From 1a2dd1b389808d02e265a1c51545df3503a54263 Mon Sep 17 00:00:00 2001 From: Tim Ruffing Date: Wed, 23 Oct 2024 14:38:58 +0200 Subject: [PATCH] SECURITY Include eq_input in signed message sigh --- python/chilldkg_ref/chilldkg.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/python/chilldkg_ref/chilldkg.py b/python/chilldkg_ref/chilldkg.py index b2110b4..4d4bfaf 100644 --- a/python/chilldkg_ref/chilldkg.py +++ b/python/chilldkg_ref/chilldkg.py @@ -83,7 +83,7 @@ class InvalidRecoveryDataError(Exception): def certeq_message(x: bytes, idx: int) -> bytes: - return idx.to_bytes(4, "big") + return idx.to_bytes(4, "big") + x def certeq_participant_step(hostseckey: bytes, idx: int, x: bytes) -> bytes: @@ -634,7 +634,8 @@ def recover( params_validate(params) # Verify cert - certeq_verify(hostpubkeys, recovery_data[: 64 * n], cert) + eq_input = recovery_data[: -len(cert)] + certeq_verify(hostpubkeys, eq_input, cert) # Compute threshold pubkey and individual pubshares threshold_pubkey = sum_coms.commitment_to_secret()