fix: omit private keys from logging and debug output (#586)

EspressoSystems · May 16, 2024 · 1bce638 · 1bce638
1 parent 7d71dbe
commit 1bce638
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 6 deletions.
diff --git a/signature/src/bls_over_bls12381.rs b/signature/src/bls_over_bls12381.rs
@@ -88,14 +88,16 @@ use ark_std::{
     rand::{CryptoRng, RngCore},
 };
 use blst::{min_sig::*, BLST_ERROR};
+use derivative::Derivative;
 use tagged_base64::tagged;
 use zeroize::{Zeroize, Zeroizing};
 
 #[tagged(tag::BLS_SIGNING_KEY)]
-#[derive(Clone, Debug, Zeroize)]
+#[derive(Clone, Derivative, Zeroize)]
 #[zeroize(drop)]
+#[derivative(Debug)]
 /// A BLS Secret Key (Signing Key).
-pub struct BLSSignKey(SecretKey);
+pub struct BLSSignKey(#[derivative(Debug = "ignore")] SecretKey);
 
 impl Deref for BLSSignKey {
     type Target = SecretKey;

diff --git a/signature/src/bls_over_bn254.rs b/signature/src/bls_over_bn254.rs
@@ -60,6 +60,7 @@ use ark_std::{
     vec::Vec,
     One, UniformRand,
 };
+use derivative::Derivative;
 use digest::DynDigest;
 use serde::{Deserialize, Serialize};
 use sha3::Keccak256;
@@ -233,13 +234,14 @@ impl AggregateableSignatureSchemes for BLSOverBN254CurveSignatureScheme {
     PartialEq,
     CanonicalSerialize,
     CanonicalDeserialize,
-    Debug,
+    Derivative,
     Ord,
     PartialOrd,
 )]
 #[zeroize(drop)]
+#[derivative(Debug)]
 /// Signing key for BLS signature.
-pub struct SignKey(pub(crate) ScalarField);
+pub struct SignKey(#[derivative(Debug = "ignore")] pub(crate) ScalarField);
 
 // =====================================================
 // Verification key

diff --git a/signature/src/schnorr.rs b/signature/src/schnorr.rs
@@ -103,10 +103,19 @@ where
 // =====================================================
 #[tagged(tag::SCHNORR_SIGNING_KEY)]
 #[derive(
-    Clone, Hash, Default, Zeroize, Eq, PartialEq, CanonicalSerialize, CanonicalDeserialize, Debug,
+    Clone,
+    Hash,
+    Default,
+    Zeroize,
+    Eq,
+    PartialEq,
+    CanonicalSerialize,
+    CanonicalDeserialize,
+    Derivative,
 )]
+#[derivative(Debug)]
 /// Signing key for Schnorr signature.
-pub struct SignKey<F: PrimeField>(pub(crate) F);
+pub struct SignKey<F: PrimeField>(#[derivative(Debug = "ignore")] pub(crate) F);
 
 impl<F: PrimeField> Drop for SignKey<F> {
     fn drop(&mut self) {