bugfix:Update poly.go to protect against KyberSlash

As from issue #19 replace division with fixed-time operators.
kudelskisecurity · Jan 10, 2024 · 3908266 · 3908266
1 parent 14b89bf
commit 3908266
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/crystals-kyber/poly.go b/crystals-kyber/poly.go
@@ -162,16 +162,22 @@ func polyFromMsg(msg []byte) Poly {
 	return p
 }
 
-//polyToMsg converts a polynomial to a byte array
+//polyToMsg converts a polynomial to a byte array - fixed against https://kyberslash.cr.yp.to/faq.html
 func polyToMsg(p Poly) []byte {
 	msg := make([]byte, 32)
-	var t uint16
+	//var t uint16
+	var t uint32
 	var tmp byte
 	p.reduce()
 	for i := 0; i < n/8; i++ {
 		tmp = 0
 		for j := 0; j < 8; j++ {
-			t = (((uint16(p[8*i+j]) << 1) + uint16(q/2)) / uint16(q)) & 1
+			//t = (((uint16(p[8*i+j]) << 1) + uint16(q/2)) / uint16(q)) & 1
+			t <<= 1
+			t += 1665
+			t *= 80635
+			t >>= 28
+			t &= 1
 			tmp |= byte(t << j)
 		}
 		msg[i] = tmp