We are pleased to announce a recently completed Bachelor’s Degree Thesis, entitled «Ataques hardware en funciones resumen implementadas en microcontrolador» («Hardware Attacks on Hash Functions Implemented on a Microcontroller«).

Cryptographic hash functions such as SHA-3 underpin many everyday security mechanisms — message authentication, digital signatures and data integrity verification, among others — and are increasingly deployed in embedded devices, where the algorithm runs on small microcontrollers. On those devices the attack surface goes beyond the logic of the algorithm and reaches its physical implementation, where fault-injection attacks become a genuine concern. A well-known example is Differential Fault Analysis (DFA), which recovers information about the internal state from the faulty outputs a device produces when it is deliberately disturbed.

The work focuses on one of the main DFA references for SHA3-256, proposed by Luo et al. in 2016. That attack rests on a key — but until now unverified — assumption: the «single-byte fault model», which presumes that a perturbation cleanly affects eight consecutive bits within a single lane of the Keccak state. The original work validated the method through software simulation, proving its theoretical correctness, but never checked whether that assumption actually holds on real hardware.

To answer this question, the project built a complete physical implementation of the attack. SHA-3 firmware was developed on an STM32F303 microcontroller (a 32-bit ARM Cortex-M4 core), and the ChipWhisperer-Lite platform was used to inject faults by clock glitching on the θ operation of round 22 of the Keccak-f[1600] permutation. Across twelve injection sessions and with two messages of different length, 6,000 pairs of correct and faulty hash values were collected. The DFA algorithm was implemented in Python and first verified on synthetic data, where it correctly recovered the injected fault, confirming that the attack itself was implemented correctly.

The results were revealing. Applied to the real hardware data, only 5 of the 6,000 pairs appeared to allow a unique identification of the fault — far below the roughly 3,997 the model predicts. A closer analysis showed that even those five were coincidental matches with very loose signatures: the number of faults genuinely compatible with the single-byte model was, in fact, zero. The real faults turned out to be deterministic and reproducible, retaining a weak byte structure but spreading across the processor word instead of staying confined to eight consecutive bits within a single lane.

The main conclusion is that the single-byte fault model does not apply to SHA3-256 on a 32-bit architecture. Because the processor handles the state in 32-bit words, a glitch corrupts the whole word, and the affected bits — even when there are eight or fewer — scatter across it. The problem is not how many bits change, but the absence of confinement. Far from being a failure, this negative result is a well-founded answer to a clear research question, and it shows that, on this kind of 32-bit hardware, differential fault analysis is only a limited threat to SHA-3.

Congratulations to the author on this excellent work!