Dear all,
We thank D. J. Bernstein for his efforts to validate the implementation of the KpqC Round 2 submissions. We agree with his analysis on the SMAUG-T implementation. Below, we specify our plans for upcoming updates regarding the timing attack and some issues raised here.
1. Limited randomness
We noticed this issue after Round 2 submission and updated the implementation on March 20 at the public git repository.
2. Reported TIMECOP complaints
Based on the reported TIMECOP complaints, we are working on updating the reference/optimized implementation of SMAUG-T to have a constant execution time. Most importantly, we are modifying the Hamming weight sampler regarding the timing attack. We appreciate D. J. Bernstein for suggesting several options for the constant-time Hamming weight sampler. We are implementing and analyzing the sampler from ia.cr/2024/583 and other possible options. Other TIMECOP complaints will also be dealt with accordingly. We will notify here when the update is ready.
Best Regards,
Team SMAUG-T
--
You received this message because you are subscribed to the Google Groups "KpqC-bulletin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kpqc-bulleti...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/kpqc-bulletin/20240511181246.1998064.qmail%40cr.yp.to.