View article

When Frodo Flips: End-to-End Key Recovery on FrodoKEM via Rowhammer

Authors

Michael Fahr Jr, Hunter Kippen, Andrew Kwong, Thinh Dang, Jacob Lichtinger, Dana Dachman-Soled, Daniel Genkin, Alexander Nelson, Ray Perlner, Arkady Yerukhimovich, Daniel Apon

Publication date

2022/11/7

Book

Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

Pages

979-993

Description

In this work, we recover the private key material of the FrodoKEM key exchange mechanism as submitted to the NIST Post Quantum Cryptography (PQC) standardization process.

The new mechanism that allows for this is a Rowhammer-assisted poisoning of the FrodoKEM Key Generation (KeyGen) process. The Rowhammer side-channel is a hardware-based security exploit that allows flipping bits in DRAM by "hammering" rows of memory adjacent to some target-victim memory location by repeated memory accesses. Using Rowhammer, we induce the FrodoKEM software to output a higher-error Public Key (PK), (\matA, \matB = \matA \matS +\vec\widetildeE ), where the error \widetilde\vecE is modified by Rowhammer.

Then, we perform a decryption failure attack, using a variety of publicly-accessible supercomputing resources running on the order of only 200,000 core-hours. We delicately attenuate the …

Total citations

Cited by 36

2022202320241 15 18

Scholar articles

When frodo flips: End-to-end key recovery on frodokem via rowhammer

M Fahr Jr, H Kippen, A Kwong, T Dang, J Lichtinger… - Proceedings of the 2022 ACM SIGSAC Conference on …, 2022