TL;DR
This paper uncovers cryptographic bugs related to the number zero in multiple BLS signature libraries and introduces 'splitting zero' attacks that reveal vulnerabilities in the proof-of-possession scheme, leading to significant bug bounties.
Contribution
It identifies and analyzes zero-related bugs in four BLS signature libraries and proposes 'splitting zero' attacks exposing weaknesses in the BLS proof-of-possession scheme.
Findings
Discovered bugs in four BLS signature libraries involving zero.
Developed 'splitting zero' attacks demonstrating scheme vulnerabilities.
Eth2 bug bounties awarded $35,000 for these findings.
Abstract
What is the funniest number in cryptography? 0. The reason is that for all x, x*0 = 0, i.e., the equation is always satisfied no matter what x is. This article discusses crypto bugs in four BLS signatures' libraries (ethereum/py ecc, supranational/blst, herumi/bls, sigp/milagro bls) that revolve around 0. Furthermore, we develop "splitting zero" attacks to show a weakness in the proof-of-possession aggregate signature scheme standardized in BLS RFC draft v4. Eth2 bug bounties program generously awarded $35,000 in total for the reported bugs.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCryptographic Implementations and Security · Cryptography and Residue Arithmetic · Advanced Authentication Protocols Security