This work identifies a critical side-channel vulnerability in the NIST-standardized post-quantum signature scheme SLH-DSA, demonstrating for the first time a practical, software-only Rowhammer-based universal signature forgery attack. Method: We systematically model how bit flips affect hash-chain integrity and state consistency, develop a novel fault-complexity analysis to optimize attack paths, and design Swage—a modular, decoupled Rowhammer framework enabling cross-platform memory disturbance, precise target code localization, and automatic error correction. Contribution/Results: We execute end-to-end attacks on commodity desktop and server hardware, breaking all security levels of SLH-DSA in OpenSSL 3.5.1. At the highest security level, deterministic universal forgery requires only 8 hours of targeted Rowhammering and 36 seconds of post-processing. This reveals a previously unaddressed hardware-level threat to real-world post-quantum cryptographic deployments.

As quantum computing advances, PQC schemes are adopted to replace classical algorithms. Among them is the SLH-DSA that was recently standardized by NIST and is favored for its conservative security foundations. In this work, we present the first software-only universal forgery attack on SLH-DSA, leveraging Rowhammer-induced bit flips to corrupt the internal state and forge signatures. While prior work targeted embedded systems and required physical access, our attack is software-only, targeting commodity desktop and server hardware, significantly broadening the threat model. We demonstrate a full end-to-end attack against all security levels of SLH-DSA in OpenSSL 3.5.1, achieving universal forgery for the highest security level after eight hours of hammering and 36 seconds of post-processing. Our post-processing is informed by a novel complexity analysis that, given a concrete set of faulty signatures, identifies the most promising computational path to pursue. To enable the attack, we introduce Swage, a modular and extensible framework for implementing end-to-end Rowhammer-based fault attacks. Swage abstracts and automates key components of practical Rowhammer attacks. Unlike prior tooling, Swage is untangled from the attacked code, making it reusable and suitable for frictionless analysis of different targets. Our findings highlight that even theoretically sound PQC schemes can fail under real-world conditions, underscoring the need for additional implementation hardening or hardware defenses against Rowhammer.