Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update blst to 0.3.12 #3079

Open
vtamara opened this issue Jun 4, 2024 · 0 comments · May be fixed by #3080
Open

Update blst to 0.3.12 #3079

vtamara opened this issue Jun 4, 2024 · 0 comments · May be fixed by #3080
Labels
enhancement New feature or request

Comments

@vtamara
Copy link
Contributor

vtamara commented Jun 4, 2024
edited

Context and scope

Currently avalanchego uses the version 0.3.11 of the library blst to implement the cryptographic signature BLS12-381. The version 0.3.12 of blst improves security as described in its release notes https://github.com/supranational/blst/releases/tag/v0.3.12 and in particular includes the commits supranational/blst@dae1f94 and supranational/blst@6cca12a that

  1. Improve security of the library by moving constants to a read-only section (not allowing attackers to modify the constants after the program starts)
  2. Works with OpenBSD/adJ and advances Support OpenBSD/adJ #2782. Due to security policies of that OS the previous version 0.3.11 with avalanchego produced segmentation faults sporadically, see Segmentation fault in some machines and not in others using OpenBSD adJ74 supranational/blst#206 The issue was solved with the mentioned commits included in version 0.3.12.

Discussion and alternatives
IMHO it is a good security practice to update version of libraries periodically.

Open questions
@vtamara vtamara added the enhancement New feature or request label Jun 4, 2024
vtamara added a commit to vtamara/avalanchego that referenced this issue Jun 4, 2024
@vtamara
Updates blsd to version 0.3.12. Closes ava-labs#3079
b8cc851
@vtamara vtamara linked a pull request Jun 4, 2024 that will close this issue
Open
vtamara added a commit to vtamara/avalanchego that referenced this issue Jun 4, 2024
@vtamara
Updates blsd to version 0.3.12. Closes ava-labs#3079
18e82a6
vtamara added a commit to vtamara/avalanchego that referenced this issue Jul 26, 2024
@vtamara
Updates blst to version 0.3.12. Closes ava-labs#3079
e75e0ad
@vtamara vtamara changed the title Update blst to 0.3.12 Update blst to 0.3.13 Jul 29, 2024
@vtamara vtamara changed the title Update blst to 0.3.13 Update blst to 0.3.12 Jul 29, 2024
This was referenced Jul 29, 2024
Open
Open
Open
Open
@vtamara vtamara mentioned this issue Aug 5, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
Platform Engineering Group
Status: Backlog 🗄️
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Updates blst to version 0.3.12. Closes #3079 vtamara/avalanchego
1 participant
@vtamara