80x24

Code vs. The World

A Poly1305 Timing Attack

In early 2019, I found a CVE in the Java Development Kit. This CVE was assigned the number CVE-2019-2818.

The vulnerability is a timing attack in Java's implementation of the ChaCha20-Poly1305 cipher. The Poly1305 mac verification function was comparing tags using a function that was not constant time. This type of timing attack is a classic mistake, and it serves as a great example of how difficult it can be to get cryptographic code right.

Here is the commit that fixes the issue.

Report Timeline