This PR addresses the issues that were found during the Trail of Bits audit:
Add checks to the MakeBytes function that returns an error if the size is less than
or equal to zero or if the size is larger than a predetermined value. TOB-CNSF-001
Add a check to ensure that each random scalar value generated is non-zero.
TOB-CNSF-002
Add nil pointer checks to all affected functions. TOB-CNSF-004
Add checks inside the signature and VRF verification functions to reject all inputs
when the public key is the point at infinity. TOB-CNSF-005
The only point that has not been addressed (and likely will not be fixed) is:
Consider including the base point in the calculation of the challenge scalar.
TOB-CNSF-003
The rust implementers have indicated that this is not needed, as the protocol will never change and the hashing context is included, which is sufficient for our needs. Additionally, it will break cross-compatibility with the rust implemenation and will break backwards-compatibility with the Polkadot protocol.
This PR addresses the issues that were found during the Trail of Bits audit:
The only point that has not been addressed (and likely will not be fixed) is:
The rust implementers have indicated that this is not needed, as the protocol will never change and the hashing context is included, which is sufficient for our needs. Additionally, it will break cross-compatibility with the rust implemenation and will break backwards-compatibility with the Polkadot protocol.