fix: SecretKey.fromBytes perform constant time comparison to zero bytes

ChainSafe / blst-ts

Typescript wrapper for https://github.com/supranational/blst native bindings, a highly performant BLS12-381 signature library

Other

18 stars 13 forks source link

fix: SecretKey.fromBytes perform constant time comparison to zero bytes #108

Closed has5aan closed 1 year ago

has5aan commented 1 year ago

Summary

Replaces the call to isZeroBytes with cypto.timingSafeEqual to achieve constant time comparison to empty buffer.

dapplion commented 1 year ago

Hey @has5aan :wave: thanks for your contribution! Could you detail what attack is this fix guarding against? If you can call fromBytes function you know the secret key, so there's no more information you can gain from timing attacks

has5aan commented 1 year ago

Hey @has5aan 👋 thanks for your contribution! Could you detail what attack is this fix guarding against? If you can call fromBytes function you know the secret key, so there's no more information you can gain from timing attacks

Hi @dapplion; Valid point, the function fromBytes receives the secret key and doesn't generate any, the idea was to be thorough when performing empty buffer check.

shuse2 commented 1 year ago

@dapplion Hello! fromBytes is used in signing function as well to convert Buffer to secretKey. If we have blsSign(message, signerID) function which does not accept the private key, attacker can still measure the time of this blsSign and get the information of amount of leading zeros on the private key

CLAassistant commented 1 year ago

All committers have signed the CLA.