Name of the Vulnerable Software and Affected Versions sharks crate (affected versions not specified)

Description The issue concerns a bias in generating random polynomials for Shamir Secret Sharing. Instead of coefficients being in the range [0, 255], they were in the range [1, 255]. This allows an attacker to exclude possible values for the shared secret, given one share less than required. Exploiting this weakness requires sharing the same secret multiple times. Under ideal circumstances, a shared secret can be reconstructed if the same secret has been distributed 500-1500 times. Secrets shared a low amount of times are not impacted, but those repeatedly shared may be vulnerable. The vulnerability does not impact reconstitution of secrets.

Recommendations As a temporary workaround, consider modifying the sharks::math::random polynomial function to change the lower bound of the polynomial coefficient range to 0. For a permanent fix, update to the fixed version available in the blahaj crate, which includes the corrected code.