PT-2022-19701 · Unknown · Bulletproofs
Jim Miller
·
Published
2022-04-21
·
Updated
2023-08-08
·
CVE-2022-29566
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Bulletproofs (affected versions not specified)
Description
The issue arises from the mishandling of Fiat-Shamir generation in the Bulletproofs 2017/1066 paper. Specifically, the hash computation fails to include all public values from the Zero Knowledge proof statement and all public values computed in the proof, also known as the Frozen Heart issue.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Inadequate Encryption Strength
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bulletproofs