Page MenuHome GnuPG
Feed Advanced Search

Sep 14 2021

mdeslaur added a comment to T5328: On the (in)security of Elgamal in OpenPGP.

Thanks for the clarification!

Sep 14 2021, 12:41 PM · side-channel, CVE, libgcrypt
gniibe added a comment to T5328: On the (in)security of Elgamal in OpenPGP.

The problem of (2), is local side-channel attacks to ElGamal encryption.
We evaluated the impact, mainly for the use case of GnuPG; ElGamal keys are not that popular any more. When such an attack is possible, easier attacks would be possible.

Sep 14 2021, 7:52 AM · side-channel, CVE, libgcrypt
gniibe added a comment to T5328: On the (in)security of Elgamal in OpenPGP.

The paper addresses two issues.
(1) https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1
(2) https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2

Sep 14 2021, 7:46 AM · side-channel, CVE, libgcrypt

Sep 13 2021

mdeslaur added a comment to T5328: On the (in)security of Elgamal in OpenPGP.

I looks like the "cipher: Hardening ElGamal by introducing exponent blinding too." commit [1] was never applied to 1.8.x. Is that intentional? If so, is there a specific reasoning that it's not needed in 1.8.x? Thanks!

Sep 13 2021, 2:55 PM · side-channel, CVE, libgcrypt

Aug 22 2021

werner closed T5328: On the (in)security of Elgamal in OpenPGP as Resolved.
Aug 22 2021, 6:13 PM · side-channel, CVE, libgcrypt

Aug 13 2021

werner changed the edit policy for side-channel.
Aug 13 2021, 11:14 PM

Jul 12 2021

werner set External Link to https://eprint.iacr.org/2021/923.pdf on T5328: On the (in)security of Elgamal in OpenPGP.
Jul 12 2021, 6:11 PM · side-channel, CVE, libgcrypt

Jun 4 2021

werner lowered the priority of T5328: On the (in)security of Elgamal in OpenPGP from High to Normal.
Jun 4 2021, 7:52 AM · side-channel, CVE, libgcrypt
werner changed the visibility for T5328: On the (in)security of Elgamal in OpenPGP.
Jun 4 2021, 7:52 AM · side-channel, CVE, libgcrypt

May 25 2021

gniibe added a comment to T5328: On the (in)security of Elgamal in OpenPGP.

CVE-2021-33560

May 25 2021, 2:46 AM · side-channel, CVE, libgcrypt

May 21 2021

gniibe added a comment to T5328: On the (in)security of Elgamal in OpenPGP.

Let me rephrase from a viewpoint of mine (an implementer).

May 21 2021, 3:59 AM · side-channel, CVE, libgcrypt

May 20 2021

gniibe added a comment to T5328: On the (in)security of Elgamal in OpenPGP.

The paper describes another problem: interoperability (or interpretation) of "ElGamal encryption", and its impact.

May 20 2021, 8:51 AM · side-channel, CVE, libgcrypt

Apr 12 2021

gniibe added a comment to T5328: On the (in)security of Elgamal in OpenPGP.

Do we have CVE number assigned?

Apr 12 2021, 7:52 AM · side-channel, CVE, libgcrypt

Apr 9 2021

werner added a comment to T5328: On the (in)security of Elgamal in OpenPGP.

This would be difficult to set up for DSA. Remotely controlled
environment, asking signing same message, using deterministic
DSA... would be not that practical.

Apr 9 2021, 7:15 PM · side-channel, CVE, libgcrypt

Apr 8 2021

gniibe added a comment to T5328: On the (in)security of Elgamal in OpenPGP.

So, in my opinion, applying the patch for ElGamal exponent blinding is enough (for now).

Apr 8 2021, 6:22 AM · side-channel, CVE, libgcrypt
gniibe added a comment to T5328: On the (in)security of Elgamal in OpenPGP.

For DSA, I had assumed similar attack could be effective.

Apr 8 2021, 6:22 AM · side-channel, CVE, libgcrypt

Mar 31 2021

werner added a comment to T5328: On the (in)security of Elgamal in OpenPGP.

Our tentative plan is:

Mar 31 2021, 1:34 PM · side-channel, CVE, libgcrypt

Mar 24 2021

werner shifted T5328: On the (in)security of Elgamal in OpenPGP from the Restricted Space space to the S1 Public space.
Mar 24 2021, 2:50 PM · side-channel, CVE, libgcrypt
werner changed the visibility for T5328: On the (in)security of Elgamal in OpenPGP.
Mar 24 2021, 2:50 PM · side-channel, CVE, libgcrypt

Mar 11 2021

werner added a project to T5328: On the (in)security of Elgamal in OpenPGP: side-channel.
Mar 11 2021, 4:22 PM · side-channel, CVE, libgcrypt

Jun 2 2020

werner closed T4541: C implementation of AES is vulnerable to side-channel attacks as Wontfix.

As of now we doubt that the proposed patch helps and we even fear that it could make things worst. Thus, as long as there is we have no description of an attack we won't do anything about it.

Jun 2 2020, 10:29 AM · side-channel, libgcrypt, Bug Report

Sep 1 2019

olf added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.

... https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html

Sep 1 2019, 11:33 PM · side-channel, libgcrypt, Bug Report

Jul 10 2019

werner added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.

Check out the mailing list gcrypt-devel@

Jul 10 2019, 7:23 PM · side-channel, libgcrypt, Bug Report
ware added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.

Folks, I was just wondering if I could get an update on where we are with this bug. It seems we aren't sure if it's a real issue or not. What's the latest thought?

Jul 10 2019, 7:17 PM · side-channel, libgcrypt, Bug Report

Jun 23 2019

slandden added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.

Werner, I interpreted jwilik's patch as admission of a problem from upstream, and reported it as such to CVE. I felt that since this does not effect the main platforms (ARM and x86_64) it would not be a big deal. If I interpreted wrong, I am sorry.

Jun 23 2019, 7:52 PM · side-channel, libgcrypt, Bug Report
slandden added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.

I assigned the CVE, but yes it needs more facts.

Jun 23 2019, 5:48 PM · side-channel, libgcrypt, Bug Report
werner added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.

Andreas, I wonder on which grounds you assigned a CVE for this claimed side-channel attack. The mentioned paper is about an old RSA side-channel and not on AES. I would like to see more facts than the reference to a guy who knows PPC pretty well.

Jun 23 2019, 5:45 PM · side-channel, libgcrypt, Bug Report

Jun 22 2019

ametzler1 added a comment to T4541: C implementation of AES is vulnerable to side-channel attacks.

This bug has been assigned CVE-2019-12904. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12904

Jun 22 2019, 6:36 AM · side-channel, libgcrypt, Bug Report

Jun 6 2019

slandden updated the task description for T4541: C implementation of AES is vulnerable to side-channel attacks.
Jun 6 2019, 6:40 PM · side-channel, libgcrypt, Bug Report

May 30 2019

slandden updated the task description for T4541: C implementation of AES is vulnerable to side-channel attacks.
May 30 2019, 3:46 PM · side-channel, libgcrypt, Bug Report

May 29 2019

werner added a project to T4541: C implementation of AES is vulnerable to side-channel attacks: side-channel.
May 29 2019, 8:29 AM · side-channel, libgcrypt, Bug Report
werner set the color for side-channel to Grey.
May 29 2019, 8:29 AM