eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.

Paper 2021/323

0

Nguyen Thoi Minh Quan

Abstract

What is the funniest number in cryptography? 0. The reason is that for all x, x*0 = 0, i.e., the equation is always satisfied no matter what x is. This article discusses crypto bugs in four BLS signatures’ libraries (ethereum/py ecc, supranational/blst, herumi/bls, sigp/milagro bls) that revolve around 0. Furthermore, we develop ”splitting zero” attacks to show a weakness in the proof-of-possession aggregate signature scheme standardized in BLS RFC draft v4. Eth2 bug bounties program generously awarded $35,000 in total for the reported bugs.

Note: latest version vs 1st version: clarify attack cost, remove proposed fix because proposing fix without proof is scary, add 1 attack scenario at protocol layer, answer 1 FAQ.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
BLSaggregate signature
Contact author(s)
msuntmquan @ gmail com
History
2021-04-03: last of 3 revisions
2021-03-11: received
See all versions
Short URL
https://ia.cr/2021/323
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2021/323,
      author = {Nguyen Thoi Minh Quan},
      title = {0},
      howpublished = {Cryptology ePrint Archive, Paper 2021/323},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/323}},
      url = {https://eprint.iacr.org/2021/323}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.