mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00

Files

Thom Wiggers cc8e02bc30 Remove enum variants from RUSTSEC-2022-0045 (#1340 )

* Enum variants can't be put in [affected.functions]
* add note about affected variants in prose

2022-08-11 15:45:48 +02:00

1.4 KiB

Raw Blame History

[advisory]
id = "RUSTSEC-2022-0045"
package = "oqs"
date = "2022-07-30"
categories = ["crypto-failure"]

# affected enum variants
# ([affected.functions] needs them to be functions)
# "oqs::kem::Algorithm::SidhP434" = ["*"]
# "oqs::kem::Algorithm::SidhP503" = ["*"]
# "oqs::kem::Algorithm::SidhP610" = ["*"]
# "oqs::kem::Algorithm::SidhP751" = ["*"]
# "oqs::kem::Algorithm::SidhP434Compressed" = ["*"]
# "oqs::kem::Algorithm::SidhP503Compressed" = ["*"]
# "oqs::kem::Algorithm::SidhP610Compressed" = ["*"]
# "oqs::kem::Algorithm::SidhP751Compressed" = ["*"]
# "oqs::kem::Algorithm::SikeP434" = ["*"]
# "oqs::kem::Algorithm::SikeP503" = ["*"]
# "oqs::kem::Algorithm::SikeP610" = ["*"]
# "oqs::kem::Algorithm::SikeP751" = ["*"]
# "oqs::kem::Algorithm::SikeP434Compressed" = ["*"]
# "oqs::kem::Algorithm::SikeP503Compressed" = ["*"]
# "oqs::kem::Algorithm::SikeP610Compressed" = ["*"]
# "oqs::kem::Algorithm::SikeP751Compressed" = ["*"]


[versions]
patched = [">= 0.7.2"]

Post-Quantum Key Encapsulation Mechanism SIKE broken

Wouter Castryck and Thomas Decru presented an efficient key recovery attack on the SIDH protocol. As a result, the secret key of SIKEp751 can be recovered in a matter of hours. The SIKE and SIDH schemes will be removed from oqs 0.7.2.

The affected schemes are the oqs::kem::Algorithm::Sike* and oqs::kem::Algorithm::Sidh* enum variants.

An efficient key recovery attack on SIDH (preliminary version)

1.4 KiB Raw Blame History

Post-Quantum Key Encapsulation Mechanism SIKE broken

1.4 KiB

Raw Blame History