CVE-2026-22705

RustCrypto: Signatures has timing side-channel in ML-DSA decomposition

CVSS 6.4 MEDIUMEPSS 0.2%CWE-1240

In short

A timing side-channel vulnerability was found in RustCrypto's ML-DSA signature generation. An attacker could potentially extract secret key information by measuring how long the signing operation takes, compromising the security of digital signatures.

Technical detail

The Decompose algorithm in ML-DSA signing exhibits timing variations dependent on secret data, enabling cache/timing-based side-channel attacks to recover private key material. This requires physical proximity or network access to measure execution time during signature generation. The vulnerability has been mitigated in version 0.1.0-rc.2 through constant-time implementation.

Summary generated and translated by AI from the official description.

RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. This issue has been patched in version 0.1.0-rc.2.

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected products

RustCrypto · signatures

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/RustCrypto/signatures/commit/035d9eef98486ecd00a8bf418c7817eb14dd6558 https://github.com/RustCrypto/signatures/pull/1144 https://github.com/RustCrypto/signatures/security/advisories/GHSA-hcp2-x6j4-29j7