CVE-2023-44378

gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of a, for small values there exists a second decomposition for a...

gnark's range checker gadget allows wider inputs up to word alignment

Impact gnark provides a gadget in the standard library to allow optimized checking of the bitwidth of the inputs. The gadget works by constructing a fixed lookup table containing all valid entries, partitioning the input and checking that all parts are inside the lookup table. The range checker...

GHSA-RJJM-X32P-M3F7 gnark's range checker gadget allows wider inputs up to word alignment

Impact gnark provides a gadget in the standard library to allow optimized checking of the bitwidth of the inputs. The gadget works by constructing a fixed lookup table containing all valid entries, partitioning the input and checking that all parts are inside the lookup table. The range checker...

CVE-2023-44378

gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of a, for small values there exists a second decomposition for a...

CVE-2023-44378

CVE-2023-44378 affects gnark (Go zk-SNARK library) prior to v0.9.0. For some in-circuit values, there can be two valid bit decompositions: the canonical a and a second decomposition for a+r caused by field overflow. This can enable incorrect comparisons using frontend.API.Cmp/IsLess (e.g., provin...

PT-2023-29214 · Gnark · Gnark

Name of the Vulnerable Software and Affected Versions: gnark versions prior to 0.9.0 Description: The issue concerns the construction of two valid decompositions to bits for some in-circuit values, due to overflowing the field where the values are defined. This allows a malicious prover to...