Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • TRADE
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • TRADE
Crypto Flexs
Home»ETHEREUM NEWS»Security number 1 | Ethereum Foundation Blog
ETHEREUM NEWS

Security number 1 | Ethereum Foundation Blog

By Crypto FlexsJanuary 7, 20244 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Security number 1 |  Ethereum Foundation Blog
Share
Facebook Twitter LinkedIn Pinterest Email

Earlier this year we bug bounty program Focuses on finding issues in the beacon chain specification and/or client implementation (Lighthouse, Nimbus, Teku, Prysm, etc…). The results (and vulnerability reports) were enlightening, as were the lessons learned while patching potential problems.

In this new series, we aim to explore and share some of the insights we have gained from our security work to date and the road ahead.

In this first post, we analyze some submissions specifically targeting BLS primitives.

disclaimer: All bugs mentioned in this post have already been fixed.

BLS is everywhere

few years ago, Diego F. Aranha gave a speech in 21st Elliptic Curve Cryptography Workshop title: The pairing isn’t dead, it’s just resting. How prophetic.

It is now 2021. Pairing is one of the main actors in many cryptographic primitives used in the blockchain space (and beyond). BLS Aggregate signatures, ZK-SNARKS system, etc.

Development and standardization work related to BLS signatures has been an ongoing project by EF researchers for some time. justin drake It is summarized in: His recent Reddit posts.

Latest and Best

There have been many updates in the meantime. BLS12-381 It is now universally recognized. pairing curve to be used Considering our current knowledge.

Three different IRTF drafts are currently in development.

  1. Pairing friendly curves
  2. BLS Signature
  3. Hashing with Elliptic Curve

Furthermore, Beacon chain specifications It has matured and has already been partially deployed. As mentioned above, BLS Signature It is an important piece of the puzzle behind Proof of Stake (PoS) and beacon chains.

Recent Lessons Learned

After collecting submissions targeting the BLS primitives used in the consensus layer, reported bugs can be divided into three areas:

  • IRTF Draft Supervisor
  • implementation mistake
  • Violation of IRTF draft implementation

Let’s zoom in on each section.

IRTF Draft Supervisor

One of the reporters (Nguyen Thoy Minh Quan) found a discrepancy. IRTF draftWe have published two white papers containing our findings.


Although specific inconsistencies remain a topic. for discussionHe found something interesting avatar problem While conducting his research.

implementation mistake

Guido Brancken I was able to find a few “minor” issues. BLST using Differential fuzzing. See example below.


He concluded this by discovering a moderate vulnerability that affected it. blst_fp_eucl_inverse function in BLST.

Violation of IRTF draft implementation

The third category of bugs involves violations of the IRTF draft implementation. The first affected: prism client.

To explain this, I first need to provide a little background. that much BLS Signature The IRTF draft includes three plans:

  1. master plan
  2. Message Augmentation
  3. proof of ownership

that much prism client It does not distinguish between 3 unique APIs between implementations, e.g. py_ecc). One peculiar thing is master plan is quote verbatim: ‘This function first checks if all messages are distinct’ . This was not guaranteed. Check tally function. Prysm corrected these inconsistencies as follows: Usage Deprecated ~ Of Check tally (Not used anywhere in the Beacon Chain specification).

Second issue affected py_ecc. In this case the serialization process is ZCash BLS12-381 Specifications Storing integers is always within the scope of: (0, p – 1). that much py_ecc In our implementation, we only performed this check for the G2 group of BLS12-381. real part However, no modulus calculation was performed. imaginary part. This issue was resolved with the following pull request: Insufficient validation for decompress_G2 deserialization in py_ecc..

finish

Today, we looked at the BLS-related reports we received. bug bounty programBut this is not the end of the story of my security work or adventures with BLS.

we strongly encourage you Enables the consensus layer to continue to grow more secure over time. With this, we look forward to hearing from you and encourage you to join DIG! If you believe you have discovered a security vulnerability or bug related to Beacon Chain or its related clients, Submit a bug report! 💜🦄

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Ethereum Dev Zack Cole starts an initiative for the ‘Tokenless’ project.

July 2, 2025

Checkpoint #4: Berlinterop | Ether Leeum Foundation Blog

June 28, 2025

Crypto Scam Markets thrives again after attempting to clean up Telegram.

June 24, 2025
Add A Comment

Comments are closed.

Recent Posts

Valhalla Goes Today: FLOKI has been developed for 3 years and debuts the play MMORPG.

July 4, 2025

The Open Platform Is First Unicorn In Web3 Ecosystem In Telegram At $1bn Valuation

July 3, 2025

The mindset of Retail Investors

July 3, 2025

Cooking.City Bringing Back Value Redistribution To Solana Fair Launches

July 3, 2025

XRP rebounds are interested in APT miners cloud mining.

July 3, 2025

The market will select US regulatory stable coins more than CBDCS every day of CBDCS every day.

July 3, 2025

Best Crypto PR Agency Packages : What to Look For & Where to Start

July 3, 2025

Looking for an Affordable Crypto PR Agency? Here’s What to Know Before You Spend

July 3, 2025

Crypto PR Packages for Startups: What You Need & How to Choose the Right One

July 3, 2025

Cheap Crypto Press Release: How to Promote Your Project Without Overpaying

July 2, 2025

The Ultimate Guide to Crypto Public Relations Packages

July 2, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

Valhalla Goes Today: FLOKI has been developed for 3 years and debuts the play MMORPG.

July 4, 2025

The Open Platform Is First Unicorn In Web3 Ecosystem In Telegram At $1bn Valuation

July 3, 2025

The mindset of Retail Investors

July 3, 2025
Most Popular

Bitcoin, Ethereum, and More: Everything You Need to Know About Hashdex’s New Crypto ETF

July 25, 2024

Nothing is ‘guaranteed’ for Memecoin listing — Binance CMO

November 30, 2024

NVIDIA improves TensorRT-LLM with KV cache optimization

January 17, 2025
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.