Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check length of polynomials #88

Merged
merged 17 commits into from
Oct 1, 2024
Merged

Check length of polynomials #88

merged 17 commits into from
Oct 1, 2024

Conversation

xoloki
Copy link
Collaborator

@xoloki xoloki commented Sep 25, 2024

This change fixes a DoS that results from incorrectly sized polynomials. A polynomial that is too large will result in signatures that fail to verify, and one that is too small will lead to a panic when initializing the signature aggregator.

Fixes #87

@xoloki xoloki requested a review from djordon September 25, 2024 22:26
djordon
djordon reviewed Sep 26, 2024
View reviewed changes
Copy link
Contributor

@djordon djordon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The logic looks good, but shouldn't we add tests here too?

src/v1.rs Show resolved Hide resolved
src/v2.rs Show resolved Hide resolved
src/errors.rs Show resolved Hide resolved
@xoloki
Copy link
Collaborator Author

xoloki commented Sep 26, 2024

The logic looks good, but shouldn't we add tests here too?

Indeed, I’ll add some tomorrow

@xoloki xoloki requested a review from djordon September 26, 2024 15:54
@xoloki
Copy link
Collaborator Author

xoloki commented Sep 26, 2024

Ok @djordon new generic test added and called from v1 and v2.

djordon
djordon approved these changes Sep 27, 2024
View reviewed changes
Copy link
Contributor

@djordon djordon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

Suppose at the end of all of this, there is a bad party member who uses an incorrect polynomial length. Does WSTS associate the party id to their public key or is that all left to the caller?

src/v1.rs Show resolved Hide resolved
src/traits.rs Outdated Show resolved Hide resolved
@xoloki
Copy link
Collaborator Author

xoloki commented Sep 27, 2024

Looks good.

Suppose at the end of all of this, there is a bad party member who uses an incorrect polynomial length. Does WSTS associate the party id to their public key or is that all left to the caller?

Oh, very good question. It looks like SignerStateMachine was trying to be clever, and looked for bad public shares before calling compute_secrets. This allowed it to handle both v1 and v2, since in the v1 case we need to associate the party_id with a signer_id.

So we need to check that the poly length equals the threshold there too.

@xoloki
Copy link
Collaborator Author

xoloki commented Sep 27, 2024
edited
Loading

Thinking about this more, maybe we shouldn't do a separate check for BadPublicShares, and just let it fall out of compute_secrets like BadPrivateShares:

Here's the duplicated BadPublicShares check:
https://github.com/Trust-Machines/wsts/blob/main/src/state_machine/signer/mod.rs#L346
https://github.com/Trust-Machines/wsts/blob/main/src/state_machine/signer/mod.rs#L371

Here's the actual compute_secrets call which only handles BadPrivateShares:
https://github.com/Trust-Machines/wsts/blob/main/src/state_machine/signer/mod.rs#L400

Here's where we map the party_id to a signer_id:
https://github.com/Trust-Machines/wsts/blob/main/src/state_machine/signer/mod.rs#L405

Thoughts?

@djordon djordon self-requested a review September 27, 2024 06:10
@xoloki
Copy link
Collaborator Author

xoloki commented Sep 27, 2024

I went ahead and fixed it in the separate check, then added a test. Are you okay with merging as is @djordon ?

technovision99
technovision99 reviewed Sep 28, 2024
View reviewed changes
src/traits.rs Outdated Show resolved Hide resolved
djordon
djordon reviewed Sep 30, 2024
View reviewed changes
src/v1.rs Outdated Show resolved Hide resolved
src/v2.rs Outdated Show resolved Hide resolved
@xoloki xoloki merged commit 91a37c8 into main Oct 1, 2024
5 checks passed
@xoloki xoloki deleted the check-poly-length branch October 1, 2024 17:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@technovision99 technovision99 technovision99 left review comments

@djordon djordon djordon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Check polynomial lengths
3 participants
@xoloki @djordon @technovision99