CVE-2026-22705

Name of the Vulnerable Software and Affected Versions RustCrypto versions prior to 0.1.0-rc.2

Description RustCrypto: Signatures provides support for digital signatures using public-key cryptography. A timing side-channel was discovered in the Decompose algorithm, which is used during ML-DSA signing to generate hints for the signature. This issue allows an attacker with precise timing measurements to potentially extract information about the signing key by observing timing variations during the division operation. The decompose function originally used a hardware division instruction which has variable timing based on operand values. The division operation involved secret-derived data, making it susceptible to timing attacks. The issue was addressed by replacing the integer division with a constant-time Barrett reduction.

Recommendations Update to version 0.1.0-rc.2 or later.