Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Leader requests for shuffle and decrypt are not trustworthy #2509

Open
ineiti opened this issue Jun 28, 2023 · 0 comments
Open

Leader requests for shuffle and decrypt are not trustworthy #2509

ineiti opened this issue Jun 28, 2023 · 0 comments
Labels
bug

Comments

@ineiti
Copy link
Member

ineiti commented Jun 28, 2023

  • The Shuffle protocol only sends the ID and the User who requested
    a shuffle to the other nodes.
    But this is not enough for the other nodes to trust the shuffle request!
    A malicious root node might send a shuffle request even though the
    evoting admin never asked for it.
  • The decrypt protocol also should include the full message as per issue User authentication is flawed #2507
    to convince other nodes that the admin effectively requested a decryption

Fix: include the whole message as per issue #2507 to the other nodes so they can verify the request is legit
@ineiti ineiti added the bug label Jun 28, 2023
ineiti added a commit that referenced this issue Jun 28, 2023
@ineiti
Security review and some comments
e4086b3 
Added some security bugs found while adding the new functionalities.
They are here: #2507 #2508 #2509 #2510

Also added some comments and fixed some typos.
@ineiti ineiti mentioned this issue Jul 17, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ineiti