Skip to content

Medium: Timing side‑channel in mul_mod

Moderate
svvqt published GHSA-7r92-3jgr-r65q Apr 29, 2026

Package

pip pyquorum (pip)

Affected versions

<0.2.1

Patched versions

0.2.1

Description

Impact

The mul_mod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand (the exponent). An attacker who can measure the time of secret‑sharing operations (e.g., via a remote service) could progressively recover the values of shares, ultimately leading to secret reconstruction.

Patches

0.2.1

Severity

Moderate

CVE ID

CVE-2026-44368

Weaknesses

No CWEs