DKGResultVerification.verify byte inputs validation #1525
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes: #1524
Three additional validations added to
bytes
input parameters inDKGResultVerification.verify
to limit the possibility of arbitrarily moving bytes betweengroupPubKey
andmisbehaved
by the submitter:groupPubKey
must have exactly128
bytesIt is altbn128 G2 point in uncompressed form; it must have
128
bytes.misbehaved
can be up togroup_size - signature_threshold
bytesmisbehaved
can be empty or can have some elements but it can never have more elements than the group size minus the minimum DKG result signature threshold. No group member will vote on the result where it is marked as misbehaving. If the result is going to be accepted, it must have at least the minimum signature threshold. Hence, the maximum number of members indicated as misbehaving isgroup_size - signature_threshold
. If the number of elements inmisbehaved
is higher than the client is broken or it's trying to cheat.number of signatures supporting the result can not be higher than the group size
The number of possible valid signatures should be limited by
members
array passed toverify
function as a parameter. However, sinceDKGResultVerification
library keeps a group size in its storage, it makes sense to do all the validation possible to make sure the internal state is consistent.#1524, as per audit, recommends adding a salt between the group public key and misbehaved. This PR does not contain this change as I don't see a clear advantage of this, given that: