- Reported
-
- Issued
-
- Package
-
libcrux-ml-dsa
(crates.io)
- Type
-
INFO
Notice
- References
-
- Patched
-
- Affected Architectures
-
Description
The AVX2 implementation of ML-DSA did not fully reduce intermediate
inputs to the inverse NTT, which leads to a testable difference in
panic behaviour of internal functions compared to the portable
implementation.
Impact
We are not aware of inputs to the public key generation, signing or
verification APIs that trigger a panic in the AVX2 implementation
because the intermediate values were not fully reduced.
Mitigation
From version 0.0.9 intermediate values on AVX2 platforms are fully
reduced in alignment with the portable implementation.
Advisory available under CC0-1.0
license.