International Association
for Cryptologic Research

MQOM is one of the fourteen remaining candidates in the second round of the NIST post-quantum signature standardization process. Introduced in 2023, MQOM instantiates the Multi-Party Computation in the Head (MPCitH) paradigm over the well-established hard problem of solving Multivariate Quadratic (MQ) equations. In this paper, we present the first fault attacks on MQOM targeting the MQ evaluation phase, which is a central component of the algorithm. We introduce four differential fault attacks and demonstrate their effectiveness against both unprotected and masked implementations. The first two target the secret key using a random fault model, making them particularly realistic and practical. With as little as one or two injected faults, depending on the variant, the entire secret key can be recovered through linear algebra. The other two attacks exploit faults on the coefficients of the MQ system directly. Our results highlight that the MQ evaluation, despite not being identified as a sensitive component until now, can be exploited using just a few fault injections.