You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
kyber512, kyber768, and kyber1024 on Mac OS (or when compiled with clang) only: An attacker able to submit many decapsulation requests against a single private key, and to gain timing information about the decapsulation, could recover the private key. Proof-of-concept exploit exists for a local attacker.
Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.
Learn more on MITRE.
The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or modified.
Learn more on MITRE.
Impact
kyber512,kyber768, andkyber1024on Mac OS (or when compiled with clang) only: An attacker able to submit many decapsulation requests against a single private key, and to gain timing information about the decapsulation, could recover the private key. Proof-of-concept exploit exists for a local attacker.CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:P/RL:U/RC:C
Patches
No patch is currently available / pending upstream PQClean#556.
Workarounds
No workarounds have been reported. The 0.0.7 -> 0.0.7.1 upgrade, when available, should be a drop-in replacement.
References
https://pqshield.com/pqshield-plugs-timing-leaks-in-kyber-ml-kem-to-improve-pqc-implementation-maturity/
https://github.com/antoonpurnal/clangover
https://www.github.com/PQClean/PQClean/issues/556
https://www.github.com/pq-crystals/kyber/commit/9b8d30698a3e7449aeb34e62339d4176f11e3c6c