Listen to this Post
The vulnerability exists within the gnark-crypto library’s implementation of the fake-GLV scalar multiplication algorithm. This algorithm is used as an optimization for elliptic curve operations when a true Gallant-Lambert-Vanstone (GLV) endomorphism is not natively supported by the curve. The optimization requires decomposing a scalar value `k` into two smaller scalars `k1, k2` using the Half GCD (Extended Euclidean Algorithm) method. For certain maliciously crafted input witnesses provided to the prover, the Half GCD algorithm would fail to converge at its expected speed. Instead, it enters a computational loop with a significantly higher number of iterations, consuming excessive CPU resources and time. This flaw allows an attacker to cause a Denial-of-Service (DoS) condition by submitting a specially crafted scalar value that triggers this pathological worst-case performance in the algorithm, effectively stalling the proving process.
Platform: gnark-crypto
Version: Pre-commit-5660088
Vulnerability: DoS
Severity: Medium
date: 2022-11-17
Prediction: 2022-11-24
What Undercode Say:
`go get github.com/Consensys/gnark-crypto@5660088`
`go mod tidy`
`import “github.com/Consensys/gnark-crypto/ecc”`
How Exploit:
Malicious scalar input
Triggers slow HalfGCD
Prover CPU exhaustion
Protection from this CVE:
Update gnark-crypto dependency
Verify witness input
Impact:
Denial-of-Service
High CPU usage
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
