Cryptographic Issues in Cloudflare's Circl FourQ Implementation (CVE-2025-8556)
6 months ago
- #security
- #cryptography
- #elliptic-curve
- Discovered cryptographic issues in Cloudflare's CIRCL library related to FourQ elliptic curve implementation in early 2025.
- Reported issues via Cloudflare's HackerOne bug bounty program; initial response was inadequate, but later acknowledged and fixed by Cloudflare.
- CIRCL is Cloudflare's cryptography library, featuring FourQ curve and Curve4Q Diffie-Hellman implementation for shared secrets.
- FourQ is a 128-bit security elliptic curve by Microsoft Research, defined over a twisted Edwards curve equation with extension fields.
- Invalid curve/point attacks exploit insufficient validation, allowing attackers to extract secret keys via forced computations on invalid points.
- Edwards curves resist general invalid point attacks due to parameter-dependent addition formulas, but specific cases (e.g., x=0) remain vulnerable.
- Identified 7 issues in CIRCL's FourQ implementation, including missing validation in unmarshalling, cofactor clearing, and scalar multiplication.
- Key fixes: Proper point validation in unmarshalling, cofactor clearing checks, and pre-computation curve validation in scalar multiplication.