- Description
- Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floor(num_routed_wires / 3) always include the 0 -> 0 input-output pair. Thus a malicious prover can always prove that f(0) = 0 for any lookup table f (unless its length happens to be divisible by 26). The cause of problem is that the LookupTableGate-s are padded with zeros. A workaround from the user side is to extend the table (by repeating some entries) so that its length becomes divisible by 26. This vulnerability is fixed in 1.0.1.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 8.6
- Impact score
- 4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
- Severity
- HIGH
- security-advisories@github.com
- CWE-1240
- Hype score
- Not currently trending
CVE-2025-24802 Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floor(num_routed_wires / 3) always incl… https://t.co/6O49oN1KQr
@CVEnew
30 Jan 2025
359 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-24802: HIGH] Plonky2 fixed a vulnerability in LookupTableGate-s by extending their length. Malicious provers could manipulate proofs, proving f(0) = 0 unless the table's length was divisible by 26.#cybersecurity,#vulnerability https://t.co/GHmPvBHrp6 https://t.co/5GNSmQ
@CveFindCom
30 Jan 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes