You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A recent PR showed an instance where a Schnorr signature is used without domain separation. This is a good opportunity to check other uses of such signatures and ensure they use domain separation.
The underlying tari-crypto implementation of Schnorr signatures provides for optional domain separation. If a domain separator is not supplied, a default is used.
This is risky. Signatures intended for use in different contexts must use unique domain separation; otherwise, it may be possible to replay a signature in an unexpected context, which can have very bad consequences. The intent of making it optional was simplicity, but it also introduces real risk if not carefully applied.
This issue should be closed when it's confirmed that domain separation is used in all cases throughout the codebase.
Separately, I think it's a good idea to make the underlying tari-crypto library enforce a domain separator, but that's a PR for another day.
The text was updated successfully, but these errors were encountered:
A recent PR showed an instance where a Schnorr signature is used without domain separation. This is a good opportunity to check other uses of such signatures and ensure they use domain separation.
The underlying
tari-crypto
implementation of Schnorr signatures provides for optional domain separation. If a domain separator is not supplied, a default is used.This is risky. Signatures intended for use in different contexts must use unique domain separation; otherwise, it may be possible to replay a signature in an unexpected context, which can have very bad consequences. The intent of making it optional was simplicity, but it also introduces real risk if not carefully applied.
This issue should be closed when it's confirmed that domain separation is used in all cases throughout the codebase.
Separately, I think it's a good idea to make the underlying
tari-crypto
library enforce a domain separator, but that's a PR for another day.The text was updated successfully, but these errors were encountered: