milapsheth
commented
2 years ago Since we want domain separation for the zk proofs in the sign protocol, we should use a session nonce that's unique between each sign execution.
Open milapsheth opened 2 years ago
milapsheth
commented
2 years ago Since we want domain separation for the zk proofs in the sign protocol, we should use a session nonce that's unique between each sign execution.
sdaveas
commented
2 years ago We should use the sign UID from protobuf which we currently ignore (need confirmation from axelar-core team that it's indeed unique across signs). https://github.com/axelarnetwork/grpc-protobuf/blob/264427e09ad77ee881b86fe7f0780ec2d9857792/grpc.proto#L119
Unless we don't want tofn to rely on the caller for domain separation.
To prevent further message replayability of GG20 protocol messages, we should add the session nonce as another layer of domain separation to the challenge computation of all the zk proofs. This could be done after switching to the new NIZK trait from #163 to avoid passing session nonce to every zk proof as an argument.