Key Encapsulation Mechanism-Based Integrated Encryption Scheme (KEM-IES)

The Elliptic Curve Integrated Encryption Scheme ECIES is widely regarded as a practical method and has been adopted by multiple standards. However, the advancement of quantum computing technologies poses potential security risks to ECIES. Therefore, this study proposes a Key Encapsulation...

SUSE CVE-2026-26315

go-ethereum Geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth...

go-ethereum 安全漏洞

go-ethereum is an open-source Ethereum protocol library developed by ethereum. Versions of go-ethereum prior to 1.16.9 contained security vulnerabilities. These vulnerabilities stemmed from defects in the ECIES encryption implementation, allowing attackers to extract bits from the keys of p2p nod...

go-ethereum -- vulnerabilities

https://github.com/ethereum/go-ethereum/security/advisories reports: DoS via malicious p2p message CVE-2026-26313 DoS via malicious p2p message CVE-2026-26314 Improper ECIES Public Key Validation in RLPx Handshake CVE-2026-26315...

EUVD-2026-3676

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to version 0.3.14. By interacting with the SM2 decryption interface multiple times, an attacker can...

Linux Distros Unpatched Vulnerability : CVE-2016-1000345

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environmen...

SUSE CVE-2016-1000345

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...

Breaking 256-bit Elliptic Curve Encryption with a Quantum Computer

Researchers have calculated the quantum computer size necessary to break 256-bit elliptic curve public-key cryptography: Finally, we calculate the number of physical qubits required to break the 256-bit elliptic curve encryption of keys in the Bitcoin network within the small available time frame...

fastecdsa data forgery issue vulnerability

fastecdsa is a Python library for fast elliptic curve encryption by AntonKueltz Software Developers. A security vulnerability exists in fastecdsa versions prior to 2.1.2. An attacker can exploit the vulnerability to benefit by successfully guessing the user whose signature verification will fail...

GHSA-9GP4-QRFF-C648 Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...

bouncycastle: ECIES implementation allowed the use of ECB mode

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...