SM9 Infinity-Point Ciphertext Forgery Vulnerability
The direct impact of this vulnerability is ciphertext forgery, not confidentiality loss. The attacker does not need the master public key, the user's private key, or any other secret material. The attacker only needs to know the target UID to construct a seemingly valid ciphertext. When the recipient invokes the SM9 decryption API, the forged ciphertext decrypts successfully to attacker-chosen plaintext. The C3 integrity check also passes, so this is …