Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto: fix bls rogue attack #680

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

crypto: fix bls rogue attack #680

wants to merge 4 commits into from

Conversation

gitferry
Copy link
Member

Closes https://github.com/babylonlabs-io/pm/issues/289. Below is what is recomended to fix the issue which the reviewer should follow to check:

  1. For signatures, use the domain separation tag specified for the PoP ciphersuite in the BLS specification: BLS_SIG_BLS12381G1_XMD:SHA-256_SSWU_RO_POP_
  2. Expose PopProve and PopVerify functions distinct from the standard Sign and Verify functions, and use them when creating all proofs of possession. For these functions, use the domain separation tag specified for PopProve and PopVerify in the BLS spec: BLS_POP_BLS12381G1_XMD:SHA-256_SSWU_RO_POP_
  3. In the BuildPoP function in app/signer/types.go, use the PopProve function described above in place of Sign. Instead of the current value, Sign(EdSk, BlsPubKey), use the message BlsPubKey || Sign(EdSk, BlsPubKey) in the PoP.

KonradStaniec
KonradStaniec reviewed Mar 14, 2025
View reviewed changes
crypto/bls12381/bls.go Outdated
// BLS public key. The sig and public key are all compressed
func PopVerify(sig Signature, pk PublicKey, msg []byte) (bool, error) {
dummySig := new(BlsSig)
return dummySig.VerifyCompressed(sig, false, pk, false, msg, DST_POP), nil
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't we verify the:

  • sigGroupcheck
  • pkValidate

i.e set both check flags to true ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice find! Although not sure pkValidate should be true as it is not mentioned by Cubist. Will check with them

@gitferry gitferry requested a review from KonradStaniec March 14, 2025 09:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SebastianElvis SebastianElvis SebastianElvis approved these changes

@KonradStaniec KonradStaniec Awaiting requested review from KonradStaniec

Assignees
No one assigned
Labels
backport-to-release/v1.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gitferry @SebastianElvis @KonradStaniec