Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a cautionary assert to share_at_indices to prevent user from misusing the api and passing 0 as index #157

Merged
merged 3 commits into from
Dec 20, 2021
Merged

Add a cautionary assert to share_at_indices to prevent user from misusing the api and passing 0 as index #157

merged 3 commits into from
Dec 20, 2021

Conversation

elichai
Copy link
Contributor

@elichai elichai commented Dec 7, 2021

VerifiableSS::share_at_indices is meant for users to share a secret at f(0), the caller of this API is required to check that the indexes aren't controlled by an attacker, as an attacker could say that their index is the same as some other party's index, or that it is zero, or even claim that it has multiple indices allowing it to have t points by its self.

Nonetheless after a report from Trail-Of-Bits we add a cautionary assert to make sure the indices don't contain any zeros, because this is the worst kind of API mistake the user can make (as it tells them the secret)

MatanHamilis
MatanHamilis reviewed Dec 7, 2021
View reviewed changes
src/cryptographic_primitives/secret_sharing/feldman_vss.rs Outdated
@@ -102,14 +102,19 @@ impl<E: Curve> VerifiableSS<E> {
)
}

// generate VerifiableSS from a secret and user defined x values (in case user wants to distribute point f(1), f(4), f(6) and not f(1),f(2),f(3))
/// generate VerifiableSS from a secret and user defined x values (in case user wants to distribute point f(1), f(4), f(6) and not f(1),f(2),f(3))
/// NOTE: The caller should make sure that `t`, `n` and the contents of `index_vec` can't be controlled by a malicious party..
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Redundant period at EOL.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

src/cryptographic_primitives/secret_sharing/feldman_vss.rs Outdated
pub fn share_at_indices(
t: u16,
n: u16,
secret: &Scalar<E>,
index_vec: &[u16],
) -> (VerifiableSS<E>, SecretShares<E>) {
assert_eq!(usize::from(n), index_vec.len());
assert!(
!index_vec.iter().any(|&i| i == 0),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps we want the the vector to be of type NonZeroU16?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed to an iterator of NonZeroU16

@omershlo omershlo merged commit 842941c into master Dec 20, 2021
@elichai elichai deleted the shares branch December 21, 2021 14:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MatanHamilis MatanHamilis MatanHamilis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@elichai @MatanHamilis @omershlo