8 matches found
Chosen-Ciphertext Attack (KyberSlash)
pypqc vulnerable to a chosen-ciphertext attack. The vulnerability is caused by to an attacker submitting numerous ciphertexts for decryption and observing the response, potentially allowing them to recover the private key...
GHSA-RC4P-P3J9-6577 pypqc private key retrieval vulnerability
Impact kyber512, kyber768, and kyber1024 only: An attacker able to submit many decapsulation requests against a single private key, and to gain timing information about the decapsulation, could recover the private key. Proof-of-concept exploit exists for a local attacker...
GHSA-X5J2-G63M-F8G4 pqc_kyber KyberSlash: division timings depending on secrets
Various Kyber software libraries in various environments leak secret information into timing, specifically because these libraries include a line of code that divides a secret numerator by a public denominator, the number of CPU cycles for division in various environments varies depending on the...
crystals-go vulnerable to KyberSlash (timing side-channel attack for Kyber)
Impact On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn parts of the secret key. Patches Patched in https://github.com/kudelskisecurity/crystals-go/pull/21 Note This library was written as part of a MsC student project in the...
GHSA-F6JH-HVG2-9525 crystals-go vulnerable to KyberSlash (timing side-channel attack for Kyber)
Impact On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn parts of the secret key. Patches Patched in https://github.com/kudelskisecurity/crystals-go/pull/21 Note This library was written as part of a MsC student project in the...
GO-2024-2469 Kyberslash timing attack possible in github.com/kudelskisecurity/crystals-go
Kyberslash timing attack possible in github.com/kudelskisecurity/crystals-go...
safe_pqc_kyber leaks parts of secret keys
Impact On some platforms, when an attacker can time decapsulation, and in particular when the attacker can forge cipher texts, they can learn parts of the secret key. Does not apply to ephemeral usage, such as when used in the regular way in TLS. Patches Patched in 0.6.2. References -...
RUSTSEC-2023-0079 KyberSlash: division timings depending on secrets
Various Kyber software libraries in various environments leak secret information into timing, specifically because these libraries include a line of code that divides a secret numerator by a public denominator, the number of CPU cycles for division in various environments varies depending on the...