This repository has been archived by the owner on Oct 28, 2024. It is now read-only.
Eddsa Broken Signature Verification #169
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
In ethsnarks/eddsa.py, there seems to be a missing check on the signature verification step for the param
s. This param should be validated, e.g. that it is in the range 0<s<l where l is the order of the curve. Otherwise, an attacker may forge signatures from a known plaintext-signature pair by simply crafting a differentsvalue that is still equal to the original modulo the order of the curve, for example by simply craftings' = s + lwhere l is the order of the curve.The text was updated successfully, but these errors were encountered: