Skip to content

FIX: potential non-constant time division in Kyber#3846

Merged
reneme merged 1 commit intomasterfrom
fix/kyber_side_channel
Dec 19, 2023
Merged

FIX: potential non-constant time division in Kyber#3846
reneme merged 1 commit intomasterfrom
fix/kyber_side_channel

Conversation

@reneme
Copy link
Copy Markdown
Collaborator

@reneme reneme commented Dec 19, 2023
edited
Loading

Some compilers generate a non-constant time division operation for the division by KyberConstants::Q.

Fix is based on the patch in the reference implementation: pq-crystals/kyber@dda29cc

Thanks @xvzcf for reporting this.

@randombit we'll also open a pull request on against the 3.2.0 release.

closes #3844

References:

@reneme reneme requested a review from randombit December 19, 2023 13:12
@reneme reneme added the bug label Dec 19, 2023
@reneme @FAlbertDev @atreiber94
FIX: potential non-constant time division
5cfd895 
Some compilers generate a non-constant time division operation
for the division by KyberConstants::Q.

Fix is based on the patch in the reference implementation:
pq-crystals/kyber@dda29cc

Found and initially reported by Goutam Tamvada, Karthikeyan Bhargavan,
and Franziskus Kiefer of @cryspen. Independently reported by djb
as "Kyberslash".

fixes #3844

Co-Authored-By: Fabian Albert <fabian.albert@rohde-schwarz.com>
Co-Authored-By: Amos Treiber <amos.treiber@rohde-schwarz.com>
@reneme reneme force-pushed the fix/kyber_side_channel branch from b8f0064 to 5cfd895 Compare December 19, 2023 13:28
@coveralls
Copy link
Copy Markdown

coveralls commented Dec 19, 2023

Coverage Status

coverage: 92.059% (-0.006%) from 92.065%
when pulling 5cfd895 on fix/kyber_side_channel
into 649fbe2 on master.

@reneme reneme mentioned this pull request Dec 19, 2023
Closed
@randombit
Copy link
Copy Markdown
Owner

randombit commented Dec 19, 2023

Given 3.3.0 is coming out in a few weeks and this is just a side channel I don't see any real need to backport. Keep in mind we only support the latest release in any series. If someone wants to pull this they can always cherry pick it.

@reneme reneme merged commit 1b6359b into master Dec 19, 2023
@reneme reneme deleted the fix/kyber_side_channel branch December 19, 2023 14:52
@FAlbertDev FAlbertDev mentioned this pull request Jan 4, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@randombit randombit randombit approved these changes

Assignees

No one assigned

Labels

bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Possible variable-time division when decapsulating in Kyber

3 participants

@reneme @coveralls @randombit