Abstract

Quantum computing is a form of computation that uses the principles of quantum mechanics to perform mathematical computations at a faster rate than classical computers. Although quantum computing is currently still in its early stages, if a general-purpose, large-scale, and fault-tolerant quantum computer were to be built, it would jeopardize the security of modern public-key cryptosystems. If these cryptosystems were broken, secure connections could not be authenticated, enabling Man-in-the-Middle (MitM) attacks, and digital messages could not be signed. All data sent over secured HTTPS and/or TLS connections would be vulnerable and potentially malicious since its origin and integrity could not be trusted. To prepare for this potential threat, the National Institute of Standards and Technology (NIST) created a Post-Quantum Cryptography (PQC) initiative to identify and develop a new set of quantum-resistant algorithms that can withstand the additional computing power quantum computers would provide. After three rounds of evaluation, NIST produced official standards in 2024 from the leading candidates in the PQC project with the intention that modern infrastructure would slowly migrate to these new algorithms and become quantum-resistant. However, while NIST performed extensive theoretical evaluation of these PQC candidates, theoretical security does not necessarily guarantee practical resilience. Latent vulnerabilities in software or hardware implementations can undermine critical security assumptions rendering these implementations insecure in practice, even if they are theoretically sound. Additionally, these vulnerabilities may be non-obvious in typical operation but can be unexpectedly invoked by various triggers. Furthermore, resistance to these implementation-level attacks was not a formal requirement during NIST standardization and remains an area of active research. This thesis contributes to the practical evaluation of emerging PQC standards by assessing the impact of fault attacks on recent open-source implementations of post-quantum digital signatures. In particular, this thesis focuses on fault attacks targeting the deterministic variant of CRYSTALS-Dilithium as implemented in OpenSSL v3.5.2. CRYSTALS-Dilithium is the primary digital signature algorithm selected by NIST for standardization due to its strong security and excellent performance. Additionally, open-source implementations are of particular interest due to their widespread availability and the transparency they provide, which enables community-driven development, security review, and evaluation. This thesis surveys recent literature on fault attacks targeting CRYSTALS-Dilithium, outlines a realistic web-based attacker model, and ranks each attack using a newly proposed risk framework which evaluates attacks based on severity and likelihood of success. Then, this thesis simulates the highest-risk attack using a modified version of OpenSSL to reliably reproduce the attack and demonstrate its viability in modern implementations. Finally, this work evaluates potential countermeasures to this attack, estimates their runtime overhead, and offers recommendations for improving resistance to such threats in cryptographic implementations. The experimental simulation presented in this thesis demonstrates that a substantial portion of the runtime of deterministic ML-DSA in OpenSSL v3.5.2 is susceptible to a fault attack identified by researchers Bruinderink and Pessl in 2018. This attack targets the signature generation process by inducing bit flips in intermediate internal variables, resulting in a malicious signature that leaks the private key. When both faulty and legitimate signatures are obtained, the attacker can solve a system of equations to recover the primary secret key and subsequently forge digital signatures. Such an attack compromises the security of ML-DSA and may be realized through known fault mechanisms such as Rowhammer, which exploit the layout of DRAM hardware to induce bit flips in adjacent memory regions. This thesis proposes verifying signatures before they are exposed as an effective countermeasure, enabling the early detection of malicious signatures, while incurring a minimal 18% runtime overhead. This overhead is substantially lower than the 84% to 400% overhead of implementing similar countermeasures in historical signature schemes such as ECDSA and Ed25519.

Publication Date

2-13-2026

Document Type

Thesis

Student Type

Graduate

Degree Name

Computer Science (MS)

Department, Program, or Center

Computer Science, Department of

College

Golisano College of Computing and Information Sciences

Advisor

Sumita Mishra

Advisor/Committee Member

Stanislaw Radziszowski

Advisor/Committee Member

Billy Brumley

Campus

RIT – Main Campus

Download

Share

COinS