Closed has5aan closed 1 year ago
Hey @has5aan :wave: thanks for your contribution! Could you detail what attack is this fix guarding against? If you can call fromBytes
function you know the secret key, so there's no more information you can gain from timing attacks
Hey @has5aan 👋 thanks for your contribution! Could you detail what attack is this fix guarding against? If you can call
fromBytes
function you know the secret key, so there's no more information you can gain from timing attacks
Hi @dapplion; Valid point, the function fromBytes
receives the secret key and doesn't generate any, the idea was to be thorough when performing empty buffer check.
@dapplion Hello!
fromBytes
is used in signing function as well to convert Buffer
to secretKey
.
If we have blsSign(message, signerID)
function which does not accept the private key, attacker can still measure the time of this blsSign
and get the information of amount of leading zeros on the private key
Summary
Replaces the call to
isZeroBytes
withcypto.timingSafeEqual
to achieve constant time comparison to empty buffer.