GHSA-x5j2-g63m-f8g4

Source
https://github.com/advisories/GHSA-x5j2-g63m-f8g4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-x5j2-g63m-f8g4/GHSA-x5j2-g63m-f8g4.json
Aliases
Published
2024-02-09T16:19:53Z
Modified
2024-02-15T01:26:53.647105Z
Details

Various Kyber software libraries in various environments leak secret information into timing, specifically because

  • these libraries include a line of code that divides a secret numerator by a public denominator,
  • the number of CPU cycles for division in various environments varies depending on the inputs to the division, and
  • this variation appears within the range of numerators used in these libraries.

The KyberSlash pages track which Kyber libraries have this issue, and include a FAQ about the issue.

Author

The KyberSlash pages were written by Daniel J. Bernstein. The FAQ originally said "I", but some people seemed to have trouble finding this authorship statement, so the FAQ now says "Bernstein" instead.

URL

The permanent link for the KyberSlash pages is https://kyberslash.cr.yp.to.

Mitigation status in qpc_kyber crate

The issues has not been resolved in the pqc_kyber crate. A third-party fork that mitigates this attack vector has been published as safe_pqc_kyber.

References

Affected packages

crates.io / pqc_kyber

Package

Name
pqc_kyber

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Last affected
0.7.1