fix: vulnerability introduced by the use of a constant Kyber coin

Cosmian · Jul 19, 2023 · 201de64 · 201de64
1 parent 45c7f87
commit 201de64
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,12 @@
 
 All notable changes to this project will be documented in this file.
 
+## [12.0.1] - 2023-07-19
+
+### Changed
+
+- patched kyber seed security issue
+
 ## [12.0.0] - 2023-07-11
 
 ### Changed

diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "cosmian_cover_crypt"
-version = "12.0.0"
+version = "12.0.1"
 authors = [
   "Théophile Brezot <[email protected]>",
   "Bruno Grieder <[email protected]>",

diff --git a/src/core/primitives.rs b/src/core/primitives.rs
@@ -134,8 +134,9 @@ pub fn encaps(
             xor_in_place(&mut e_i, &seed);
             if let Some(pk_i) = pk_i {
                 let mut epq_i = [0; KYBER_INDCPA_BYTES];
-                // TODO TBZ: which coin to use ?
-                indcpa_enc(&mut epq_i, &e_i, pk_i, &[0; KYBER_SYMBYTES]);
+                let mut coin = Zeroizing::new([0; KYBER_SYMBYTES]);
+                rng.fill_bytes(&mut *coin);
+                indcpa_enc(&mut epq_i, &e_i, pk_i, &*coin);
                 encs.insert(KeyEncapsulation::HybridEncapsulation(Box::new(epq_i)));
             } else {
                 encs.insert(KeyEncapsulation::ClassicEncapsulation(Box::new(e_i)));