Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: use domain separation for wallet message signing (#5400)
Description --- Uses domain separation for wallet message Schnorr signatures to prevent context misuse. Supersedes [PR 5394](#5394). Motivation and Context --- Wallets can sign and verify arbitrary messages using their secret keys. Because such messages are signed using Schnorr signatures with a default Fiat-Shamir challenge hash domain, it may be possible to replay them in different contexts, with possibly dangerous consequences. Another [pending PR](#5394) suggests prepending fixed data to wallet messages, but this can still lead to collisions. Fortunately, the `tari-crypto` signature API provides a [handy type alias](https://github.com/tari-project/tari-crypto/blob/8a0823ff690f35409b64ad85a064033706f17580/src/ristretto/ristretto_sig.rs#L116) that makes domain separation straightforward. Using this, it is not possible to produce signature collisions (up to the collision resistance of the hash function itself). This is a safer and more idiomatic design. How Has This Been Tested? --- An existing test passes. What process can a PR reviewer use to test or verify this change? --- Confirm that the `tari-crypto` signature API is being used correctly, and that the macro-derived domain separator is unique within the codebase. Breaking Changes --- Existing signatures will fail to verify, but this is unlikely to be problematic.
- Loading branch information
1 parent
cbdca6f
commit 7d71f8b
Showing
3 changed files
with
19 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters