An issue in Open Quantum Safe liboqs v.10.0 allows a remote malicious user to escalate privileges via the crypto_sign_signature parameter in the /pqcrystals-dilithium-standard_ml-dsa-44-ipd_avx2/sign.c component.
Debian Bug report logs -
#1072118
liboqs: CVE-2024-31510
Package:
src:liboqs;
Maintainer for src:liboqs is Andrius Merkys <merkys@debianorg>;
Reported by: Moritz Mühlenhoff <jmm@inutilorg>
Date: Tue, 28 May 2024 20:42:01 UTC
Severity: important
Tags: security, upstream
Reply or subscribe to this bug
Toggle ...
Leak the Secret Key of ML-DSA in liboqs via Rowhammer
More details can be found in this repo related to CVE-2024-31510, we decribe our theoretical analysis and experiment results below
Background
We cloned the relic repo from github on March 27, 2024 and have analyzed the source code of the ML-DSA scheme (more precisely, signc) Based on our analysis, the signature implementa