New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security #18

Open

ERussel opened this issue Jul 13, 2021 · 1 comment

ERussel commented Jul 13, 2021

Hello! Thank you for such useful implementation. I have several questions:

Is there any security audit conducted for the library as part of the w3f grant?
Looks like in sr25519_keypair_ed25519_to_uniform implementation missing secret_key_key[31] &= 0b0111_1111 operation. As I understand it protects against invalid value which still have nonzero probability. Am I missing something?

The text was updated successfully, but these errors were encountered:

Owner

TerenceGe commented Aug 24, 2021 •

edited

Loading

Hello, thanks for the questions.

The people from W3F did review the code but I'm not sure if they have allocated resource for security auditing yet.
sr25519_keypair_ed25519_to_uniform is just used to convert ed25519 format keypair into uniform format, not to generate keypair. "secret_key_key[31] &= 0b0111_1111" is included in the keypair generation process:

sr25519-donna/src/sr25519.c

Line 39 in 013a3e0

key[31] &= 0b1111111;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment