Mitigate kyberslash with official patching method from pq-crystals/kyber

[JosePisco]

Hello everyone,

I suggest this diff against master to patch non-constant time division revealed by DJB through KyberSlash (https://kyberslash.cr.yp.to/).

For the sake of correctness, the changes proposed here are as close as possible to the official patch in pq-crystals/kyber#69.

While aware of a patched version available at bwesterb@b5c6ad1, their fix does not exactly match the values from the authors' patch.

Cheers,

[tarcieri]

Note: closes #108

There's a branch here that also mitigates it, and includes some descriptive comments about how the approach works: bwesterb@b5c6ad1

[JosePisco]

Note: closes #108

There's a branch here that also mitigates it, and includes some descriptive comments about how the approach works: bwesterb@b5c6ad1

This is right but as mentioned above, bwesterb's change uses different magic values as the ones used by the authors to patch this. While we can easily find approximate linear relations between the two sets of values, I believe this is for the best to align with pq-crystals/kyber as the reference.
On another hand, it doesn't appear that bwesterb's fork wants to merge its fix into this repository; I believe they would have done it by now, wouldn't they ?

[JosePisco]

Hey @mberry , it's been a few weeks since I opened this PR and I wanted to call for an update.
Is the repository still maintained ?
I hope you don't mind the ping, just looking forward to know if it's going to be resolved.

Cheers

[MrGrymReaper]

Hey @mberry,

I'm also wondering whether this repository is still maintained, due to the length of time passed since 18th March 2024 due to now being 6th November 20224. It's currently holding up a patch to an issue in another piece of software.

I hope you don't mind the ping, just looking forward to know if it's going to be resolved.

Cheers.