pipermerriam
commented
4 years ago If this isn't explicitely part of #79 maybe this change can be extracted to a stand-alone PR?
Open kirk-baird opened 4 years ago
pipermerriam
commented
4 years ago If this isn't explicitely part of #79 maybe this change can be extracted to a stand-alone PR?
kirk-baird
commented
4 years ago I made this PR cause it is a security vulnerability that currently exists but it is included as part or the BLS stand.
Do you this it should be it's own PR or part of the BLS standard PR?
kirk-baird
commented
4 years ago I've added this in #79
What is wrong?
Currently verification of a signature does not check that the signature is in the correct subgroup. This poses a security risk when verifying a pairing.
How can it be fixed
When verifying a signature check
r * sig == 0before pairing.I will update #79 to include the check as this had been inserted into the standard.