CVE-2024-36405
Control-flow timing leak in Kyber reference implementation when compiled with Clang 15-18 for -Os, -O1 and other options
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Control-flow timing leak in Kyber reference implementation when compiled with Clang 15-18 for -Os, -O1 and other options
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for `-Os`, `-O1`, and other compilation options. A proof-of-concept local attack on the reference implementation leaks the entire ML-KEM 512 secret key in ~10 minutes using end-to-end decapsulation timing measurements. The issue has been fixed in version 0.10.1. As a possible workaround, some compiler options may produce vectorized code that does not leak secret information, however relying on these compiler options as a workaround may not be reliable.
Reserved 2024-05-27 | Published 2024-06-10 | Updated 2024-08-02 | Assigner GitHub_MCWE-208: Observable Timing Discrepancy
CWE-385: Covert Timing Channel
github.com/...liboqs/security/advisories/GHSA-f2v9-5498-2vpp
github.com/...ommit/982c762c242ef549c914891b47bf6e0ed6321f91
github.com/...ommit/9b8d30698a3e7449aeb34e62339d4176f11e3c6c
github.com/...kem/kyber/pqcrystals-kyber_kyber512_ref/poly.c
Support options
