Lucene search
K

23 matches found

NVD
NVD
added 2026/06/10 10:16 p.m.9 views

CVE-2026-46654

Plonky3 is a toolkit for polynomial IOPs PIOPs. Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5...

8.9CVSS0.00108EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 8:6 p.m.8 views

CVE-2026-46654 Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss

Plonky3 is a toolkit for polynomial IOPs PIOPs. Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5...

8.9CVSS5.4AI score0.00108EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 8:6 p.m.24 views

CVE-2026-46654

The CVE-2026-46654 issue affects Plonky3’s MultiField32Challenger in the prover transcript handling, where transcript malleability allows an attacker controlling prover-side observations to craft transcripts that yield identical challenges, breaking Fiat-Shamir binding. Root cause: a mismatch bet...

8.9CVSS5.4AI score0.00108EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 8:6 p.m.10 views

EUVD-2026-36119

Plonky3 is a toolkit for polynomial IOPs PIOPs. Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5...

8.9CVSS5.4AI score0.00108EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.11 views

Plonky3 数据伪造问题漏洞

Plonky3 is an open-source implementation of the Polynomial IOP cryptographic primitive toolkit by Plonky3 developers. Versions of Plonky3 prior to 0.4.3 and 0.5.3 contained a data forgery vulnerability. This vulnerability allowed attackers to control the observations made by the prover, resulting...

8.9CVSS5.3AI score0.00108EPSS
Exploits0References1
OSV
OSV
added 2026/05/21 8:24 p.m.8 views

GHSA-VJ64-RJF3-W3V7 Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss

Impact - Key: challenger/src/multifieldchallenger.rs | MultiField32Challenger::duplexing | transcriptmalleability - Affected files: challenger/src/multifieldchallenger.rs, field/src/helpers.rs - Violated invariant: The Fiat-Shamir sponge must bind challenges to the exact sequence of observed fiel...

8.9CVSS5.8AI score0.00108EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.8 views

PT-2026-42645

Impact - Key: challenger/src/multi field challenger.rs | MultiField32Challenger::duplexing | transcript malleability - Affected files: challenger/src/multi field challenger.rs, field/src/helpers.rs - Violated invariant: The Fiat-Shamir sponge must bind challenges to the exact sequence of observed...

8.9CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.13 views

PT-2026-42695

Name of the Vulnerable Software and Affected Versions Plonky3 versions prior to 0.4.3 Plonky3 versions prior to 0.5.3 Description An attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This...

8.9CVSS5.4AI score0.00108EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-33901

Malicious code in bioql PyPI...

8.1CVSS8.1AI score0.00698EPSS
Exploits1References2
Schneier on Security
Schneier on Security
added 2025/09/09 11:2 a.m.4 views

New Cryptanalysis of the Fiat-Shamir Protocol

A couple of months ago, a new paper demonstrated some new attacks against the Fiat-Shamir transformation. Quanta published a good article that explains the results. This is a pretty exciting paper from a theoretical perspective, but I don't see it leading to any practical real-world cryptanalysis...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:46 p.m.6 views

CVE-2022-29566

The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation because the hash computation fails to include all of the public values from the Zero Knowledge proof statement as well as all of the public values computed in the proof, aka the Frozen Heart issue...

8.1CVSS6.9AI score0.00698EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2025/04/18 12:0 a.m.5 views

Post Quantum Cryptography (PQC) Signatures without Trapdoors

Some of our current public key methods use a trap door to implement digital signature methods. This includes the RSA method, which uses Fermat's little theorem to support the creation and verification of a digital signature. The problem with a back-door is that the actual trap-door method could, ...

6.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/01/15 9:25 p.m.17 views

SP1 has missing verifier checks and fiat-shamir observations

In SP1’s STARK verifier, the prover provided chipordering is used to fetch the index of the chips that have preprocessed columns. Prior to v4.0.0, the validation that this chipordering correctly provides these indexes was missing. In v4.0.0, this was fixed by adding a check that the indexed chip’...

7AI score
Exploits0References2Affected Software1
OSV
OSV
added 2024/11/08 4:44 p.m.3 views

GHSA-8M24-3CFX-9FJW sp1 has insufficient observation of cumulative sum

During proof generation, the prover must observe all values sent to the verifier to generate valid Fiat-Shamir challenges. Prior to v3.0.0 the cumulative sum of the permutation argument was not observed when sampling zeta, which is a random challenge sampled to force the constraints to be true. I...

6.3CVSS6.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/11/08 4:44 p.m.9 views

sp1 has insufficient observation of cumulative sum

During proof generation, the prover must observe all values sent to the verifier to generate valid Fiat-Shamir challenges. Prior to v3.0.0 the cumulative sum of the permutation argument was not observed when sampling zeta, which is a random challenge sampled to force the constraints to be true. I...

6.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/17 2:24 p.m.19 views

Plonk verifier KZG multi point verification

Impact The vulnerability allows a third party to derive a valid proof from a valid initial tuple proof, publicinputs, corresponding to the same public inputs as the initial proof. It is due to a randomness being generated using a small part of the scratch memory describing the state, allowing for...

6.8AI score
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/21 7:15 p.m.3 views

CVE-2022-29566

The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation because the hash computation fails to include all of the public values from the Zero Knowledge proof statement as well as all of the public values computed in the proof, aka the Frozen Heart issue...

8.1CVSS5.9AI score0.00698EPSS
Exploits1References3
NVD
NVD
added 2022/04/21 7:15 p.m.12 views

CVE-2022-29566

The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation because the hash computation fails to include all of the public values from the Zero Knowledge proof statement as well as all of the public values computed in the proof, aka the Frozen Heart issue...

8.1CVSS0.00698EPSS
Exploits1References2
Prion
Prion
added 2022/04/21 7:15 p.m.14 views

Design/Logic Flaw

The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation because the hash computation fails to include all of the public values from the Zero Knowledge proof statement as well as all of the public values computed in the proof, aka the Frozen Heart issue...

6.8CVSS8AI score0.00698EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/04/21 6:47 p.m.24 views

CVE-2022-29566

The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation because the hash computation fails to include all of the public values from the Zero Knowledge proof statement as well as all of the public values computed in the proof, aka the Frozen Heart issue...

8.2AI score0.00698EPSS
Exploits1References2
Rows per page
Query Builder