CVE-2026-22705 in signatures
Summary
by MITRE • 01/10/2026
RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. This issue has been patched in version 0.1.0-rc.2.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 01/10/2026
The vulnerability identified as CVE-2026-22705 affects the RustCrypto Signatures crate, specifically targeting the ML-DSA (Module-Lattice Digital Signature Algorithm) implementation within the cryptographic library. This flaw represents a critical timing side-channel vulnerability that undermines the security assurances typically provided by public-key cryptographic systems. The issue manifests in the Decompose algorithm implementation which serves as a crucial component during the ML-DSA signing process, where it generates hints that are essential for signature verification and integrity. The vulnerability stems from the algorithm's implementation characteristics that inadvertently expose timing information through execution patterns, potentially allowing attackers to infer sensitive cryptographic data through careful analysis of processing durations.
The technical flaw resides in how the Decompose algorithm handles cryptographic operations during ML-DSA signature generation, creating measurable variations in execution time that correlate with the secret key bits being processed. This timing variation occurs because the algorithm's implementation does not employ constant-time operations throughout its execution path, enabling adversaries to perform timing attacks that can reconstruct the private key material. The vulnerability specifically impacts the cryptographic implementation's resistance to side-channel attacks, violating fundamental security principles that require cryptographic operations to exhibit consistent timing behavior regardless of input values. This weakness is categorized under CWE-385 as a timing side-channel vulnerability, where the timing information leaks sensitive data through the temporal characteristics of cryptographic operations.
The operational impact of this vulnerability extends beyond simple cryptographic weakening, as it fundamentally compromises the security model of the ML-DSA signature scheme. Attackers with sufficient computational resources and access to timing measurements could potentially reconstruct private keys used for signing operations, leading to full compromise of the digital signature infrastructure. This compromise affects any system relying on RustCrypto Signatures version prior to 0.1.0-rc.2 for ML-DSA implementations, potentially affecting software systems that depend on secure digital signatures for authentication, integrity verification, and non-repudiation. The vulnerability aligns with ATT&CK technique T1059.001 for the execution of timing-based attack methodologies and represents a significant threat to cryptographic security protocols that depend on public-key infrastructure. Organizations utilizing this cryptographic library for security-critical applications face potential risks including signature forgery, identity impersonation, and complete breakdown of trust mechanisms that depend on digital signatures.
The remediation strategy involves upgrading to version 0.1.0-rc.2 or later of the RustCrypto Signatures crate, which implements proper constant-time operations within the Decompose algorithm. This update ensures that cryptographic operations exhibit consistent timing characteristics regardless of input values, eliminating the timing side-channel that previously enabled attacks. System administrators and developers should conduct thorough testing of the updated library to ensure compatibility with existing applications while verifying that the timing characteristics have been properly addressed. Additionally, organizations should perform comprehensive security assessments of systems that rely on ML-DSA signatures to identify any potential exposure periods before the patch was applied. The fix demonstrates the importance of constant-time implementation practices in cryptographic libraries and highlights the necessity of rigorous security testing for cryptographic components to prevent side-channel vulnerabilities that could compromise entire security infrastructures.