BLS operations involving secret data are not constant time #8911

shuse2 · 2023-08-30T15:39:35Z

Description

Partially resolved in PR #8487, PR #8829, PR #8877, and PR #8881.
However, the code still has calls to SecretKey.fromBytes, which, as specified in the issue, is vulnerable to timing attacks as specified in the original issue #8449

Which version(s) does this affect? (Environment, OS, etc...)

6.0.0-beta.7

Madhulearn · 2023-09-26T20:14:25Z

PR on external repo.
[fix: SecretKey.fromBytes perform constant time comparison to zero bytes by has5aan · Pull Request #108 · ChainSafe/blst-ts](ChainSafe/blst-ts#108)

shuse2 added type: bug elements/cryptography labels Aug 30, 2023

has5aan self-assigned this Aug 31, 2023

Madhulearn added this to the Sprint 103 milestone Aug 31, 2023

Madhulearn mentioned this issue Sep 7, 2023

Prepare Lisk SDK v6.0.0 for production #7242

Closed

34 tasks

Madhulearn modified the milestones: Sprint 103, Sprint 104 Sep 12, 2023

Madhulearn unassigned has5aan Sep 12, 2023

Madhulearn assigned has5aan Sep 20, 2023

Madhulearn closed this as completed Sep 24, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

BLS operations involving secret data are not constant time #8911

BLS operations involving secret data are not constant time #8911

shuse2 commented Aug 30, 2023

Madhulearn commented Sep 26, 2023

BLS operations involving secret data are not constant time #8911

BLS operations involving secret data are not constant time #8911

Comments

shuse2 commented Aug 30, 2023

Description

Which version(s) does this affect? (Environment, OS, etc...)

Madhulearn commented Sep 26, 2023