v3/sign/bls shows up as depreciated when i try to import it

[aludayalu]

I was trying to use the v3/sign/bls library but vscode is giving me this error as whenever i import "go.dedis.ch/kyber/v3/sign/bls".

Error:

"go.dedis.ch/kyber/v3/sign/bls" is deprecated: This version is vulnerable to rogue public-key attack and the new version of the protocol should be used to make sure a signature aggregate cannot be verified by a forged key. You can find the protocol in kyber/sign/bdn. Note that only the aggregation is broken against the attack and a later version will merge bls and asmbls.deprecated(default)

I wanted to deploy this library for a production codebase and would want to make sure that I am not using a depreciated library.

[CluEleSsUK]

As far as I understand you could avoid this by ensuring users commit to their public key (eg by signing with it) before aggregation

[aludayalu]

No I wont be able to do that as that would waste a lot of network bandwidth cuz lot of signatures would be needed to be sent over network.

[CluEleSsUK]

Alternatively they could commit by sending a hash of the public key. Less bandwidth, but still would still require some network interaction

[ineiti]

Why not use the bdn-version of the protocol?

// Package bdn implements the Boneh-Drijvers-Neven signature scheme which is
// an implementation of the bls package which is robust against rogue public-key attacks. Those
// attacks could allow an attacker to forge a public-key and then make a verifiable
// signature for an aggregation of signatures. It fixes the situation by
// adding coefficients to the aggregate.

Also - if the attacker knows the public key, they can also send a hash of it, no? :)

[CluEleSsUK]

Ah my intention was a hash of the public key early in the protocol before others shared their keys, but perhaps I’m missing an attack vector!

[ineiti]

I did a shot in the dark :) just read "rogue public key attack" and thought it's about abusing a malleable signature somewhere.

Anyway, I think you should use the bdn package. Would that work?

Also, as you write

I wanted to deploy this library for a production codebase

Please be sure to read and understand the following part of the README:

https://github.com/dedis/kyber?tab=readme-ov-file#target-audience

Most of the code in kyber HAS NOT BEEN CODE REVIEWED AND PROBABLY INCLUDES SOME KIND OF BUGS. It's written for cryptographic researchers, and it's very easy to shoot yourself in the foot. Even if you think you're shooting the target...

[aludayalu]

What is the bdn package? Also do you know about any cryptographic libraries which have good documented bls support? @ineiti

[aludayalu]

@ineiti @CluEleSsUK The solution would be to sign a pseudo randomly generated message and everyone on the network validates it. If the validation was successful then everyone would mark that public key as a verified public key in their local database. From the next time whenever the key is introduced onto the network, the network would not have to verify whether the public key is a forged one or not.

[ineiti]

@aludayalu I'm referring to the comment at the top of the bls package, which refers to this:

https://github.com/dedis/kyber/blob/master/sign/bdn/bdn.go

And, again, please be careful if you use kyber in production software.