std.crypto.kem.kyber: mitigate KyberSlash (#18316) - zig - General-purpose programming language and toolchain for maintaining robust, optimal, and reusable software. https://ziglang.org

diff options

author	Frank Denis <124872+jedisct1@users.noreply.github.com>	2023-12-22 16:57:16 +0100
committer	GitHub <noreply@github.com>	2023-12-22 15:57:16 +0000
commit	21ae64852a531c36ae3166aa2b6f1fbaaf76c6f9 (patch)
tree	0fe35730e2a4f73ae29b3c32df8115adcb12eeb8 /src/codegen
parent	42ddf592dd610dda3371cae2eba63ac3e8502c64 (diff)
download	zig-21ae64852a531c36ae3166aa2b6f1fbaaf76c6f9.tar.gz zig-21ae64852a531c36ae3166aa2b6f1fbaaf76c6f9.zip

std.crypto.kem.kyber: mitigate KyberSlash (#18316)

On some architectures, including AMD Zen CPUs, dividing a secret by a constant denominator may not be a constant-time operation. And most Kyber implementations, including ours, could leak the hamming weight of the shared secret because of this. See: https://kyberslash.cr.yp.to Multiplications aren't guaranteed to be constant-time either, but at least on the CPUs we currently support, it is.

Diffstat (limited to 'src/codegen')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: