共收录 3 条相关安全情报。
← 返回所有主题Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5.3.
💡 影响/原因: 原文内容(由于配额限制,未进行深度 LLM 分析)
🎯 建议动作: 建议根据原文自行评估
This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks.
💡 影响/原因: 原文内容(由于配额限制,未进行深度 LLM 分析)
🎯 建议动作: 建议根据原文自行评估
### Impact - **Key**: `challenger/src/multi_field_challenger.rs` | `MultiField32Challenger::duplexing` | `transcript_malleability` - **Affected files**: `challenger/src/multi_field_challenger.rs`, `field/src/helpers.rs` - **Violated invariant**: The Fiat-Shamir sponge must bind challenges to the exact sequence of observed field elements. Specifically: (1) absorption must be injective — distinct o
💡 风险点: 原文内容(由于配额限制,未进行深度 LLM 分析)
🎯 建议动作: 建议根据原文自行评估