lambdaworks offers implementations for both SNARKs and STARKs provers, along with the flexibility to leverage their individual components for constructing customized SNARKs.
Current behavior:FieldElement does not implement any zeroizing when it is dropped, opening the door for potential memory read attacks on sensitive information such as private keys.
While there certainly are more common ways to leak sensitive cryptographic information like private keys, it seems like for something in our control such as in-memory representation we should at least provide this as an option.
Bug Report
lambdaworks-math version: 021c3b6
Current behavior:
FieldElementdoes not implement any zeroizing when it is dropped, opening the door for potential memory read attacks on sensitive information such as private keys.Expected behavior:
FieldElementshould implement#[derive(ZeroizeOnDrop)]or similar to allow memory zeroing when dropped. This could be feature-gated. Either a manual implementation usingptr::write_volatileandatomic::compiler_fenceor usingzeroizewould fix this issueOther information:
While there certainly are more common ways to leak sensitive cryptographic information like private keys, it seems like for something in our control such as in-memory representation we should at least provide this as an option.