Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ed25519 signature verification inconsistent with nearcore #343

Open
abacabadabacaba opened this issue Jun 11, 2020 · 4 comments
Open

Ed25519 signature verification inconsistent with nearcore #343

abacabadabacaba opened this issue Jun 11, 2020 · 4 comments
Labels
bug Something isn't working cryptography Cryptography good_first_issue P2 Pretty important

Comments

@abacabadabacaba
Copy link

This is near/nearcore#2700 for near-api-js. See that issue for a long description. The Ed25519 verification function in near-api-js may produce results different from other implementations that we use (in particular, the one we use in nearcore).
@abacabadabacaba abacabadabacaba mentioned this issue Jun 11, 2020
Closed
@abacabadabacaba abacabadabacaba added bug Something isn't working cryptography Cryptography labels Jun 11, 2020
@vgrichina
Copy link
Contributor

In near-api-js, we use tweetnacl library. This library doesn't check that the value s is canonically encoded, so it may accept invalid signatures. However, it looks like no one uses near-api-js to verify signatures.

@abacabadabacaba how to fix this? Do we need to verify some stuff in signature before sending it to tweetnacl? Can you give pseudocode?

@janedegtiareva janedegtiareva added the P1 Very important label Jul 9, 2020
@volovyks
Copy link
Collaborator

@abacabadabacaba is this issue still relevant?

@abacabadabacaba
Copy link
Author

Yes, nothing has changed so far. As I posted before, this issue is not urgent because we don't depend much on signature verification in near-api-js. In the future, we may want to move away from tweetnacl (for example, to have the code for near/near-wallet#1372 in near-api-js), in which case we can fix this. Or we can add an extra check on top of tweetnacl.

@kcole16 kcole16 added P2 Pretty important and removed P1 Very important labels Mar 11, 2021
@janewang janewang added the good first issue Good for newcomers label Aug 26, 2022
@exalate-issue-sync exalate-issue-sync bot added good_first_issue and removed good first issue Good for newcomers labels Oct 4, 2022
@vikinatora
Copy link
Collaborator

@gtsonevv we should check if this is still the case with noble-curves

@github-project-automation github-project-automation bot moved this to NEW❗ in DevTools Nov 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working cryptography Cryptography good_first_issue P2 Pretty important
Projects
DevTools
Status: NEW❗
Milestone
No milestone
Development

No branches or pull requests
7 participants
@vgrichina @janewang @janedegtiareva @volovyks @kcole16 @abacabadabacaba @vikinatora