search

ethereum / builder-specs

Specification for the external block builders.
https://ethereum.github.io/builder-specs/
Creative Commons Zero v1.0 Universal
175 stars 59 forks source link

Usage of the BLS signature scheme should mandate a "proof-of-possession" check #43

Open ralexstokes opened 2 years ago

ralexstokes commented 2 years ago

there is a well-known attack on the BLS signature scheme called a "rogue public key" attack

you can read more about it here: https://hackmd.io/@benjaminion/bls12-381#Rogue-key-attacks

the mitigation is straightforward: publish a "proof of possession" along w/ the public key.

given that this spec current requires builders to sign over their messages, we should also specify that builders publish a "proof-of-possession" alongside their public key and any other configuration info required to connect.

concretely, the "proof-of-possession" can just sign over the message that is the encoding of the builder's BLS public key according to the SSZ spec defined in this repo: https://github.com/ethereum/consensus-specs

ralexstokes commented 2 years ago

note: this attack is only relevant in the context of aggregation in the BLS scheme and there is no usage of aggregation in the builder-specs for now so resolution of this issue is not urgent but should also not be forgotten :)