GHSA-f6jh-hvg2-9525: 
vulnerability analysis and mitigation

The vulnerability (GHSA-f6jh-hvg2-9525) affects the crystals-go library, which is an implementation of the CRYSTALS-Kyber post-quantum cryptographic algorithm. The issue, known as KyberSlash, is a timing side-channel attack that affects all versions before January 16, 2024. The vulnerability was discovered and disclosed in December 2023, with patches being implemented in January 2024. The affected package is github.com/kudelskisecurity/crystals-go, a Go implementation of CRYSTALS-Kyber (GitHub Advisory).

The vulnerability stems from variable-time division operations during Kyber's decapsulation process. Specifically, the issue was found in the polynomial compression function where divisions by Q might not compile to multiplication instructions, potentially leading to timing variations. The vulnerability was initially reported in issue #19 and addressed through multiple fixes, including KyberSlash1 and KyberSlash2 mitigations. The fixes involved replacing division operations with fixed-time operators to prevent timing-based attacks (GitHub Issue, Pull Request).

When an attacker can measure the timing of decapsulation operations on forged cipher texts, they could potentially extract parts of the secret key. This vulnerability could compromise the security of the cryptographic system on platforms where the timing variations are observable (GitHub Advisory).

The vulnerability has been patched in version 0.0.0-20240116172146-2a6ca2d4e64d and later. The fix involves implementing constant-time operations for divisions in the polynomial compression function. However, it's important to note that the library's maintainers have clarified that this was a student project and is not actively maintained. They explicitly discourage its use in any production environment (GitHub Advisory).