RUSTSEC-2024-0392

Ambiguous challenge derivation

Reported

July 18, 2024

Issued

November 10, 2024 (last modified: October 28, 2025)

Package

cggmp21-keygen (crates.io)

Type

Vulnerability

Categories

crypto-failure

Keywords

#mpc #tss #zkp

Aliases

GHSA-7jjx-3qw9-j6h6

References

https://github.com/dfns/cggmp21/pull/103

Patched

>=0.3.0

Description

Challenge derivation in non-interactive ZK proofs was ambiguous and that could lead to security vulnerability (however, it's unknown if it could be exploited).

Advisory available under CC0-1.0 license.