Revision f1a552355dca37d96e685bba150659a9714e10bd authored by Matthias J. Kannwischer on 18 December 2023, 02:07:27 UTC, committed by Matthias J. Kannwischer on 18 December 2023, 02:07:27 UTC
This (partially) addresses https://github.com/mupq/pqm4/issues/319.

The function poly_tomsg from the reference implementation of Kyber
(which was copied into the M4-optimized implementations) would result
in a variable-time udiv instruction operating on secret data when compiled
with gcc using -Os. I tried a couple of versions from gcc 11 to gcc 13,
but did not see any difference.

This commit updates the m4-specific code to use the patch from
https://github.com/pq-crystals/kyber/commit/dda29cc63af721981ee2c831cf00822e69be3220.
Note that the code in PQClean has not yet been updated and hence the
clean implementation within pqm4 is still vulnerable.
1 parent dc26f54
History
File Mode Size
common
crypto_kem
crypto_sign
hostside
ldscripts
libopencm3 @ 1f3abd4
mk
mupq @ 4ba92e0
.gitignore -rw-r--r-- 107 bytes
.gitmodules -rw-r--r-- 168 bytes
Makefile -rw-r--r-- 357 bytes
README.md -rw-r--r-- 26.1 KB
benchmarks.csv -rw-r--r-- 20.8 KB
benchmarks.md -rw-r--r-- 31.8 KB
benchmarks.py -rwxr-xr-x 1.1 KB
build_everything.py -rwxr-xr-x 341 bytes
convert_benchmarks.py -rwxr-xr-x 417 bytes
interface.py -rw-r--r-- 3.6 KB
requirements.txt -rw-r--r-- 19 bytes
skiplist.py -rw-r--r-- 18.3 KB
st_nucleo_l4r5.cfg -rw-r--r-- 225 bytes
test.py -rwxr-xr-x 342 bytes
testvectors.py -rwxr-xr-x 342 bytes

README.md

back to top