search

c0dearm / sharks

Fast, small and secure Shamir's Secret Sharing library crate
https://crates.io/crates/sharks
Other
61 stars 13 forks source link

Perform a security audit to this library #5

Open c0dearm opened 4 years ago

c0dearm commented 4 years ago

I would like help from the community to run a serious security audit around this library and write issues about possible vulnerabilities

librelois commented 3 years ago

After studying the source code it seems to me that you do not deal with this problem:

https://en.wikipedia.org/wiki/Shamir's_Secret_Sharing#Problem

Maybe there's something I didn't understand. Are you treating this problem? And if so how?

c0dearm commented 3 years ago

Hi @librelois, thanks for you input.

We deal with this problem by using finite field arithmetic, like the solution proposed in the link you shared.

More concretely, we use the Galois Field of characteristic 2 and dimension 8. This a good tradeoff because it makes it difficult to gain information for the reasons stated in the link and at the same time is computationally efficient because it allows to implement the algorithm using binary operations.

librelois commented 3 years ago

Indeed I had focused only on the math module and I thought that the additions and multiplications were done like on a classical u8. I just saw in the field module that it's not, thank you for your answer :)

RyanSquared commented 3 months ago

Howdy, an organization I'm affiliated with has paid for a security audit of a project that uses sharks, and I have some information I'd like to disclose. Would you mind reaching out to me? I can be reached at ryan@distrust.co.