Artifact for "Achilles: A Formal Framework of Leaking Secrets from Signature Schemes via Rowhammer"

Full description

Signature schemes are a fundamental component of cybersecurity infrastructure. While they are designed to be mathematically secure against cryptographic attacks, they are vulnerable to Rowhammer fault-injection attacks. Since all existing attacks are ad-hoc in that they target individual parameters of specific signature schemes, it remains unclear about the impact of Rowhammer on signature schemes as a whole.  In this paper, we present Achilles, a formal framework that aids in leaking secrets in various real-world signature schemes via Rowhammer. Particularly, Achilles can be used to find potentially more vulnerable parameters in schemes that have been studied before and also new schemes that are potentially vulnerable. Achilles mainly describes a formal procedure where Rowhammer faults are induced to key parameters of a generalized signature scheme, called G-sign, and a post-Rowhammer analysis is then performed for secret recovery on it. To illustrate the viability of Achilles, we have evaluated six signature schemes (with five CVEs assigned to track their respective Rowhammer vulnerability), covering traditional and post-quantum signatures with different mathematical problems. Based on the analysis with Achilles, all three schemes are proved to be vulnerable, and two new vulnerable parameters are identified for EdDSA. Further, we demonstrate a successful Rowhammer attack against each of these schemes, using recent cryptographic libraries including _wolfssl_, _relic_, and _liboqs_. The artifact contains 3 main components: 1) the attacker's code related to fault injection. 2) the attacker's code that analyses the faulty signature. 3) the automation tool for Achilles which analyses the signature schemes.

Notes

External Organisations
Peking University

Associated Persons
Xin Zhang (Contributor)Junkai Liang (Contributor)