-
Notifications
You must be signed in to change notification settings - Fork 166
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v3/sign/bls shows up as depreciated when i try to import it #511
Comments
As far as I understand you could avoid this by ensuring users commit to their public key (eg by signing with it) before aggregation |
No I wont be able to do that as that would waste a lot of network bandwidth cuz lot of signatures would be needed to be sent over network. |
Alternatively they could commit by sending a hash of the public key. Less bandwidth, but still would still require some network interaction |
Why not use the bdn-version of the protocol?
Also - if the attacker knows the public key, they can also send a hash of it, no? :) |
Ah my intention was a hash of the public key early in the protocol before others shared their keys, but perhaps I’m missing an attack vector! |
I did a shot in the dark :) just read "rogue public key attack" and thought it's about abusing a malleable signature somewhere. Anyway, I think you should use the Also, as you write
Please be sure to read and understand the following part of the README: https://github.com/dedis/kyber?tab=readme-ov-file#target-audience Most of the code in kyber HAS NOT BEEN CODE REVIEWED AND PROBABLY INCLUDES SOME KIND OF BUGS. It's written for cryptographic researchers, and it's very easy to shoot yourself in the foot. Even if you think you're shooting the target... |
What is the bdn package? Also do you know about any cryptographic libraries which have good documented bls support? @ineiti |
@ineiti @CluEleSsUK The solution would be to sign a pseudo randomly generated message and everyone on the network validates it. If the validation was successful then everyone would mark that public key as a verified public key in their local database. From the next time whenever the key is introduced onto the network, the network would not have to verify whether the public key is a forged one or not. |
@aludayalu I'm referring to the comment at the top of the bls package, which refers to this: https://github.com/dedis/kyber/blob/master/sign/bdn/bdn.go And, again, please be careful if you use kyber in production software. |
I was trying to use the v3/sign/bls library but vscode is giving me this error as whenever i import "go.dedis.ch/kyber/v3/sign/bls".
Error:
I wanted to deploy this library for a production codebase and would want to make sure that I am not using a depreciated library.
The text was updated successfully, but these errors were encountered: