CVE-2024-45040

Name of the Vulnerable Software and Affected Versions gnark versions prior to 0.11.0

Description The vulnerability affects the zero-knowledge property of Groth16 proofs with commitments in the gnark library. It allows an attacker to potentially recover committed private witnesses by brute-forcing all possibilities, especially when the witness values are small. However, if the possible choices for the variables to be committed are large or there are many values committed, it would be computationally infeasible to enumerate all valid choices. The vulnerability does not affect the completeness or soundness of the proofs. PLONK proofs are not affected.

Recommendations For versions prior to 0.11.0, update to version 0.11.0 or later, which includes a patch that adds an additional randomized value to the list of committed values at proving time to mask the rest of the values which were committed. As a temporary workaround, users can manually commit to a randomized value.