absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-08 12:19:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix incorrect sig_hash generation

Browse Source 
sig_hash was used as a challenge. challenges should be of the form H(R, A, m).
These sig hashes were solely H(A, m), allowing trivial forgeries.
This commit is contained in:
Luke Parker
2023-06-08 06:38:25 -04:00
parent c6982b5dfc
commit dfa3106a38
3 changed files with 20 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
coordinator/src/tributary/mod.rs
View File

@@ -458,11 +458,9 @@ impl Transaction {
signed_ref.signer = Ristretto::generator() * key.deref();
signed_ref.nonce = nonce;
let sig_nonce = Zeroizing::new(<Ristretto as Ciphersuite>::F::random(rng));
signed(self).signature.R = <Ristretto as Ciphersuite>::generator() * sig_nonce.deref();
let sig_hash = self.sig_hash(genesis);
signed(self).signature = SchnorrSignature::<Ristretto>::sign(
key,
Zeroizing::new(<Ristretto as Ciphersuite>::F::random(rng)),
sig_hash,
);
signed(self).signature = SchnorrSignature::<Ristretto>::sign(key, sig_nonce, sig_hash);
}
}