PuTTY vulnerability vuln-p521-bias

https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html [www.chiark.greenend.org.uk]

2024-04-15 20:42

In all of those cases except P521, the bias introduced by reducing a 512-bit number mod q is negligible. But in the case of P521, where q has 521 bits (i.e. more than 512), reducing a 512-bit number mod q has no effect at all – you get a value of k whose top 9 bits are always zero.

CVE-2024-31497