diff --git a/docs/audit_report/src/side_channels/01_02_ml_dsa.rst b/docs/audit_report/src/side_channels/01_02_ml_dsa.rst index 80c61d4e..27b8ab01 100644 --- a/docs/audit_report/src/side_channels/01_02_ml_dsa.rst +++ b/docs/audit_report/src/side_channels/01_02_ml_dsa.rst @@ -51,6 +51,9 @@ The reasoning for each identified leak is explained below. In the analysis with DATA, leaks were detected in the functions `make_hint()` (:srcref:`[src/lib/pubkey/dilithium/dilithium_common]/dilithium_algos.cpp:843|make_hint`), and `hint_pack()` (:srcref:`[src/lib/pubkey/dilithium/dilithium_common]/dilithium_algos.cpp:232|hint_pack`). +The leakage observation is due to a combination of the measurement method of DATA and the rejection method of ML-DSA. +The rejection method leads to a changed pointer base address which is detected by DATA. +Hence, the leaks of the hints are not considered problematic. The function `make_hint()` generates hints to verify the signature. The `hint_pack()` function adds these hints to the signature. In the pseudocode, this corresponds to the function `MakeHint()` in line 23.