kyber icon indicating copy to clipboard operation
kyber copied to clipboard
verified publisher icon dedis

v3/sign/bls shows up as depreciated when i try to import it

Open aludayalu opened this issue 1 year ago • 9 comments

I was trying to use the v3/sign/bls library but vscode is giving me this error as whenever i import "go.dedis.ch/kyber/v3/sign/bls".

Error:

"go.dedis.ch/kyber/v3/sign/bls" is deprecated: This version is vulnerable to rogue public-key attack and the new version of the protocol should be used to make sure a signature aggregate cannot be verified by a forged key. You can find the protocol in kyber/sign/bdn. Note that only the aggregation is broken against the attack and a later version will merge bls and asmbls.deprecated(default)
Screenshot 2024-04-26 at 1 04 58 AM

I wanted to deploy this library for a production codebase and would want to make sure that I am not using a depreciated library.

aludayalu avatar Apr 25 '24 19:04 aludayalu

As far as I understand you could avoid this by ensuring users commit to their public key (eg by signing with it) before aggregation

CluEleSsUK avatar Apr 25 '24 21:04 CluEleSsUK

No I wont be able to do that as that would waste a lot of network bandwidth cuz lot of signatures would be needed to be sent over network.

aludayalu avatar Apr 26 '24 08:04 aludayalu

Alternatively they could commit by sending a hash of the public key. Less bandwidth, but still would still require some network interaction

CluEleSsUK avatar Apr 26 '24 09:04 CluEleSsUK

Why not use the bdn-version of the protocol?

// Package bdn implements the Boneh-Drijvers-Neven signature scheme which is // an implementation of the bls package which is robust against rogue public-key attacks. Those // attacks could allow an attacker to forge a public-key and then make a verifiable // signature for an aggregation of signatures. It fixes the situation by // adding coefficients to the aggregate.

Also - if the attacker knows the public key, they can also send a hash of it, no? :)

ineiti avatar Apr 26 '24 10:04 ineiti

Ah my intention was a hash of the public key early in the protocol before others shared their keys, but perhaps I’m missing an attack vector!

CluEleSsUK avatar Apr 26 '24 10:04 CluEleSsUK

I did a shot in the dark :) just read "rogue public key attack" and thought it's about abusing a malleable signature somewhere.

Anyway, I think you should use the bdn package. Would that work?

Also, as you write

I wanted to deploy this library for a production codebase

Please be sure to read and understand the following part of the README:

https://github.com/dedis/kyber?tab=readme-ov-file#target-audience

Most of the code in kyber HAS NOT BEEN CODE REVIEWED AND PROBABLY INCLUDES SOME KIND OF BUGS. It's written for cryptographic researchers, and it's very easy to shoot yourself in the foot. Even if you think you're shooting the target...

ineiti avatar Apr 26 '24 11:04 ineiti

What is the bdn package? Also do you know about any cryptographic libraries which have good documented bls support? @ineiti

aludayalu avatar Apr 28 '24 01:04 aludayalu

@ineiti @CluEleSsUK The solution would be to sign a pseudo randomly generated message and everyone on the network validates it. If the validation was successful then everyone would mark that public key as a verified public key in their local database. From the next time whenever the key is introduced onto the network, the network would not have to verify whether the public key is a forged one or not.

aludayalu avatar Apr 28 '24 01:04 aludayalu

@aludayalu I'm referring to the comment at the top of the bls package, which refers to this:

https://github.com/dedis/kyber/blob/master/sign/bdn/bdn.go

And, again, please be careful if you use kyber in production software.

ineiti avatar Apr 30 '24 08:04 ineiti

I believe this has been addressed. Closing the issue now.

pierluca avatar Jul 15 '24 08:07 pierluca