Jade on Liquid - sign with sighash ALL | RANGEPROOF

Blockstream / Jade

Jade hardware wallet

MIT License

322 stars 50 forks source link

Jade on Liquid - sign with sighash ALL | RANGEPROOF #23

Open stepansnigirev opened 3 years ago

stepansnigirev commented 3 years ago

Signatures returned from Jade are not commiting to rangeproofs. This can cause lock of funds.

Malicious software wallet can generate invalid rangeproof in change output of the transaction using an attacker's blinding key. Then the user will not be able to unblind change output and will not be able to spend this money.

It's not a loss of funds, but certainly lock of funds and an opportunity for ransomware attacks.

JamieDriver commented 3 years ago

Acknowledged.
At the moment Jade does not sign with this flag, consistent with green software wallets.

stepansnigirev commented 2 years ago

When / if you will be implementing that, would it be possible to also support external master blinding keys for multisig wallets? How I see it:

if the wallet is single-sig and the key belongs to the device - verify that correct blinding key is used (slip77 from seed) - check you can rewind the rangeproof, if all good - it's a change output
if multisig is used - allow master blinding key for the wallet to be set externally (when multisig wallet is registered, for example). And use this master key to check you can rewind the proof in multisig change outputs

JamieDriver commented 2 years ago

Yes, agree with the above or something v similar. Hopefully we'll be looking at this soon. I'll keep you informed.

tiero commented 2 years ago