CVE-2026-22698— RustCrypto: Elliptic Curves 安全特征问题漏洞

RustCrypto SM2-PKE has 32-bit Biased Nonce Vulnerability

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in the SM2 Public Key Encryption (PKE) implementation where the ephemeral nonce k is generated with severely reduced entropy. A unit mismatch error causes the nonce generation function to request only 32 bits of randomness instead of the expected 256 bits. This reduces the security of the encryption from a 128-bit level to a trivial 16-bit level, allowing a practical attack to recover the nonce k and decrypt any ciphertext given only the public key and ciphertext. This issue has been patched via commit e4f7778.

N/A

信息熵不充分

RustCrypto: Elliptic Curves 安全特征问题漏洞

RustCrypto: Elliptic Curves是Rust Crypto开源的一个Rust加密库。 RustCrypto: Elliptic Curves 0.14.0-pre.0版本和0.14.0-rc.0版本存在安全特征问题漏洞，该漏洞源于SM2公钥加密实现中临时随机数熵严重不足，可能导致加密被破解。

N/A

N/A