GHSA-h864-m8vm-3xvj: oqs's Post-Quantum Signature scheme Rainbow level I parametersets broken
Ward Beullens found a practical key-recovery attack against Rainbow.
The level I parametersets are removed from liboqs starting from version 0.7.2
.
Find the scientific details in Breaking Rainbow Takes a Weekend on a Laptop.
This means all the oqs::sig::Algorithm::RainbowI*
variants are insecure.
References
Detect and mitigate GHSA-h864-m8vm-3xvj with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →