With fresh amd64 VMs using the latest Ubuntu point releases, I was able to reproduce your report on Ubuntu Focal 20.04.06 (`libcrypto++` version 5.6.4-9build1). Both Bionic 18.04.06 (`libcrypto++` version 5.6.4-8) and Jammy 22.04.04 (`libcrypto++` version 8.6.0-2ubuntu1) had the expected result.
Also on Ubuntu Focal 20.04.04, I installed [Debian's `libcrypto++` version 5.6.4-9](https://snapshot.debian.org/package/libcrypto++/5.6.4-9/) directly. This version also has the error. Debian's `libcrypto++` version immediately prior [5.6.4-8](https://snapshot.debian.org/package/libcrypto++/5.6.4-8/) is not affected. The Debian version afterwards, [5.6.4-10](https://snapshot.debian.org/package/libcrypto++/5.6.4-10/), is affected, but [6.1.0-1](https://snapshot.debian.org/package/libcrypto++/6.1.0-1/) is not. So, the issue is only known to affect packages based on Debian `libcrypto++` 5.6.4-9 and 5.6.4-10. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2060564 Title: miscomputation of ECP::ScalarMultiply() using 5.6.4-9 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcrypto++/+bug/2060564/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs