Use a safer method to generate Grumpkin private key from mnemonic
#2052
Labels
A-security
Area: Relates to security. Something is insecure.
Comments
PhilWindle
added a commit
that referenced
this issue
Sep 7, 2023
Fixes #1912 **Note 1**: I removed the Signer interface as the difference in private key types between `Grumpkin` and `secp256k1` made it impractical. Now we have a special type only for the "`Grumpkin` key" and the `secp256k1` key is represented as either as a `Buffer` or as `0x${string}` (in case of publisher private key). **Note 2**: I changed some of the hardcoded private keys because they didn't fit to `GrumpkinScalar` and auto-reduction is no longer allowed. **Note 3**: The way we get Grumpkin private key from mnemonic is insecure so I've created [this issue](#2052) for it. # Checklist: Remove the checklist to signal you've completed it. Enable auto-merge if the PR is ready to merge. - [ ] If the pull request requires a cryptography review (e.g. cryptographic algorithm implementations) I have added the 'crypto' tag. - [ ] I have reviewed my diff in github, line by line and removed unexpected formatting changes, testing logs, or commented-out code. - [ ] Every change is related to the PR description. - [ ] I have [linked](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue) this pull request to relevant issues (if any exist). --------- Co-authored-by: spypsy <spypsy@outlook.com> Co-authored-by: PhilWindle <philip.windle@gmail.com>
AztecBot
pushed a commit
to AztecProtocol/barretenberg
that referenced
this issue
Sep 7, 2023
Fixes #1912
**Note 1**: I removed the Signer interface as the difference in private
key types between `Grumpkin` and `secp256k1` made it impractical. Now we
have a special type only for the "`Grumpkin` key" and the `secp256k1`
key is represented as either as a `Buffer` or as `0x${string}` (in case
of publisher private key).
**Note 2**: I changed some of the hardcoded private keys because they
didn't fit to `GrumpkinScalar` and auto-reduction is no longer allowed.
**Note 3**: The way we get Grumpkin private key from mnemonic is
insecure so I've created [this
issue](AztecProtocol/aztec-packages#2052) for
it.
# Checklist:
Remove the checklist to signal you've completed it. Enable auto-merge if
the PR is ready to merge.
- [ ] If the pull request requires a cryptography review (e.g.
cryptographic algorithm implementations) I have added the 'crypto' tag.
- [ ] I have reviewed my diff in github, line by line and removed
unexpected formatting changes, testing logs, or commented-out code.
- [ ] Every change is related to the PR description.
- [ ] I have
[linked](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue)
this pull request to relevant issues (if any exist).
---------
Co-authored-by: spypsy <spypsy@outlook.com>
Co-authored-by: PhilWindle <philip.windle@gmail.com>
superstar0402
added a commit
to superstar0402/aztec-nr
that referenced
this issue
Aug 16, 2024
Fixes #1912
**Note 1**: I removed the Signer interface as the difference in private
key types between `Grumpkin` and `secp256k1` made it impractical. Now we
have a special type only for the "`Grumpkin` key" and the `secp256k1`
key is represented as either as a `Buffer` or as `0x${string}` (in case
of publisher private key).
**Note 2**: I changed some of the hardcoded private keys because they
didn't fit to `GrumpkinScalar` and auto-reduction is no longer allowed.
**Note 3**: The way we get Grumpkin private key from mnemonic is
insecure so I've created [this
issue](AztecProtocol/aztec-packages#2052) for
it.
# Checklist:
Remove the checklist to signal you've completed it. Enable auto-merge if
the PR is ready to merge.
- [ ] If the pull request requires a cryptography review (e.g.
cryptographic algorithm implementations) I have added the 'crypto' tag.
- [ ] I have reviewed my diff in github, line by line and removed
unexpected formatting changes, testing logs, or commented-out code.
- [ ] Every change is related to the PR description.
- [ ] I have
[linked](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue)
this pull request to relevant issues (if any exist).
---------
Co-authored-by: spypsy <spypsy@outlook.com>
Co-authored-by: PhilWindle <philip.windle@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, we use
viemto first get an Ethereum private key from mnemonic and then we reduce that 256 bit value to fit in Grumpkin's scalar field. @kevaundray thinks this approach is insufficient for mainnet it has modulo bias. We agreed that it makes sense to postpone dealing with this issue until before mainnet.Update:
GrumpkinScalar.randomis possibly modulo biased as well. Nuke it all before mainnet.The text was updated successfully, but these errors were encountered: