Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Blocks created by shuffle and decrypt are signed with a useless signature #2510

Open
ineiti opened this issue Jun 28, 2023 · 0 comments
Open

Blocks created by shuffle and decrypt are signed with a useless signature #2510

ineiti opened this issue Jun 28, 2023 · 0 comments

Comments

@ineiti
Copy link
Member

ineiti commented Jun 28, 2023

The shuffle and decrypt protocols create a signature of the public key of the
node who did the shuffle/decrypt and put this signature in the block.
However, this signature is pretty useless, as it can easily be copied and re-used!

Fix: sign the actual data that is sent to the chain, if possible add the hash of the previous block to the data which is signed
ineiti added a commit that referenced this issue Jun 28, 2023
@ineiti
Security review and some comments
e4086b3 
Added some security bugs found while adding the new functionalities.
They are here: #2507 #2508 #2509 #2510

Also added some comments and fixed some typos.
@ineiti ineiti mentioned this issue Jul 17, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ineiti