Skip to content

Comments

Fix ML-DSA/Dilithium concurrency issues#5380

Open
randombit wants to merge 1 commit intomasterfrom
jack/fix-ml-dsa-concurrency
Open

Fix ML-DSA/Dilithium concurrency issues#5380
randombit wants to merge 1 commit intomasterfrom
jack/fix-ml-dsa-concurrency

Conversation

@randombit
Copy link
Owner

They used shared hashes/XOFs which cause problem if multiple threads try to use the same key object concurrently without external locking.

They used shared hashes/XOFs which cause problem if multiple threads
try to use the same key object concurrently without external locking.
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses thread-safety issues in Dilithium/ML-DSA public key operations by removing shared mutable XOF/hash state inside key-related helpers, enabling safe concurrent use of the same key object across multiple threads.

Changes:

  • Refactors Dilithium symmetric primitives and XOF adapters to return per-call XOF instances (via std::unique_ptr) instead of shared/reused XOF references.
  • Updates Dilithium algorithm code to consume the new per-call XOF objects safely.
  • Extends the concurrent public-key test suite to include ML-DSA and Dilithium variants (including Dilithium AES).

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
src/tests/test_concurrent_pk.cpp Adds concurrent signing/verification coverage for ML-DSA and Dilithium variants.
src/lib/pubkey/dilithium/dilithium_round3/dilithium_aes/dilithium_aes.cpp Makes AES XOF creation per-call to avoid shared mutable state.
src/lib/pubkey/dilithium/dilithium_common/dilithium_symmetric_primitives.h Changes XOF adapter API to return owning XOF instances and removes shared XOF members.
src/lib/pubkey/dilithium/dilithium_common/dilithium_symmetric_primitives.cpp Updates symmetric primitives construction to match removal of shared XOF members.
src/lib/pubkey/dilithium/dilithium_common/dilithium_shake/dilithium_shake_xof.h Updates SHAKE XOF adapter interface to return per-call XOF instances.
src/lib/pubkey/dilithium/dilithium_common/dilithium_shake/dilithium_shake_xof.cpp Implements per-call SHAKE XOF creation for the adapter.
src/lib/pubkey/dilithium/dilithium_common/dilithium_algos.cpp Adjusts callers to handle std::unique_ptr<XOF> returned by symmetric primitives.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@coveralls
Copy link

Coverage Status

coverage: 91.98% (+1.6%) from 90.332%
when pulling 09db47e on jack/fix-ml-dsa-concurrency
into ef0dcf4 on master.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants