github.com/drand/kyber/sign/bls is deprecated

Zondax / drand

🎲 A Distributed Randomness Beacon Daemon - Go implementation

Other

0 stars 1 forks source link

github.com/drand/kyber/sign/bls is deprecated #17

Open jleni opened 2 years ago

jleni commented 2 years ago

Analyse and address this error:

key/curve.go:9:2: SA1019: package github.com/drand/kyber/sign/bls is deprecated: This version is vulnerable to rogue public-key attack and the new version of the protocol should be used to make sure a signature aggregate cannot be verified by a forged key. You can find the protocol in kyber/sign/bdn. Note that only the aggregation is broken against the attack and a later version will merge bls and asmbls. (staticcheck)
    sign "github.com/drand/kyber/sign/bls"

nikkolasg commented 2 years ago

I believe we are not concerned with that deprecation notice since we are not using BLS signature aggregation at all. We verify each individual signature independently.