January 7, 2024 at 03:37PM
The Kyber key encapsulation mechanism, including its official implementation CRYSTALS-Kyber, has been found vulnerable to flaws known collectively as KyberSlash, allowing the recovery of secret keys. Timing-based attacks and patches for KyberSlash1 and KyberSlash2 have been identified, affecting various projects, with efforts underway to address the issue. The impact varies across implementations and use cases.
Based on the meeting notes, here are the key takeaways:
– Flaws referred to as KyberSlash have been identified in multiple implementations of the Kyber key encapsulation mechanism for quantum-safe encryption, potentially allowing the recovery of secret keys.
– CRYSTALS-Kyber is the official implementation designed for general encryption and is part of the National Institute of Standards and Technology (NIST) selection of algorithms aimed at withstanding attacks from quantum computers.
– Popular projects using Kyber implementations include Mullvad VPN and Signal messenger.
– The KyberSlash flaws are timing-based attacks arising from how Kyber performs certain division operations in the decapsulation process.
– Cryspen, a provider of verification tools and mathematically proven software, has discovered and reported the KyberSlash flaws.
– Efforts to fix the KyberSlash vulnerabilities are underway, with patches released for KyberSlash1 and KyberSlash2.
– Several projects have been identified as impacted by the issue and have varying fixing statuses, from fully patched to unpatched.
– The worst-case scenario due to KyberSlash is the leaking of the secret key, but not all projects using Kyber are necessarily vulnerable to key leaks.
– The impact of KyberSlash depends on the Kyber implementation and practical use cases, and can vary depending on additional security measures.
– For example, Mullvad claims that KyberSlash does not impact its VPN product due to its use of unique key pairs for each new tunnel connection.
– Signal’s response and remediation plans for the impact of KyberSlash on its cryptography and users’ communications are still pending.
These takeaways provide a clear understanding of the issues surrounding Kyber and the steps being taken to address them.