A number of implementations of the Kyber keys used for quantum-security encryption are subject to vulnerabilities united under the name KyberSlash. These disadvantages can allow attackers to restore secret keys.
Crystals-kyber is an official sales of the Kyber and part of the algorithm set crystals (Cryptographic Suite for Algebraic Lattits). It is designed for general encryption and is included in the list of algorithms of the National Institute of Standards and Technologies (NIST) designed to protect quantum computers from attacks.
Among the popular projects using Kyber’s implementation, is the Mullvad VPN service and Signal messenger. The latter last year announced the use of Crystals-Kyber as an additional level of user communications protection.
Vulnerabilities KyberSlash are associated with the timing at the method that Kyber performs certain division operations in the process of scattering. This allows attackers to analyze the time of operations and receive secret information that threatens encryption.
If the Kyber service allows multiple requests for the same pair of keys, an attacker can measure the difference in time of operations and gradually calculate the secret key.
The problem areas of the code related to the vulnerabilities of KyberSlash (KyberSplash1 and KyberSplash2) were discovered by researchers Goutam Tamvada, Korkukeyan Bhargavan, and Francis from the company Crimspen.
In the KyberSlash1 demonstration on the Raspberry Pi system, researchers twice out of three attempts restored the Kyber secret key to decryption.
Cryspen analysts revealed KyberSlash1 vulnerability at the end of November last year and immediately informed Kyber developers. The patch for KyberSlash1 was developed and released on December 1, 2023.
However, the correction was not marked as a security issue, and only on December 15, Cryspen began to inform the affected projects about the need to update.