Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a cautionary assert to share_at_indices to prevent user from misusing the api and passing 0 as index #157

Merged
merged 3 commits into from
Dec 20, 2021

Conversation

elichai
Copy link
Contributor

@elichai elichai commented Dec 7, 2021

VerifiableSS::share_at_indices is meant for users to share a secret at f(0), the caller of this API is required to check that the indexes aren't controlled by an attacker, as an attacker could say that their index is the same as some other party's index, or that it is zero, or even claim that it has multiple indices allowing it to have t points by its self.

Nonetheless after a report from Trail-Of-Bits we add a cautionary assert to make sure the indices don't contain any zeros, because this is the worst kind of API mistake the user can make (as it tells them the secret)

@@ -102,14 +102,19 @@ impl<E: Curve> VerifiableSS<E> {
)
}

// generate VerifiableSS from a secret and user defined x values (in case user wants to distribute point f(1), f(4), f(6) and not f(1),f(2),f(3))
/// generate VerifiableSS from a secret and user defined x values (in case user wants to distribute point f(1), f(4), f(6) and not f(1),f(2),f(3))
/// NOTE: The caller should make sure that `t`, `n` and the contents of `index_vec` can't be controlled by a malicious party..
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Redundant period at EOL.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

pub fn share_at_indices(
t: u16,
n: u16,
secret: &Scalar<E>,
index_vec: &[u16],
) -> (VerifiableSS<E>, SecretShares<E>) {
assert_eq!(usize::from(n), index_vec.len());
assert!(
!index_vec.iter().any(|&i| i == 0),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps we want the the vector to be of type NonZeroU16?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed to an iterator of NonZeroU16

@omershlo omershlo merged commit 842941c into master Dec 20, 2021
@elichai elichai deleted the shares branch December 21, 2021 14:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants