Classic McEliece Side Channel Report #204
Conversation
|
Ready for integration and review |
|
Thanks a lot Failing CI is due to the missing #203. No problem for now, but please rebase to latest |
|
Never mind! It interfered with some other changes while integrating, so I just went ahead and rebased your commits onto |
| private: | ||
| constexpr bitref& assign(bool bit) noexcept { | ||
| const block_type assign_mask = 0 - static_cast<block_type>(bit); | ||
| this->m_block \|= (this->m_mask & assign_mask); | ||
| this->m_block &= ~(this->m_mask & ~assign_mask); | ||
| return \*this; | ||
| } |
There was a problem hiding this comment.
We fixed the side channel using Botan's constant time helper class CT::Mask, which is more readable, in my opinion and does similar things as this code block. I guess your code translates better to assembly, though. So I'm fine with you version. (So nothing to do here, just a comment)
There was a problem hiding this comment.
It's probably worth mentioning that the later (and final) versions of the code fix this side channel
There was a problem hiding this comment.
Note added in 5df0aa0
|
Just so you know, you can take your time to embed our review comments. We currently collect all submission documents and will send them soon. In the past, reacting to review comments after the deadline was always totally fine. |
Co-authored-by: Fabian Albert <[email protected]>
Not yet ready for review