, we demonstrate a successful Rowhammer attack against 3 of these schemes, using recent cryptographic libraries including wolfssl, relic, and liboqs.

Discipline

Information Security

Areas of Excellence

Digital transformation

Publication

SEC '25: Proceedings of the 34th USENIX Conference on Security Symposium, Seattle, USA, August 13-15

First Page

6757

Last Page

6776

Identifier

10.5555/3766078.3766425

Publisher

ACM

City or Country

New York

Additional URL

https://doi.org/10.5555/3766078.3766425

Download

Share

COinS