Impact analysis of CVE-2016-1000341 affecting BouncyCastle

Question

I am analyzing the impact of CVE-2016-1000341 having CVSS score 7.5 and description "DSA signature generation vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55 or earlier, may allow an attacker to gain information about the signatures k value and ultimately the private value as well.". It is acknowledged by BouncyCastle here: https://www.bouncycastle.org/releasenotes.html.

I am confused by the line: "DSA signature generation vulnerable to timing attack". While I understand what is timing attack, I am confused by the clause "DSA signature generation". What is the precise meaning of this term? Which of the following two or something else is true?

1. If an application is digitally signing and verifying data with the BouncyCastle library using public/private key, is it vulnerable due to this vulnerability? OR
2. Does "DSA signature generation" mean generating private and public key that are used in digital signature validation?

Any guidance here would be greatly appreciated!

Kind regards, Shashi

Answer 1

TLDR: 1a.

DSA signature generation is generating a signature (for data). As you quoted

... gain information about the signatures [sic - should have an apostrophe] k value and ultimately the private value as well.

k is a value that is chosen randomly for each signature and is not part of the key, so it could not be part of key generation (or parameter generation which in DSA is often conflated, including in Java/JCE/BC). In order for there to be a k value at risk, the operation must be signature generation.

Verifying a signature, called signature verification, is not affected because it does not use the privatekey which is the target of sidechannel attacks including timing.