Comments (9)
➤ comh commented:
skale-sec-ops triaged report 1186912 ( https://hackerone.com/bugs?report_id=1186912&subject=skale_network#activity-11660531 ) on HackerOne
{panel}
Hello [@Rumata|/rumata]
Thank you for your submission! We were able to validate your report, and have submitted it to the libBLS team for review.
A fix is now in process. Please note that the status and severity are subject to change.
Best,
[@skale-sec-ops|/skale-sec-ops]
{panel}
from sgxwallet.
➤ comh commented:
hackbot suggested, CWE-697, MITRE ( https://cwe.mitre.org/data/definitions/697.html ) for remediation guidance on HackerOne
from sgxwallet.
➤ comh commented:
skale-sec-ops posted a comment on report 1186912 ( https://hackerone.com/bugs?report_id=1186912&subject=skale_network#activity-11661894 ) on HackerOne
{panel}
[@Rumata|/rumata] the libBLS team would like to use your code and integrate it into the libBLS repo for testing and further investigation.
The team kindly asks that you open a PR in libBLS and place your .sage script under /scripts and your .cpp under /test and finally please sign the CLA in the PR. If you have any questions, please let us know.
{panel}
from sgxwallet.
➤ comh commented:
rumata posted a comment on report 1186912 ( https://hackerone.com/bugs?report_id=1186912&subject=skale_network#activity-11666288 ) on HackerOne
{panel}
I made a PR and tried to sign in with github at cla.skale.network. If that is what it means to sign the CLA, then I completed it. I slightly changed the dkg_attack.cpp in comaprison to what I submitted here, because I saw a misleading request that was left over from an earlier version. Please tell me if there are any issues.
{panel}
from sgxwallet.
➤ comh commented:
rumata posted a comment on report 1186912 ( https://hackerone.com/bugs?report_id=1186912&subject=skale_network#activity-11666607 ) on HackerOne
{panel}
Ok, I signed the CLA in PR. (Had to do another PR because of commit name/email configuration)
{panel}
from sgxwallet.
➤ comh commented:
skale-sec-ops posted a comment on report 1186912 ( https://hackerone.com/bugs?report_id=1186912&subject=skale_network#activity-11666693 ) on HackerOne
{panel}
[@Rumata|/rumata]
Fantastic, the team appreciates your PR and signing the CLA. The team provide another update on Monday. In the meantime, feel free to reach out if you have any concerns or other questions.
{panel}
from sgxwallet.
➤ comh commented:
skale-sec-ops posted a comment on report 1186912 ( https://hackerone.com/bugs?report_id=1186912&subject=skale_network#activity-11685787 ) on HackerOne
{panel}
[@Rumata|/rumata] can you please clarify and further explain how you arrived at the conclusion "that the probability that the equations are not linearly independent is 1/10069”?
{panel}
from sgxwallet.
➤ comh commented:
rumata posted a comment on report 1186912 ( https://hackerone.com/bugs?report_id=1186912&subject=skale_network#activity-11685935 ) on HackerOne
{panel}
This is a rough estimate, it will actually be a bit more than that. I should have written "~1/10069", since I am using subgroup of order 10069. For a bigger subgroup it will obviously be smaller. The idea is pretty simple: let's say we have a matrix:[
[ [ a ,x_0_1, x_0_2 ], [ a ,x_1_1, x_1_2 ], [ a ,x_2_1, x_2_2 ] ]. Let's say that the 0th and 1st and 0th and 2nd rows are linearly independent (the way we construct from i to the power of j that will be the case). We take the 0th row and reduce the first and second row, after which we are left with 0th row definitely independent of first and second. First and second now consist of 0 at position 1 and two elements:
[[0, y_1_1,y_1_2], [0, y_2_1, y_2_2 ]]. They are linearly dependent when y_1_2/y_1_1=y_2_2/y_2_1. If we pick a uniform random k=y_2_2/y_2_1, then the probability that y_1_2/y_1_1=k is ~1/(order of field). so for rank of matrix=n-1 the probability is ~1/(order of field). For rank=n-2 it will be somewhere around square of that. So the sum of probabilities will be ~1/(order of field).
{panel}
from sgxwallet.
➤ comh commented:
skale-sec-ops posted a comment on report 1186912 ( https://hackerone.com/bugs?report_id=1186912&subject=skale_network#activity-11704972 ) on HackerOne
{panel}
[@Rumata|/rumata] The libBLS team questions your conclusion. Please kindly see the attached PDF regarding linear dependency, review, and provide comments.
{panel}
from sgxwallet.
Related Issues (20)
- create threshold encryption sample app HOT 2
- empty error log in sgxwallet HOT 1
- Change getDecryptionShare to getDecryptionShares HOT 3
- sgxwallet cannot sign message with 0x prefix HOT 2
- Measure sgx performance for hardware and simulation modes HOT 1
- Fix Misconfigured thread count in simulation mode
- Add method to regenerate SEK HOT 1
- add BLS aggregated signatures support HOT 3
- Potential firewall issue
- Add support of Ubuntu 20.04 HOT 2
- Update CI to support new version of Ubuntu HOT 1
- regenerate ssl certificate key
- Two bugs on SGXWallet HOT 2
- sgxserver's ssl certificate is expired
- Add additional monitoring to maintain the expiration date for sgx certificates HOT 1
- create a tool for merging databases
- Unclear building instruction HOT 2
- Error when building HOT 6
- Can't start new SGX because of segmentation fault HOT 2
- SGX memory leak during long-time usage
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sgxwallet.