

















Lejla Batina, Radboud University
Durba Chatterjee, Radboud University
Vincent Dankbaar, Radboud University
We present a practical component-wise fault injection attack against randomized MAYO implementations. The attack targets the final addition of oil and vinegar components during signing. Depending on compiler optimization, a fault may expose either oil coefficients directly or vinegar coefficients that can be used to recover the oil coefficient via the public verification algorithm. By accumulating partial coefficient-wise information across multiple faulty signatures and exploiting the linear structure of the oil space, we recover the full secret key. Unlike prior attacks, our method does not rely on deterministic signing, memory reuse, or faulting the hash function. We validate the attack on ARM Cortex-M4 platforms using clock glitching and electromagnetic fault injection, and recover the MAYO-1 key for both the {\tt -O3} and {\tt -Os} compiler optimization settings. Additionally, we show that existing lightweight countermeasures are ineffective against our attack, exposing critical implementation weaknesses and underscoring the need for robust fault-resilient protections for multivariate post-quantum signatures.
BibTeX
@misc{cryptoeprint:2025/2163,
author = {Mohamed Abdelmonem and Lejla Batina and Durba Chatterjee and Vincent Dankbaar and Håvard Raddum},
title = {Splitting the {MAYO}: A Component-Wise Fault Injection Attack on Randomized {MAYO}},
howpublished = {Cryptology {ePrint} Archive, Paper 2025/2163},
year = {2025},
url = {https://eprint.iacr.org/2025/2163}
}
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。