Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

avoid race condition in MakeAffine/ValidatePairing #59

Merged
merged 1 commit into from
May 10, 2024

Conversation

kevincharm
Copy link

@kevincharm kevincharm commented Apr 3, 2024

Addressing issues found in drand/drand#1304 (comment)

@kevincharm kevincharm marked this pull request as draft April 3, 2024 20:11
@kevincharm kevincharm changed the title logclone point to avoid race condition in MakeAffine avoid race condition in MakeAffine Apr 3, 2024
@kevincharm kevincharm marked this pull request as ready for review April 3, 2024 21:11
@kevincharm kevincharm changed the title avoid race condition in MakeAffine avoid race condition in MakeAffine/ValidatePairing Apr 4, 2024
Comment on lines 135 to 139
// NB: Not safe for concurrent calls
func (s *Suite) ValidatePairing(p1, p2, inv1, inv2 kyber.Point) bool {
p2.(*pointG2).g.MakeAffine()
inv2.(*pointG2).g.MakeAffine()
p2.Clone().(*pointG2).g.MakeAffine()
inv2.Clone().(*pointG2).g.MakeAffine()
return s.Pair(p1, p2).Equal(s.Pair(inv1, inv2))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think Clone() works like that, it returns a clone of the point, no?

You should be creating local variables if you want to use Clone.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤦‍♂️ indeed you are right. I got mixed up with MakeAffine modifying the point itself...

g.x.Set(t)
g.z.SetOne()
g.t.SetOne()
c.Set(g)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because of this Set here, I don't think using a Cloned g actually changes much, except it makes the timing of a race more difficult to "hit" in prod/tests...
This function should definitively have a "not safe for concurrent use" in the comment.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah this bit is dicey. I added the "not safe for concurrent use" warning above the function.

@@ -132,10 +132,13 @@ func (s *Suite) Pair(p1 kyber.Point, p2 kyber.Point) kyber.Point {
return s.GT().Point().(*pointGT).Pair(p1, p2)
}

// NB: Not safe for concurrent calls
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not 100% sure this is actually true since now you clone the inputs 🤔

@AnomalRoil AnomalRoil merged commit 94dae51 into drand:master May 10, 2024
1 check passed
Stebalien pushed a commit to Stebalien/kyber that referenced this pull request Sep 5, 2024
Stebalien pushed a commit to Stebalien/kyber that referenced this pull request Sep 5, 2024
avoid race condition in MakeAffine/ValidatePairing (drand#59)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants