- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Black Hat USA 2025 | Bypassing PQC Signature Verification with Fault Injection
Post-quantum cryptographic (PQC) algorithms are being integrated into firmware, bootloaders, and other embedded systems as a replacement for RSA and ECC. While these schemes are designed to resist quantum attacks, their implementations remain vulnerable to classical fault injection techniques.
This talk presents practical voltage fault injection attacks on three major PQC signature schemes: Dilithium, XMSS, and SPHINCS+. By targeting signature verification logic — including challenge generation, bit shifts, and checksum validation — we demonstrate how to forge valid signatures without breaking the underlying cryptographic primitives.
All attacks are performed on real microcontroller hardware using open-source PQC libraries running on bare metal. We also show how shared components like WOTS+ introduce common vulnerabilities across XMSS and SPHINCS+, exposing a broader attack surface.
This work highlights how fault injection continues to be effective, even against modern cryptography, and the ever-present need for effective countermeasures for implementation-level threats.
By:
Fikret Garipay | Security Engineer, Keysight Device Security Testing
Presentation Materials Available at:
https://blackhat.com/us-25/briefings/schedule/?#bypassing-pqc-signature-verification-with-fault-injection-dilithium-xmss-sphincs-46362
Видео Black Hat USA 2025 | Bypassing PQC Signature Verification with Fault Injection канала Black Hat
This talk presents practical voltage fault injection attacks on three major PQC signature schemes: Dilithium, XMSS, and SPHINCS+. By targeting signature verification logic — including challenge generation, bit shifts, and checksum validation — we demonstrate how to forge valid signatures without breaking the underlying cryptographic primitives.
All attacks are performed on real microcontroller hardware using open-source PQC libraries running on bare metal. We also show how shared components like WOTS+ introduce common vulnerabilities across XMSS and SPHINCS+, exposing a broader attack surface.
This work highlights how fault injection continues to be effective, even against modern cryptography, and the ever-present need for effective countermeasures for implementation-level threats.
By:
Fikret Garipay | Security Engineer, Keysight Device Security Testing
Presentation Materials Available at:
https://blackhat.com/us-25/briefings/schedule/?#bypassing-pqc-signature-verification-with-fault-injection-dilithium-xmss-sphincs-46362
Видео Black Hat USA 2025 | Bypassing PQC Signature Verification with Fault Injection канала Black Hat
Комментарии отсутствуют
Информация о видео
7 апреля 2026 г. 0:00:11
00:35:33
Другие видео канала
Black Hat Europe 2025 | Why We Can't Retrofit Old Security Principles Onto AI Agents
Black Hat Europe 2025 | The Fragile Lock: Novel Bypasses For SAML Authentication
Black Hat Europe 2025 | Low-Cost Memory Interposer Attacks On Confidential Computing
Black Hat Europe 2025 | Token Injection: Crashing LLM Inference With Special Tokens
Black Hat Europe 2025 | Understanding Trends & Patterns In Insider Threat: Analysis Of 1,000+ Cases
Black Hat Stories | Jessica Oppenheimer, Director, SOC Integrations, Splunk Security
Black Hat Intercepted | Mike Spicer, Black Hat NOC Lead
