Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix error when hexes of length 64 are used as signer secrets #28

Merged
merged 1 commit into from
Mar 11, 2022

Conversation

jacque006
Copy link
Contributor

@jacque006 jacque006 commented Jan 25, 2022

Change behavior of signer secret parsing to do a direct Fr string set, with a fallback of hashing the secret input on error.
Add validateHex function.
Add wider range of secret values to signer tests.
Use mcl-wasm Typescript types instead of any.

Resolves #27

@@ -82,11 +82,7 @@ export class BlsSignerFactory {
private constructor() {}

public getSigner(domain: Domain, secretHex?: string) {
const secret = secretHex
? secretHex.length == 66
? parseFr(secretHex)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After the [email protected] update, parseFr no longer works with hexes of length 64 (string length 66). It does work on hex values of length 1 (i.e. 0x1) up to length 63, one less than what keccak256 produces.

@ChihChengLiang Do you know why this might have changed between mcl-wasm versions, and if there are any implications to switching to just use setHashFr?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know the changes in mcl-wasm. Maybe #22 is related?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was unable to determine a way to validate that the hex is in range. So I ended up setting up the secret parsing for the signer as such:

  • If the secret is missing/empty, generate a random one.
  • Attempt to directly set the hex value. If this fails, fall back to hashing the secret.

I think this should cover the range of use cases and expected outputs.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like a good solution. @philsippl Would you like to provide a test case example value to make sure this change doesn't break your use case?

Change behavior of signer secret parsing to do a direct Fr string set, with a fallback of hashing the secret input on error.
Add validateHex function.
Add wider range of secret values to signer tests.
Use mcl-wasm Typescript types instead of any.
@jacque006 jacque006 force-pushed the bug/signer-private-key-parsing branch from 559c558 to 0536a41 Compare January 28, 2022 01:38
@jacque006 jacque006 added the bug Something isn't working label Jan 28, 2022
@jacque006
Copy link
Contributor Author

@ChihChengLiang Ready for your final review.

Copy link
Collaborator

@ChihChengLiang ChihChengLiang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM on my side.

@@ -82,11 +82,7 @@ export class BlsSignerFactory {
private constructor() {}

public getSigner(domain: Domain, secretHex?: string) {
const secret = secretHex
? secretHex.length == 66
? parseFr(secretHex)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like a good solution. @philsippl Would you like to provide a test case example value to make sure this change doesn't break your use case?

@jacque006
Copy link
Contributor Author

Going to merge and release this as is.

@philsippl if this breaks your use case we can fix in follow up work.

@jacque006 jacque006 merged commit 8e051ba into master Mar 11, 2022
@jacque006 jacque006 deleted the bug/signer-private-key-parsing branch March 11, 2022 00:04
@jacque006 jacque006 changed the title Fix error when hexes of length 64 are used as signer secrets. Fix error when hexes of length 64 are used as signer secrets Mar 11, 2022
@philsippl
Copy link
Contributor

Going to merge and release this as is.

@philsippl if this breaks your use case we can fix in follow up work.

@jacque006 @ChihChengLiang not sure if you saw my comment from a few weeks back, so posting here again in the thread 👇

@ChihChengLiang @jacque006 Sorry for my late reponse, I've been off for a bit and missed the notification. The proposed changes are fine for my use-case (because the default case is to call parseFr). However, I think the approach with try/catch leads to very unintentional behavior (my originally proposed implementation also suffers from this issue).
The error that @jacque006 filed actually only appears on some hashes, specifically those that converted back to bigint don't fit in the prime field (parseFr assumes a field element).
So if we go with the try/catch, we will call parseFr on some hashes and setHashFr on the rest. I don't think this is desired and might create weird compatibility issues with other libraries.
IMO instead of treating this implicitly like @jacque006 and I tried, we should just make it explicit what happens and introduce two distinct getSigner methods, one for passing a Fr directly, and another one that just accepts an arbitrary seed that then calls setHashFr. What do you guys think?

@jacque006
Copy link
Contributor Author

@philsippl Agreed, I like the split approach. Created #30 to address.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Signer provided with hex value of 64 charaters throws _wrapInput error
3 participants