Facebook/winterfell: The attacker is allowed to control the security parameters and sets it to a few bits #9
Comments
cryptosubtlety
changed the title
|
A more detailed write-up with partial PoC attack is described at Google security research in github GHSA-8fhq-pf83-pv93 |
|
This issue has been closed by facebook/winterfell#160 and the fix is based on what is described in facebook/winterfell#160 (comment). Basically, now when instantiating the verifier, the user must specify which parameters are acceptable (via the pub fn verify<AIR, HashFn, RandCoin, VC>(
proof: Proof,
pub_inputs: AIR::PublicInputs,
acceptable_options: &AcceptableOptions,
) -> Result<(), VerifierError>
// Specifies either the minimal, conjectured or proven, security level or a set of
// `ProofOptions` that are acceptable by the verification procedure.
pub enum AcceptableOptions {
/// Minimal acceptable conjectured security level
MinConjecturedSecurity(u32),
/// Minimal acceptable proven security level
MinProvenSecurity(u32),
/// Set of acceptable proof parameters
OptionSet(Vec<ProofOptions>),
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
facebook/winterfell#160
The text was updated successfully, but these errors were encountered: