Article at https://github.com/MystenLabs/ed25519-unsafe-libs mentions potentially unsafe ed25519 signature libraries that allow a public api where secret and public key can be provided independently as signing function inputs. Misuse of these public apis can result to private key exposure.
Background
Article at https://github.com/MystenLabs/ed25519-unsafe-libs mentions potentially unsafe ed25519 signature libraries that allow a public api where secret and public key can be provided independently as signing function inputs. Misuse of these public apis can result to private key exposure.
Solution
Following Substrate on using
ed25519-zebra
bindings in stead ofed25519-dalek
: https://github.com/paritytech/substrate/pull/11781