HistoryEditJSON (OSV)

RUSTSEC-2023-0079

KyberSlash: division timings depending on secrets

Reported
Issued
Package
pqc_kyber (crates.io)
Type
Vulnerability
Categories
Keywords
#timing-attack
Aliases
References
CVSS Score
7.4 HIGH
CVSS Details
Attack vector
Network
Attack complexity
High
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Patched
no patched versions

Description

Various Kyber software libraries in various environments leak secret information into timing, specifically because

The KyberSlash pages track which Kyber libraries have this issue, and include a FAQ about the issue.

Author

The KyberSlash pages were written by Daniel J. Bernstein. The FAQ originally said "I", but some people seemed to have trouble finding this authorship statement, so the FAQ now says "Bernstein" instead.

URL

The permanent link for the KyberSlash pages is https://kyberslash.cr.yp.to.

Mitigation status in pqc_kyber crate

The issue has not been resolved in the upstream pqc_kyber crate.

A third-party fork that mitigates this attack vector has been published as safe_pqc_kyber.

Alternatives

The ml-kem crate is a maintained alternative pure Rust implementation of ML-KEM / Kyber.

Advisory available under CC0-1.0 license.