Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • TRADE
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • TRADE
Crypto Flexs
Home»ETHEREUM NEWS»Security number 1 | Ethereum Foundation Blog
ETHEREUM NEWS

Security number 1 | Ethereum Foundation Blog

By Crypto FlexsJanuary 7, 20244 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Security number 1 |  Ethereum Foundation Blog
Share
Facebook Twitter LinkedIn Pinterest Email

Earlier this year we bug bounty program Focuses on finding issues in the beacon chain specification and/or client implementation (Lighthouse, Nimbus, Teku, Prysm, etc…). The results (and vulnerability reports) were enlightening, as were the lessons learned while patching potential problems.

In this new series, we aim to explore and share some of the insights we have gained from our security work to date and the road ahead.

In this first post, we analyze some submissions specifically targeting BLS primitives.

disclaimer: All bugs mentioned in this post have already been fixed.

BLS is everywhere

few years ago, Diego F. Aranha gave a speech in 21st Elliptic Curve Cryptography Workshop title: The pairing isn’t dead, it’s just resting. How prophetic.

It is now 2021. Pairing is one of the main actors in many cryptographic primitives used in the blockchain space (and beyond). BLS Aggregate signatures, ZK-SNARKS system, etc.

Development and standardization work related to BLS signatures has been an ongoing project by EF researchers for some time. justin drake It is summarized in: His recent Reddit posts.

Latest and Best

There have been many updates in the meantime. BLS12-381 It is now universally recognized. pairing curve to be used Considering our current knowledge.

Three different IRTF drafts are currently in development.

  1. Pairing friendly curves
  2. BLS Signature
  3. Hashing with Elliptic Curve

Furthermore, Beacon chain specifications It has matured and has already been partially deployed. As mentioned above, BLS Signature It is an important piece of the puzzle behind Proof of Stake (PoS) and beacon chains.

Recent Lessons Learned

After collecting submissions targeting the BLS primitives used in the consensus layer, reported bugs can be divided into three areas:

  • IRTF Draft Supervisor
  • implementation mistake
  • Violation of IRTF draft implementation

Let’s zoom in on each section.

IRTF Draft Supervisor

One of the reporters (Nguyen Thoy Minh Quan) found a discrepancy. IRTF draftWe have published two white papers containing our findings.


Although specific inconsistencies remain a topic. for discussionHe found something interesting avatar problem While conducting his research.

implementation mistake

Guido Brancken I was able to find a few “minor” issues. BLST using Differential fuzzing. See example below.


He concluded this by discovering a moderate vulnerability that affected it. blst_fp_eucl_inverse function in BLST.

Violation of IRTF draft implementation

The third category of bugs involves violations of the IRTF draft implementation. The first affected: prism client.

To explain this, I first need to provide a little background. that much BLS Signature The IRTF draft includes three plans:

  1. master plan
  2. Message Augmentation
  3. proof of ownership

that much prism client It does not distinguish between 3 unique APIs between implementations, e.g. py_ecc). One peculiar thing is master plan is quote verbatim: ‘This function first checks if all messages are distinct’ . This was not guaranteed. Check tally function. Prysm corrected these inconsistencies as follows: Usage Deprecated ~ Of Check tally (Not used anywhere in the Beacon Chain specification).

Second issue affected py_ecc. In this case the serialization process is ZCash BLS12-381 Specifications Storing integers is always within the scope of: (0, p – 1). that much py_ecc In our implementation, we only performed this check for the G2 group of BLS12-381. real part However, no modulus calculation was performed. imaginary part. This issue was resolved with the following pull request: Insufficient validation for decompress_G2 deserialization in py_ecc..

finish

Today, we looked at the BLS-related reports we received. bug bounty programBut this is not the end of the story of my security work or adventures with BLS.

we strongly encourage you Enables the consensus layer to continue to grow more secure over time. With this, we look forward to hearing from you and encourage you to join DIG! If you believe you have discovered a security vulnerability or bug related to Beacon Chain or its related clients, Submit a bug report! 💜🦄

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Tornado cash Roman storms insist on Doj Botched Key Telegram evidence.

July 14, 2025

Trump’s pressure on the Fed pushes 15B to ETF, ‘under positioning’ Bitcoin Bull ‘

July 10, 2025

Ethereum MVRV has 1.20–1.25 and suggests that Market Peak is not visible.

July 6, 2025
Add A Comment

Comments are closed.

Recent Posts

Encryption Inheritance: Industrial Round Up -January 20125

July 15, 2025

$TAC Token Debuts In TVL As TAC Mainnet Goes Live With Leading DeFi Protocols

July 15, 2025

MultiBank Group Announces 7 Million $MBG Tokens Sold Out In Under One Hour During Initial Pre-Sale

July 15, 2025

Allnodes Among First To Launch Bare Metal Servers Powered By AMD Threadripper 9000 Series

July 15, 2025

Global Cryptocurrency Investors Flock To DNSBTC After Bitcoin Surges

July 15, 2025

The BTC price is withdrawn at almost $ 123K height. XRP approaches the highest resistance ever at $ 3.00.

July 15, 2025

Easily Invest In DL Mining Cloud Mining And Earn $6,000 In Passive Income Every Day

July 15, 2025

Crypto Company is a bank license in the US during Ripple, Circle and Bito Target

July 14, 2025

HeraldEX Defines The Future With Its One-Stop Crypto Platform For Businesses

July 14, 2025

BSGM Engages CXG To Acquire FINRA/SEC-Registered Broker-Dealer To Expand Publicly Traded RWA Tokenization Operations

July 14, 2025

Tornado cash Roman storms insist on Doj Botched Key Telegram evidence.

July 14, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

Encryption Inheritance: Industrial Round Up -January 20125

July 15, 2025

$TAC Token Debuts In TVL As TAC Mainnet Goes Live With Leading DeFi Protocols

July 15, 2025

MultiBank Group Announces 7 Million $MBG Tokens Sold Out In Under One Hour During Initial Pre-Sale

July 15, 2025
Most Popular

The best exchange to exchange STEPN for other cryptocurrencies

November 30, 2023

Fabric Cryptography Raises $33 Million to Develop Cryptographic Processing Devices

August 19, 2024

Uncover the secrets of Orbitcoin: the next big thing in cryptocurrency! – DeFi information

January 27, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.