https://github.com/mupq/pqm4
Revision d98a1623ae6d942ad166638a66c287eb3b884e47 authored by Matthias J. Kannwischer on 18 December 2023, 02:07:27 UTC, committed by rpls on 19 December 2023, 13:44:24 UTC
This (partially) addresses https://github.com/mupq/pqm4/issues/319. The function poly_tomsg from the reference implementation of Kyber (which was copied into the M4-optimized implementations) would result in a variable-time udiv instruction operating on secret data when compiled with gcc using -Os. I tried a couple of versions from gcc 11 to gcc 13, but did not see any difference. This commit updates the m4-specific code to use the patch from https://github.com/pq-crystals/kyber/commit/dda29cc63af721981ee2c831cf00822e69be3220. Note that the code in PQClean has not yet been updated and hence the clean implementation within pqm4 is still vulnerable.
1 parent dc26f54
Tip revision: d98a1623ae6d942ad166638a66c287eb3b884e47 authored by Matthias J. Kannwischer on 18 December 2023, 02:07:27 UTC
Update Kyber poly_tomsg to fix timing leak (w/ -Os)
Update Kyber poly_tomsg to fix timing leak (w/ -Os)
Tip revision: d98a162
| File | Mode | Size |
|---|---|---|
| common | ||
| crypto_kem | ||
| crypto_sign | ||
| hostside | ||
| ldscripts | ||
| libopencm3 @ 1f3abd4 | ||
| mk | ||
| mupq @ 4ba92e0 | ||
| .gitignore | -rw-r--r-- | 107 bytes |
| .gitmodules | -rw-r--r-- | 168 bytes |
| Makefile | -rw-r--r-- | 357 bytes |
| README.md | -rw-r--r-- | 26.1 KB |
| benchmarks.csv | -rw-r--r-- | 20.8 KB |
| benchmarks.md | -rw-r--r-- | 31.8 KB |
| benchmarks.py | -rwxr-xr-x | 1.1 KB |
| build_everything.py | -rwxr-xr-x | 341 bytes |
| convert_benchmarks.py | -rwxr-xr-x | 417 bytes |
| interface.py | -rw-r--r-- | 3.6 KB |
| requirements.txt | -rw-r--r-- | 19 bytes |
| skiplist.py | -rw-r--r-- | 18.3 KB |
| st_nucleo_l4r5.cfg | -rw-r--r-- | 225 bytes |
| test.py | -rwxr-xr-x | 342 bytes |
| testvectors.py | -rwxr-xr-x | 342 bytes |
Computing file changes ...
