Pq-Crystals: >> Kyber Security Vulnerabilities
The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because poly_frommsg in poly.c does not prevent Clang from emitting a vulnerable secret-dependent branch.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-06-10