From db6c77dbb6784c9782c1f9285db76c1d295b53ff Mon Sep 17 00:00:00 2001 From: Alexander Wagner Date: Fri, 11 Oct 2024 09:16:10 +0200 Subject: [PATCH] side_channels: Add ML KEM report --- .../src/side_channels/01_00_results.rst | 1 + .../src/side_channels/01_03_ml_kem.rst | 52 +++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 docs/audit_report/src/side_channels/01_03_ml_kem.rst diff --git a/docs/audit_report/src/side_channels/01_00_results.rst b/docs/audit_report/src/side_channels/01_00_results.rst index 81376b9b..7835127e 100644 --- a/docs/audit_report/src/side_channels/01_00_results.rst +++ b/docs/audit_report/src/side_channels/01_00_results.rst @@ -40,3 +40,4 @@ The descriptions usually also include the associated source code and, if applica .. toctree:: 01_01_lms + 01_03_ml_kem diff --git a/docs/audit_report/src/side_channels/01_03_ml_kem.rst b/docs/audit_report/src/side_channels/01_03_ml_kem.rst new file mode 100644 index 00000000..36e90836 --- /dev/null +++ b/docs/audit_report/src/side_channels/01_03_ml_kem.rst @@ -0,0 +1,52 @@ +""""" +ML KEM +""""" + +Analysed variants: + +- ML-KEM-512 +- ML-KEM-768 +- ML-KEM-1024 + +For the analysis of ML KEM, a utility was written that calls the functions to be analysed in a similar way to the Botan CLI. +The following call is used to perform the key encapsulation method: + +.. code-block:: cpp + + auto sk = Botan::Dilithium_PrivateKey(rng, mode); + + Botan::PK_Signer sig(sk, rng, "Deterministic"); + signature = sig.sign_message(message, rng); + + +The Botan library is configured using the following console prompt: + +.. code-block:: + ./configure.py --prefix=~/workspace/bsi/DATA/cryptolib/botan/build --cc=gcc \ + --cc-bin=g++-12 --cc-abi=-fno-plt --disable-modules sm4 --disable-sse2 \ + --disable-ssse3 --disable-sse4.1 --disable-sse4.2 --disable-avx2 \ + --disable-bmi2 --disable-rdrand --disable-rdseed --disable-aes-ni \ + --disable-sha-ni --disable-altivec --disable-neon --disable-armv8crypto \ + --disable-powercrypto --without-os-feature=threads --with-debug-info + +The binary is compiled with the `gcc` compiler with the following version: + +.. code-block:: + $ g++-12 --version + g++-12 (Debian 12.2.0-14) 12.2.0 + +The host operating system is `Debian GNU/Linux 12 (bookworm)`. + + +**Summary** + +No critical leak was identified. +All leaks found by DATA are unproblematic. +The reasoning for each identified leak is explained below. + +**Leak: Polynomial matrix.** + +A data leak was found in the ``sample_matrix()`` function which generates the Kyber polynomial matrix [BOTAN_ML_KEM_SAMPLE_MATRIX]_. +The polynomial matrix is generated using the public key. +This is therefore merely a leak of the public key, which is not considered problematic. +No leaks were found during decryption with the private key.