`SecretKeyMaterial` is handled recklessly in <./rust-arkworks>

plume-sig / zk-nullifier-sig

Implementation of PLUME: nullifier friendly signature scheme on ECDSA

MIT License

128 stars 22 forks source link

`SecretKeyMaterial` is handled recklessly in <./rust-arkworks> #89

Open skaunov opened 5 months ago

skaunov commented 5 months ago

It's yet named SecretKey, oncoming PR renames it to not give false impression of security.

here arkworks should be checked for proper methods for keys handling at least zeroize should be applied also would be nice to check that proper RNG is enforced