Secured No. 1

Advertisements

Earlier this year we started a bug bounty program that focuses on finding issues in the beacon chain specification and / or in client implementations (Lighthouse, Nimbus, Teku, Prysm, etc.). The results (and vulnerability reports) were as insightful as the insights gained from patching potential problems.

In this new series, we would like to examine and share some of the lessons we have learned from safety work so far and will continue to pass them on in the future.

This first post analyzes some of the submissions that specifically target BLS primitives.

Disclaimer of liability: All the bugs mentioned in this post have already been fixed.

BLS is everywhere

A few years ago, Diego F. Aranha gave a lecture at the 21st Workshop on Elliptic Curve Cryptography with the title: Pairings are not dead, just resting. How prophetic.

Here we are in 2021, and pairings are a major player behind many of the cryptographic primitives used in the blockchain space (and beyond): BLS aggregate signatures, ZK-SNARKS systems, etc.

Development and standardization work related to BLS signatures has been an ongoing project for EF researchers for some time, driven in part by Justin Drake and summarized in a recent post he published on reddit.

The newest and the best

There have been a lot of updates in the meantime. BLS12-381 is now widely recognized as the pairing curve to be used according to our current state of knowledge.

Three different IRTF drafts are currently in development:

  1. Pairing-friendly curves
  2. BLS signatures
  3. Hashing to elliptic curves

In addition, the beacon chain specification is mature and is already being used in part. As mentioned above, BLS signatures are an important piece of the puzzle behind Proof-of-Stake (PoS) and the beacon chain.

Last lessons learned

After collecting submissions targeting the BLS primitives used in the consensus level, we can break down reported bugs into three areas:

  • IRTF Design Supervisors
  • Implementation error
  • Violations of the implementation of the IRTF draft

Let’s zoom in on each section.

IRTF Design Supervisors

One of the reporters (Nguyen Thoi Minh Quan) identified discrepancies in the IRTF draft and published two white papers with results:

While the specific inconsistencies are still being discussed, he came across some interesting implementation problems during his research.

Implementation error

With Differential Fuzzing, Guido Vranken was able to uncover several “small” problems in BLST. See examples of this below:

He rounded this off with the discovery of a moderate vulnerability that affects the blst_fp_eucl_inverse function of the BLST.

Violations of the implementation of the IRTF draft

A third category of errors related to violations of the implementation of IRTF drafts. The first concerned the Prysm client.

To describe this, we first need to provide a little background information. The IRTF draft of the BLS signatures comprises 3 schemes:

  1. Basic scheme
  2. Increase message
  3. Proof of ownership

The Prysm client makes no difference between the 3 in its API, which is unique among implementations (e.g. py_ecc). A special feature of the basic scheme is the literal quotation: ‘This function first ensures that all messages are distinguishable’. This was not guaranteed in the AggregateVerify function. Prysm has addressed this discrepancy by stopping the use of AggregateVerify (which is not used anywhere in the Beacon Chain specification).

A second problem was related to py_ecc. In this case, the serialization process described in the ZCash BLS12-381 specification that stores integers is always in the range of [0, p – 1]. The py_ecc implementation performed this check for the G2 group of BLS12-381 only for the real part, but did not perform the modulus operation for the imaginary part. The problem was fixed with the following pull request: Insufficient validation for decompress_G2 deserialization in py_ecc.

Wrap up

Today we checked out the BLS-related reports we received as part of our bug bounty program, but this is definitely not the end of the story for BLS-related security work or adventures.

we strong encourage them to help make the consensus level safer over time. With this in mind, we look forward to hearing from you and encourage you to DIG! If you believe you have found a security vulnerability or bug related to the beacon chain or related clients, send a bug report! 💜🦄


Share post on

Sonic BTC is reader-supported. When you buy through links on our site, we may earn an affiliate commission.

CME Group Will Launch Micro-Sized BTC, ETH Choices Ethereum

CME Group Will Launch Micro-Sized BTC, ETH Choices

The CME Group will launch micro-sized BTC, ETH options later this month and we...

By wpadminsonic164
FODL DeFi Buying and selling Platform Will Give Away $1M In Bored Ape NFTs Ethereum

FODL DeFi Buying and selling Platform Will Give Away $1M In Bored Ape NFTs

The FODL DeFi trading platform will give away $1 million in Bored ape Ethereum...

