A security researcher, Antoon Purnal, uncovered a timing leak in the Kyber key encapsulation mechanism (KEM), a cryptographic standard being considered by NIST. Purnal, from PQShield, identified the issue in the reference implementation of the Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) and collaborated with the Kyber team to address it.
Purnal emphasized the importance of implementation security against side-channel attacks, particularly focusing on time-based vulnerabilities. The vulnerability arises from compiler optimizations affecting secret-dependent branches, potentially compromising key security during cryptographic operations.
In response, Purnal developed a demonstration, “clangover,” showcasing the vulnerability’s impact on key recovery. While not all compilers and platforms are affected, Purnal urged a cautious approach and emphasized the need for patches from cryptography providers to mitigate the risk.
The ML-KEM reference implementation was patched to address the vulnerability by altering the conditional move implementation. However, Purnal warned that other libraries based on similar implementations may remain vulnerable, necessitating ongoing vigilance in cryptographic security.
Reference:
