SLasH-DSA: Breaking SLH-DSA Using an Extensible End-To-End Rowhammer Framework

As quantum computing advances, Post-Quantum Cryptography (PQC) schemes are adopted to replace classical algorithms. Among them is the Stateless Hash-Based Digital Signature Algorithm (SLH-DSA) that was recently standardized by NIST and is favored for its conservative security basis. In this work, we present the first software-only universal forgery attack on SLH-DSA, leveraging Rowhammer-induced bit flips to corrupt the internal state and forge signatures. While prior work targeted embedded systems and required physical access, our attack is software-only, targeting commodity desktop and server hardware, significantly broadening the threat model. We demonstrate full end-to-end attacks against SLH-DSA in OpenSSL 3.5.1, achieving universal forgery for the SHAKE-128f (deterministic), SHA2-128s, and SHAKE-192f (randomized) parameter sets after one hour (deterministic) or eight hours (randomized) of hammering and post-processing ranging from minutes to an hour, and showing theoretical attack complexities for most parameter sets. Our post-processing is informed by a novel complexity analysis that, given a concrete set of faulty signatures, identifies the most promising computational path to pursue. To enable the attack, we introduce Swage, a modular and extensible framework for implementing end-to-end Rowhammer-based fault attacks. Swage abstracts and automates key components of practical Rowhammer attacks. Unlike prior tooling, Swage is untangled from the attacked code, making it reusable and suitable for frictionless analysis of different targets. Our findings highlight that even theoretically sound PQC schemes can fail under real-world conditions, underscoring the need for additional implementation hardening or hardware defenses against Rowhammer.