wharfkit / antelope

Core types, client interfaces, and other tools for working with Antelope-based blockchains.
Other
44 stars 23 forks source link

secp256k1 may not be suitable for EDCH encryption: they are susceptible to Twist Attacks #105

Open theblockstalk opened 6 months ago

theblockstalk commented 6 months ago

secp256k1 keys may not be suitable for EDCH

I found out about this issue when looking into using a secp256k1 key using the well supported did-jwt library, where I found this note: https://github.com/decentralized-identity/veramo/blob/0c22cc6a79e974214500e4440b0ea2977012377d/packages/utils/src/did-utils.ts#L269

I then followed up and found secp256k1 keys are not supported due to Twist attacks. See here

This issue is prevalent during the EDCH code found in https://github.com/wharfkit/antelope/blob/master/src/crypto/shared-secret.ts

jnordberg commented 6 months ago

If I don't misremember eos public keys are always compressed so would be hard for an attacker to craft a malicious public key. Wouldn't hurt to validate the point in the shared secret method though, if the elliptic library doesn't do it already.