Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suggestion 1: Introduce Protocol-Specific Message Verification #476

Closed
mpguerra opened this issue Feb 18, 2025 · 0 comments · Fixed by #491
Closed

Suggestion 1: Introduce Protocol-Specific Message Verification #476

mpguerra opened this issue Feb 18, 2025 · 0 comments · Fixed by #491
Milestone
FROST Demo Audit

Comments

@mpguerra
Copy link
Contributor

Location

src/comms/http.rs#L308

Synopsis

In Round 2, the coordinator sends the message to the participant, but the participant does not verify its protocol-specific structure. This deviates from the recommendations documented in RFC 9591 (Section 7.7) and the frost-crate (here).

Mitigation

We recommend defining message verification as a trait requiring users to implement protocol-specific message verification. We also suggest message hashing, as recommended in RFC 9591 (Section 7.6).
@mpguerra mpguerra added this to the FROST Demo Audit milestone Feb 18, 2025
@mpguerra mpguerra moved this to Sprint Backlog in FROST Feb 18, 2025
@conradoplg conradoplg mentioned this issue Feb 20, 2025
Merged
@mpguerra mpguerra moved this from Sprint Backlog to Review/QA in FROST Feb 21, 2025
@github-project-automation github-project-automation bot moved this from Review/QA to Done in FROST Feb 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
FROST
Status: Done
Milestone
FROST Demo Audit
Development

Successfully merging a pull request may close this issue.

frost-client: add message confirmation step to Comms trait ZcashFoundation/frost-zcash-demo
1 participant
@mpguerra