Advisories for Pypi/PostQuantum-Feldman-VSS package

Description: The feldman_vss library contains timing side-channel vulnerabilities in its matrix operations, specifically within the _find_secure_pivot function and potentially other parts of _secure_matrix_solve. These vulnerabilities are due to Python's execution model, which does not guarantee constant-time execution. An attacker with the ability to measure the execution time of these functions (e.g., through repeated calls with carefully crafted inputs) could potentially recover secret information used in the Verifiable Secret Sharing (VSS) …

Description: The secure_redundant_execution function in feldman_vss.py attempts to mitigate fault injection attacks by executing a function multiple times and comparing results. However, several critical weaknesses exist: Python's execution environment cannot guarantee true isolation between redundant executions The constant-time comparison implementation in Python is subject to timing variations The randomized execution order and timing provide insufficient protection against sophisticated fault attacks The error handling may leak timing information about partial execution …