- On ML-DSA (CRYSTALS-Dilithium) Security Vulnerabilities of Post-quantum Cryptographic Algorithms by Top Quantum-Proof Cryptographer, the Founder of FIRST VIRTUAL MUSEUM in the WORLD -- 32nd Anniversary of LIN HSIN HSIN ART MUSEUM -- Digital Art Museum, First Virtual Museum in the World - 1994. Wikipedia, Digital Media Center: Technology, Digital Art, Digital Paintings, Digital Sculptures, Digital Music, Digital Musical Instruments, Sound, , Animated Music, Web-enabled, Interactive, Di0gital Media Poineer
Lin Hsin Hsin Quantum Security Center




Attacks on Post-Quantum Cryptography






ML-DSA (CRYSTALS-Dilithium) Security Vulnerabilities






Overview


ML-DSA is a lattice-based digital signature algorithm, standardized by NIST in 2024 as a quantum-resistant alternative to ECDSA and EdDSA


It is designed to resist attacks from quantum computers

Devices making use of MLDSA are expected to soon become generally available in various environments. It is thus important to assess the resistance of ML-DSA implementation

However, recent research has exposed vulnerabilities from fault injection to side-channel attacks, especially in embedded implementations.


Fault Injection Attacks


Single-Trace Attacks


It has been demonstrated that a single successful fault injection (eg via voltage glitching or Rowhammer) can recover part of the secret key with a probability of up to 53% on ARM Cortex-M4 microcontrollers. This attack targets the 'hedged” (randomized) signing mode, which was introduced to mitigate deterministic mode vulnerabilities


Key Recovery


By collecting a sufficient number of faulty signatures (as few as 512 for some parameter sets), attackers can use lattice-reduction techniques to fully recover the private key


Practical Validation


Attacks have been validated on real-world implementations (PQClean library) running on ARM Cortex-M0+, M3, M4, and M33, with success rates up to 89.5%



. Side-Channel Attacks


Rejected Signatures


Exploiting the rejection sampling process, attackers can recover the signing key by analyzing power consumption or electromagnetic emanations during signature generation



Public Parameter Attacks


Faults injected into public parameters (not just secret data) can also lead to key recovery, broadening the attack surface



Mitigations and Countermeasures


Signature Verification


Implementations are advised to verify signatures immediately after generation, a countermeasure already adopted by OpenSSL and WolfSSL to mitigate the Rowhammer attack against the RSA implementation



Hardware Protections


Use of constant-time algorithms, fault detection, and physical shielding can reduce exposure to fault injection and side-channel attacks



Implications


These attacks highlight the need for robust implementation practices and ongoing security evaluation, especially as ML-DSA is deployed in critical infrastructure and national security systems


Conclusions


While ML-DSA is theoretically quantum-resistant, its practical security depends heavily on implementation details. Fault injection and side-channel attacks remain significant threats, particularly on embedded devices



Broken / Weakened Algorithms



Incident Citations & Key References








Year Target Algorithm Attack Method References
2024 Single-Trace Fault Injection Attacks A single trace fault injection attack on hedged CRYSTALS-Dilithium. Cryptology ePrint Archive. Demonstrated recovery of part of the secret key from a single fault injection on ARM Cortex-M4, with a 53% success rate A Single-Trace Fault Injection Attack on Hedged Module Lattice Digital Signature Algorithm (ML-DSA)
IEEE Conference Publication | IEEE Xplore
diva-portal.org

PQShield Expert Review on Hedged Dilithium Dis-Faulting (2025)
pqshield.com

Jendral S
link.springer.com
2024 Single-Trace Fault Injection Attacks Correction Fault Attacks on Randomized CRYSTALS-Dilithium
key recovery with as few as 512 faulty signatures for ML-DSA-44 (Dilithium2) 		Krahmer E, Pessl P, Land G, Güneysu T
pqshield.com
2024 Side-Channel and Fault Injection Surveys Side-channel and fault-injection attacks over lattice-based post-quantum schemes (Kyber, Dilithium): survey and new results
Validates attacks on PQClean’s ML-DSA implementation, achieving 89.5% success rate on ARM Cortex-M microcontrollers 		Ravi P, Chattopadhyay A, D'Anvers, J P Baksi A
ACM Transactions on Embedded Computing Systems
researchgate.net
2024-2025 Practical Key Recovery via Rejected Signatures Side-channel and Fault-injection attacks over Lattice-based Post-quantum Schemes (Kyber, Dilithium): Survey and New Results
First practical key recovery attack targeting the rejection sampling procedure, using real power consumption data 		researchgate.net
2024 Mitigation and Standardization Context While ML-DSA was standardized by NIST FIPS 204 as a quantum-resistant digital signature algorithm, but implementation attacks have prompted updates to best practices digicert.com

OpenSSL & WolfSSL Signature verification after generation as a countermeasure to fault injection attacks
hacken.io