Post-Quantum Secure Feldman's Verifiable Secret Sharing Fault Injection Vulnerability

A vulnerability exists in Post-Quantum Secure Feldman's Verifiable Secret Sharing Python implementation, specifically in versions 0.8.0b2 and prior. The issue arises in the 'secure_redundant_execution' function, which is intended to protect against fault injection attacks by executing functions multiple times and comparing the results. However, this approach is flawed. Python cannot ensure true isolation between these redundant executions, and the constant-time comparison is vulnerable to timing variations. Additionally, the randomized execution order does not adequately defend against advanced fault attacks, and the error handling may inadvertently reveal timing information about incomplete execution results. These weaknesses render the protection ineffective against targeted fault injection attacks, particularly from adversaries with physical access to the hardware. Such an attack could bypass redundancy checks, extract secret polynomial coefficients during share operations, force the acceptance of invalid shares, or manipulate the commitment verification process to accept fraudulent commitments, thereby undermining the fundamental security guarantees of the Verifiable Secret Sharing scheme.

Impact

Exploitation of this vulnerability could allow an attacker to bypass redundancy checks, extract secret polynomial coefficients during share generation or verification, force the acceptance of invalid shares, and manipulate the commitment verification process to accept fraudulent commitments.

Remediation

Short-term mitigations include deploying the software in physically secure environments, increasing the redundancy count by modifying the source code, adding external verification of cryptographic operations when possible, and considering the use of hardware security modules (HSMs) for key operations. Long-term remediation involves reimplementing the security-critical functions in a lower-level language like Rust.