scalarmult() vulnerable to degenerate public keys
Moderate severity
GitHub Reviewed
Published
Aug 25, 2021
to the GitHub Advisory Database
•
Updated Jun 13, 2023
Description
Reviewed
Aug 5, 2021
Published to the GitHub Advisory Database
Aug 25, 2021
Last updated
Jun 13, 2023
The scalarmult() function included in previous versions of this crate accepted all-zero public keys, for which the resulting Diffie-Hellman shared secret will always be zero regardless of the private key used.
This issue was fixed by checking for this class of keys and rejecting them if they are used.
References