Triton VM Soundness Vulnerability due to Improper Sampling of Randomness
Reported January 21, 2026 Issued January 21, 2026 Package triton-vm (crates.io) Type Vulnerability Categories
-
crypto-failure Keywords #proof-system #unsound #fiat-shamir #fri Patched
-
>=2.0.0Unaffected -
<0.41.0
Affected Functions Version triton_vm::verify
<2.0.0, >=0.41.0
Description
In affected versions of Triton VM, the verifier failed to correctly sample randomnes…
Triton VM Soundness Vulnerability due to Improper Sampling of Randomness
Reported January 21, 2026 Issued January 21, 2026 Package triton-vm (crates.io) Type Vulnerability Categories
-
crypto-failure Keywords #proof-system #unsound #fiat-shamir #fri Patched
-
>=2.0.0Unaffected -
<0.41.0
Affected Functions Version triton_vm::verify
<2.0.0, >=0.41.0
Description
In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol.
Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness.
Protocols that rely on proofs and the supplied verifier of the affected versions of Triton VM are completely broken. Protocols implementing their own verifier might be unaffected.
The flaw was corrected in commit 3a045d63, where the relevant randomness is sampled correctly.
Advisory available under CC0-1.0 license.