Implement Proof Of Possession capability for all public key crypto types #6010
Conversation
- Derive ProofOfPossession for all pubkey crypto type beside BLS.
|
We added backcerts of operator keys alraedy, no? Or was that an RFC but not yet implemented? We could use backcerts for proof-of-possession. Ideally, we should place system randomness into those backcerts and place them on-chain, but this requires tweaking ed25519 I guess. |
|
@burdges Could you point to the backcerts PR or its RFC so I can take a look? Thank you. |
|
It's seemingly just ownership proofs, but really they should sign the operators key, making them backcerts. I proposed having some master session key too, but that's a bigger change. We could simply back certify both the operators' key and some piece of system randomness sampled at node startup. |
|
@drskalman, as we discussed, I believe that, along with the code (and prior to merging this PR), an amendment to the aforementioned RFC should be proposed and integrated. |
|
It's offten that backcerts get forgotten because we do not see them in TLS since the handshake itself represents the backcert, meaning the site itself sent you their certificate in the authenticated channel, so they approved that certificate. If we lack them in polkadot, then an adversary could pull tricks like claiming someone else's grandpa key was their grandpa key, maybe some unelected node, and then ignore grandpa themselves. We've no idea what bugs exist in substrate under such scenarios, but even if we handle them gracefully they still cause problems elsewhere. |
- Change PoP type to be &[u8] instead of signature so it works for BLS12.
enforcing conetxt
| let other_pair = Pair::from_seed(b"23456789012345678901234567890123"); | ||
| let pop = pair.generate_proof_of_possession(); | ||
| assert!(Pair::verify_proof_of_possession(&pop, &pair.public())); | ||
| assert_eq!(Pair::verify_proof_of_possession(&pop, &other_pair.public()), false); |
There was a problem hiding this comment.
| assert_eq!(Pair::verify_proof_of_possession(&pop, &other_pair.public()), false); | |
| assert!(!Pair::verify_proof_of_possession(&pop, &other_pair.public())); |
For consistency
| @@ -323,7 +373,7 @@ mod tests { | |||
| )); | |||
| test_vector_should_work(pair, | |||
| "7a84ca8ce4c37c93c95ecee6a3c0c9a7b9c225093cf2f12dc4f69cbfb847ef9424a18f5755d5a742247d386ff2aabb806bcf160eff31293ea9616976628f77266c8a8cc1d8753be04197bd6cdd8c5c87a148f782c4c1568d599b48833fd539001e580cff64bbc71850605433fcd051f3afc3b74819786f815ffb5272030a8d03e5df61e6183f8fd8ea85f26defa83400", | |||
| "d1e3013161991e142d8751017d4996209c2ff8a9ee160f373733eda3b4b785ba6edce9f45f87104bbe07aa6aa6eb2780aa705efb2c13d3b317d6409d159d23bdc7cdd5c2a832d1551cf49d811d49c901495e527dbd532e3a462335ce2686009104aba7bc11c5b22be78f3198d2727a0b" | |||
| "124571b4bf23083b5d07e720fde0a984d4d592868156ece77487e97a1ba4b29397dbdc454f13e3aed1ad4b6a99af2501c68ab88ec0495f962a4f55c7c460275a8d356cfa344c27778ca4c641bd9a3604ce5c28f9ed566e1d29bf3b5d3591e46ae28be3ece035e8e4db53a40fc5826002" | |||
| /// public key to mount a rogue key attack (See: Section 4.3 of | ||
| /// - Ristenpart, T., & Yilek, S. (2007). The power of proofs-of-possession: Securing multiparty | ||
| /// signatures against rogue-key attacks. In , Annual {{International Conference}} on the | ||
| /// {{Theory}} and {{Applications}} of {{Cryptographic Techniques} (pp. 228–245). : Springer. |
There was a problem hiding this comment.
btw just for my information or general information is it possible to define a few places in our system where a rogue attack can be executed successfully?
| let other_pair = Pair::from_seed(b"23456789012345678901234567890123"); | ||
| let pop = pair.generate_proof_of_possession(); | ||
| assert!(Pair::verify_proof_of_possession(&pop, &pair.public())); | ||
| assert_eq!(Pair::verify_proof_of_possession(&pop, &other_pair.public()), false); |
There was a problem hiding this comment.
| assert_eq!(Pair::verify_proof_of_possession(&pop, &other_pair.public()), false); | |
| assert!(!Pair::verify_proof_of_possession(&pop, &other_pair.public())); |
Description
Implement
ProofOfPossessiontraits with default implementation.Implement their derive macro in a new proc-macro crate in
pubkeycryptocreate which eventually should contains all pubkey crypto scheme as recommended by Move crypto implementations out of sp-core #1975Derive ProofOfPossession for all pubkey crypto type beside BLS.
Implement Nugget BLS proof of possession which should certifies that the unique secret key known to the prover is used to generate both public keys in G1 and G2.
Implement sign Host function for BLS12-381 necessary to be able to generate proof of possion through runtime.
Implement generation and verification of proof of possession functions in all RuntimeApp and RuntimeAppPublic s.
✄ -----------------------------------------------------------------------------
Checklist
Trequired)You can remove the "Checklist" section once all have been checked. Thank you for your contribution!
✄ -----------------------------------------------------------------------------