4 matches found
libcrux-ml-dsa: Signature Verification on AVX2 Platforms Mishandles Edge Case
The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...
Signature Verification on AVX2 Platforms Mishandles Edge Case
The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...
ml-dsa's UseHint function has off by two error when r0 equals zero
Summary There's a bug in the usehint function where it adds 1 instead of subtracting 1 when the decomposed low bits r0 equal exactly zero. FIPS 204 Algorithm 40 is pretty clear that r0 0 means strictly positive, but the current code treats zero as positive. This causes valid signatures to...
GHSA-H37V-HP6W-2PP8 ml-dsa's UseHint function has off by two error when r0 equals zero
Summary There's a bug in the usehint function where it adds 1 instead of subtracting 1 when the decomposed low bits r0 equal exactly zero. FIPS 204 Algorithm 40 is pretty clear that r0 0 means strictly positive, but the current code treats zero as positive. This causes valid signatures to...