Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ml-kem: potential timing vside channel converting message to polynomial #32

Closed
bwesterb opened this issue Jun 20, 2024 · 3 comments
Closed

ml-kem: potential timing vside channel converting message to polynomial #32

bwesterb opened this issue Jun 20, 2024 · 3 comments

Comments

@bwesterb
Copy link

You might want a preemptive fix for a sidechannel converting message to polynomial.

It might not affect Rust at the moment.

A fix could look like this.
@bwesterb bwesterb changed the title ml-kem: potential side channel ml-kem: potential timing vside channel converting message to polynomial Jun 20, 2024
@tarcieri
Copy link
Member

Dup of #25

@tarcieri tarcieri closed this as not planned Won't fix, can't repro, duplicate, stale Jun 20, 2024
@tarcieri
Copy link
Member

@bwesterb FWIW, after shipping a similar fix in curve25519-dalek which used an inline black_box function which also does a volatile read and being a bit unhappy with that as a solution, I convinced upstream to reword the documentation around core::hint::black_box as it seems like a better (although previously scarily documented) solution.

We also just added a BlackBox type to subtle which requires all reads go through black_box which might be useful for these sorts of applications.

@bwesterb
Copy link
Author

Sounds good. Sorry about the dup — missed it while skimming the list of issues 🤦.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tarcieri @bwesterb