A Fault Analysis on SNOVA

Abstract

SNOVA, a post-quantum signature scheme with compact key sizes, is a second-round NIST candidate. This paper conducts a fault analysis of SNOVA, targeting permanent and transient faults during signature generation. We propose fault injection strategies that exploit SNOVA’s structure, enabling key recovery with as few as to faulty signatures, depending on security levels. A novel fault-assisted reconciliation attack is introduced that effectively extracts the secret key space by solving a quadratic polynomial system. Simulations reveal that transient or permanent faults in signature generation can severely compromise security. We also suggest a lightweight countermeasure to mitigate fault attacks with minimal overhead. Our findings emphasize the need for fault-resistant mechanisms in post-quantum schemes like SNOVA.