GHSA-rc4p-p3j9-6577: pypqc private key retrieval vulnerability
(updated )
Impact
For kyber512, kyber768, and kyber1024 only: An attacker able to submit many ciphertexts against a single private key, and to get responses in real-time, could recover the private key. This attack has been named KyberSlash
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:F/RL:O/RC:C
Patches
Version 0.0.6.1 and newer of PyPQC is patched.
Workarounds
No workarounds have been reported. The 0.0.6 -> 0.0.6.1 upgrade should be a drop-in replacement; it has no known breaking changes.
References
This was partially patched (“KyberSlash 1”) in the reference implementation by Peter Schwabe on December 1st, 2023.
https://www.github.com/pq-crystals/kyber/commit/dda29cc63af721981ee2c831cf00822e69be3220This was reported as a security vulnerability by Daniel J. Bernstein on December 15th, 2023.
https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/hWqFJCucuj4/m/-Z-jm_k9AAAJA webpage was stood up for authoritative reference about this by Daniel J. Bernstein on December 19th, 2023.
https://kyberslash.cr.yp.to/This was acknowledged as a security vulnerability by Thom Wiggers on December 19th, 2023.
https://www.github.com/PQClean/PQClean/issues/533This was completely patched (“KyberSlash 2”) in the reference implementation by Peter Schwabe on December 29th, 2023. https://www.github.com/pq-crystals/kyber/commit/11d00ff1f20cfca1f72d819e5a45165c1e0a2816
Further details were reported by Prasanna Ravi and Matthias Kannwischer on December 30th, 2023.
https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ldX0ThYJuBo/m/ovODsdY7AwAJA proof-of-concept exploit was published by Daniel J. Bernstein on December 30th, 2023.
https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ldX0ThYJuBo/m/uIOqRF5BAwAJThis was completely patched in upstream by Thom Wiggers on January 25th, 2024.
https://www.github.com/PQClean/PQClean/pull/534#event-11595728485This was completely patched in pypqc (including upload to PyPI) on January 26th, 2024.
https://www.github.com/JamesTheAwesomeDude/pypqc/commit/b33fec8cd36e865f8db6215c64b2d01f429a1ed6
References
- github.com/JamesTheAwesomeDude/pypqc
- github.com/JamesTheAwesomeDude/pypqc/security/advisories/GHSA-rc4p-p3j9-6577
- github.com/advisories/GHSA-rc4p-p3j9-6577
- groups.google.com/a/list.nist.gov/g/pqc-forum/c/hWqFJCucuj4/m/-Z-jm_k9AAAJ
- groups.google.com/a/list.nist.gov/g/pqc-forum/c/ldX0ThYJuBo/m/uIOqRF5BAwAJ
- kyberslash.cr.yp.to/
- www.github.com/JamesTheAwesomeDude/pypqc/commit/b33fec8cd36e865f8db6215c64b2d01f429a1ed6
- www.github.com/PQClean/PQClean/issues/533
- www.github.com/PQClean/PQClean/pull/534
- www.github.com/pq-crystals/kyber/commit/11d00ff1f20cfca1f72d819e5a45165c1e0a2816
- www.github.com/pq-crystals/kyber/commit/dda29cc63af721981ee2c831cf00822e69be3220
Code Behaviors & Features
Detect and mitigate GHSA-rc4p-p3j9-6577 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →