https://github.com/mupq/pqm4
Revision d98a1623ae6d942ad166638a66c287eb3b884e47 authored by Matthias J. Kannwischer on 18 December 2023, 02:07:27 UTC, committed by rpls on 19 December 2023, 13:44:24 UTC
This (partially) addresses https://github.com/mupq/pqm4/issues/319. The function poly_tomsg from the reference implementation of Kyber (which was copied into the M4-optimized implementations) would result in a variable-time udiv instruction operating on secret data when compiled with gcc using -Os. I tried a couple of versions from gcc 11 to gcc 13, but did not see any difference. This commit updates the m4-specific code to use the patch from https://github.com/pq-crystals/kyber/commit/dda29cc63af721981ee2c831cf00822e69be3220. Note that the code in PQClean has not yet been updated and hence the clean implementation within pqm4 is still vulnerable.
1 parent dc26f54
Tip revision: d98a1623ae6d942ad166638a66c287eb3b884e47 authored by Matthias J. Kannwischer on 18 December 2023, 02:07:27 UTC
Update Kyber poly_tomsg to fix timing leak (w/ -Os)
Update Kyber poly_tomsg to fix timing leak (w/ -Os)
Tip revision: d98a162
File | Mode | Size |
---|---|---|
common | ||
crypto_kem | ||
crypto_sign | ||
hostside | ||
ldscripts | ||
libopencm3 @ 1f3abd4 | ||
mk | ||
mupq @ 4ba92e0 | ||
.gitignore | -rw-r--r-- | 107 bytes |
.gitmodules | -rw-r--r-- | 168 bytes |
Makefile | -rw-r--r-- | 357 bytes |
README.md | -rw-r--r-- | 26.1 KB |
benchmarks.csv | -rw-r--r-- | 20.8 KB |
benchmarks.md | -rw-r--r-- | 31.8 KB |
benchmarks.py | -rwxr-xr-x | 1.1 KB |
build_everything.py | -rwxr-xr-x | 341 bytes |
convert_benchmarks.py | -rwxr-xr-x | 417 bytes |
interface.py | -rw-r--r-- | 3.6 KB |
requirements.txt | -rw-r--r-- | 19 bytes |
skiplist.py | -rw-r--r-- | 18.3 KB |
st_nucleo_l4r5.cfg | -rw-r--r-- | 225 bytes |
test.py | -rwxr-xr-x | 342 bytes |
testvectors.py | -rwxr-xr-x | 342 bytes |
Computing file changes ...