By wpadminsonic164
ETH Positive aspects Edge Over The Inventory Market, Prepares For New Rally Ethereum

ETH Positive aspects Edge Over The Inventory Market, Prepares For New Rally

ETH gains edge over the stock market and it prepares for a new rally...

By wpadminsonic164
Costs Of BTC And ETH Mount 9% Recovery As Markets Rebound Ethereum

Costs Of BTC And ETH Mount 9% Recovery As Markets Rebound

The prices of BTC and ETH mount 9% recovery as the markets rebound after...

By wpadminsonic164
Ethereum Gas Prices Surge As Traders Look For Stablecoin Exits Ethereum

Ethereum Gas Prices Surge As Traders Look For Stablecoin Exits

Ethereum gas prices surge as the traders are looking for stablecoin exits and the...

By wpadminsonic164
BTC Reaches Lowest Price Since 2020 As ETH Nears $2000 Ethereum

BTC Reaches Lowest Price Since 2020 As ETH Nears $2000

BTC reaches lowest price since 2020 while ETH nears $2000 as the entire market...

By wpadminsonic164
Grayscale holds $ 43 billion in crypto AUM, up from the earlier $ 60.9 billion Ethereum

Grayscale holds $ 43 billion in crypto AUM, up from the earlier $ 60.9 billion

Grayscale has $ 43 billion in crypto assets under management and its Ethereum Trust...

By wpadminsonic164
Germany Decided Not To Tax BTC, ETH Sold A Year After Possession Ethereum

Germany Decided Not To Tax BTC, ETH Sold A Year After Possession

Germany decided not to tax BTC and ETH that are sold after being in...

By wpadminsonic164

Latest Posts

The Seal Society: Cardano Blockchains Next Blue Chip NFT? – DigitalJournal Cardano

The Seal Society: Cardano Blockchains Next Blue Chip NFT? – DigitalJournal

The Seal Society CNFT seems to be emerging as one of the best CNFT...

By wpadminsonic164
CME Group Will Launch Micro-Sized BTC, ETH Choices Ethereum

CME Group Will Launch Micro-Sized BTC, ETH Choices

The CME Group will launch micro-sized BTC, ETH options later this month and we...

By wpadminsonic164
Tidying Up Cryptocurrency: The Energy Impacts of Blockchains Videos

Tidying Up Cryptocurrency: The Energy Impacts of Blockchains

The Subcommittee on Oversight and Investigations of the Committee on Energy and Commerce will...

By wpadminsonic164
Whale Watching: A Deep Dive Into the Portfolios of the World’s Largest Ethereum Whales Bitcoin

Whale Watching: A Deep Dive Into the Portfolios of the World’s Largest Ethereum Whales

While there's a number of bitcoin whales that often get caught by blockchain parsers...

By wpadminsonic164
10000 causes to get your Rstronaut NFT – Cardano Feed Cardano

10000 causes to get your Rstronaut NFT – Cardano Feed

Hurry up because the subscription period for our first required staking pool is closing...

By wpadminsonic164
In the midst of crypto’s ability was, Encode Club mints new web3 designers – TechCrunch Polkadot

In the midst of crypto’s ability was, Encode Club mints new web3 designers – TechCrunch

Crypto-savvy developers are in short supply these days. Blockchain startups and protocols are fighting...

By wpadminsonic164
Cardano’s (ADA) Venture Catalyst Fund8 Voting Lastly Kicks Off: What Does This Imply?  – U.At the moment Cardano

Cardano’s (ADA) Venture Catalyst Fund8 Voting Lastly Kicks Off: What Does This Imply? – U.At the moment

Vladislav Sopov Cardano (ADA) experts and enthusiasts can now support the most valuable projects...

By wpadminsonic164
Elanco Animal Health Now the Most Expensive versus Dogecoin This Year – Nasdaq Dogecoin

Elanco Animal Health Now the Most Expensive versus Dogecoin This Year – Nasdaq

Here at CryptocurrenciesChannel.com, we find it interesting to track various ETF and stock prices...

By wpadminsonic164