Trail of Bits Blog
Follow
How we avoided side-channels in our new post-quantum Go cryptography libraries
Trail of Bits released open-source, constant-time Go implementations of ML-DSA and SLH-DSA post-quantum signature algorithms. ML-DSA implementations required careful design to avoid timing attacks like KyberSlash, focusing on eliminating branches and divisions. SLH-DSA avoids side channels due to its reliance on pseudorandom functions built from hash functions. The Decompose algorithm in ML-DSA, requiring division, was made constant-time using conditional swaps with bit masking. Division was further optimized using Barrett reduction, precalculating reciprocals for fixed denominators. These techniques improved speed while maintaining security. This work aims for a post-quantum-secure future. The goal is to provide reliable digital signatures. The team invites organizations to try out these secure implementations. These algorithms are NIST-standardized and designed against potential threats.
