This repository has been archived by the owner on Nov 15, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2.6k
Fix randomness computation #5785
Comments
burdges
added a commit
to w3f/ring-vrf
that referenced
this issue
Apr 26, 2020
We should not call this VRFOutput since that proved too confusing, ala paritytech/substrate#5785
burdges
added a commit
to w3f/schnorrkel
that referenced
this issue
Apr 26, 2020
We should not call this VRFOutput since that proved too confusing, ala paritytech/substrate#5785 s/VRF_OUTPUT/VRF_PREOUT/g s/VRFOutput/VRFPreOut/g
burdges
added a commit
to w3f/schnorrkel
that referenced
this issue
Apr 26, 2020
We should not call this VRFOutput since that proved too confusing, ala paritytech/substrate#5785 s/VRF_OUTPUT/VRF_PREOUT/g s/VRFOutput/VRFPreOut/g s/to_output/to_preout/g
I've renamed the |
Is this a security hazard @burdges? |
We safe from any attacks I know because Ristretto accepts only one point encoding. It'd degrade the randomness by a factor of 8 if we'd used another VRF like VEd25519 instead: w3f/ring-vrf#15 We do need Wei's fix in #5788 because (a) the |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
At https://github.com/paritytech/substrate/blob/master/frame/babe/src/lib.rs#L577 we use
RawVRFOutput
directly for randomness, which should never happen.You should call
schnorrkel::VRFInOut::make_bytes
similar to whatsc_consensus_babe::authorship::check_primary_threshold
does. In schnorrkel, we produce theseVRFInOut
s insidevrf_sign*
andvrf_verify*
, so you could callmake_bytes
once on block import, and save those bytes as non-serialized block metadata.If you'd rather reproduce those bytes again elsewhere, then you recreate the VRFInOut by first creating the transcript with
sc_consensus_babe::authorship::make_transcript
and callingschnorrkel::PublicKey::vrf_attach_hash
/schnorrkel::VRFOutput::attach_input_hash
with the signers public key and theschnorrkel::VRFOutput
(the actual bytes being used here).I should apologize for not making this aspect of schnorrkel as missuse resistant as possible, but exposing
VRFOutput
separate fromVRFProof
, and exposing theseVRFInOut
s simplified the interface dramatically. I should renameschnorrkel::VRFOutput
toVRFPreOutput
really.The text was updated successfully, but these errors were encountered: