CVE-2023-44378

gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of a, for small values there exists a second decomposition for a...

GHSA-RJJM-X32P-M3F7 gnark's range checker gadget allows wider inputs up to word alignment

Impact gnark provides a gadget in the standard library to allow optimized checking of the bitwidth of the inputs. The gadget works by constructing a fixed lookup table containing all valid entries, partitioning the input and checking that all parts are inside the lookup table. The range checker...

gnark's range checker gadget allows wider inputs up to word alignment

Impact gnark provides a gadget in the standard library to allow optimized checking of the bitwidth of the inputs. The gadget works by constructing a fixed lookup table containing all valid entries, partitioning the input and checking that all parts are inside the lookup table. The range checker...

CVE-2023-44378

gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of a, for small values there exists a second decomposition for a...

CVE-2023-44378

CVE-2023-44378 affects gnark (Go zk-SNARK library) prior to v0.9.0. For some in-circuit values, there can be two valid bit decompositions: the canonical a and a second decomposition for a+r caused by field overflow. This can enable incorrect comparisons using frontend.API.Cmp/IsLess (e.g., provin...

PT-2023-29214 · Gnark · Gnark

Name of the Vulnerable Software and Affected Versions: gnark versions prior to 0.9.0 Description: The issue concerns the construction of two valid decompositions to bits for some in-circuit values, due to overflowing the field where the values are defined. This allows a malicious prover to...