CluEleSsUK
commented
2 months ago As far as I understand you could avoid this by ensuring users commit to their public key (eg by signing with it) before aggregation
Open aludayalu opened 2 months ago
CluEleSsUK
commented
2 months ago As far as I understand you could avoid this by ensuring users commit to their public key (eg by signing with it) before aggregation
aludayalu
commented
2 months ago No I wont be able to do that as that would waste a lot of network bandwidth cuz lot of signatures would be needed to be sent over network.
CluEleSsUK
commented
2 months ago Alternatively they could commit by sending a hash of the public key. Less bandwidth, but still would still require some network interaction
ineiti
commented
2 months ago Why not use the bdn-version of the protocol?
// Package bdn implements the Boneh-Drijvers-Neven signature scheme which is // an implementation of the bls package which is robust against rogue public-key attacks. Those // attacks could allow an attacker to forge a public-key and then make a verifiable // signature for an aggregation of signatures. It fixes the situation by // adding coefficients to the aggregate.
Also - if the attacker knows the public key, they can also send a hash of it, no? :)
CluEleSsUK
commented
2 months ago Ah my intention was a hash of the public key early in the protocol before others shared their keys, but perhaps I’m missing an attack vector!
ineiti
commented
2 months ago I did a shot in the dark :) just read "rogue public key attack" and thought it's about abusing a malleable signature somewhere.
Anyway, I think you should use the bdn package. Would that work?
Also, as you write
I wanted to deploy this library for a production codebase
Please be sure to read and understand the following part of the README:
https://github.com/dedis/kyber?tab=readme-ov-file#target-audience
Most of the code in kyber HAS NOT BEEN CODE REVIEWED AND PROBABLY INCLUDES SOME KIND OF BUGS. It's written for cryptographic researchers, and it's very easy to shoot yourself in the foot. Even if you think you're shooting the target...
aludayalu
commented
2 months ago What is the bdn package? Also do you know about any cryptographic libraries which have good documented bls support? @ineiti
aludayalu
commented
2 months ago @ineiti @CluEleSsUK The solution would be to sign a pseudo randomly generated message and everyone on the network validates it. If the validation was successful then everyone would mark that public key as a verified public key in their local database. From the next time whenever the key is introduced onto the network, the network would not have to verify whether the public key is a forged one or not.
ineiti
commented
2 months ago @aludayalu I'm referring to the comment at the top of the bls package, which refers to this:
https://github.com/dedis/kyber/blob/master/sign/bdn/bdn.go
And, again, please be careful if you use kyber in production software.
I was trying to use the v3/sign/bls library but vscode is giving me this error as whenever i import "go.dedis.ch/kyber/v3/sign/bls".
Error:
I wanted to deploy this library for a production codebase and would want to make sure that I am not using a depreciated library.