Closed LLFourn closed 3 months ago
Thanks, good catch. We should probably also just "verify" our own PoK by simply comparing it to what we have sent.
(And we should consider reworking the VSSCommitment
and VSSCommitmentExt
data structures... For example, having the first commitments in the front of the list is a bit implicit, it's probably better to make a tuple... Or better, a namedtuple)
In
simplepedpop_pre_finalize
you need to check that your input fromsimplpedpop_round1
is included in the partially aggregated commitments -- this means that you check the first coefficient matches what you contributed, otherwise a malicious coordinator can switcharoo your commitment with their own.Perhaps this is attack is protected against elsewhere but I couldn't find it.