Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: bump starknet-crypto to v0.6.1 #1469

Merged
merged 1 commit into from
Oct 31, 2023
Merged

chore: bump starknet-crypto to v0.6.1 #1469

merged 1 commit into from
Oct 31, 2023
+7 −14

Conversation

xJonathanLEI
Copy link
Contributor

@xJonathanLEI xJonathanLEI commented Oct 30, 2023
edited
Loading

Update starknet-crypto

Description

The new version contains a bug fix on ECDSA signature verification. Previously, the s range was incorrectly enforced to be lower than EC order instead of element bound. While this did not allow invalid signatures to be used, it was theoretically possible (1 in 2^48 signatures) to have a signature that passes verify yet cannot be proven (due to being out of element bound).

This wouldn't be an issue though, as long as other parts of the VM already enforce the range, but I'm not sure if it's the case. But in any case it wouldn't be a bad thing to upgrade anyways.

Checklist

  • Linked to Github Issue
  • Unit tests added
  • Integration tests added.
  • This change requires new documentation.
    • Documentation has been added/updated.
    • CHANGELOG has been updated.

@xJonathanLEI
Copy link
Contributor Author

Okay so I need to update changelog.

@xJonathanLEI
chore: bump starknet-crypto to v0.6.1
dc24871 
The new version contains a bug fix on ECDSA signature verification.
Previously, the `s` range was incorrectly enforced to be lower than
EC order instead of element bound. While this did not allow invalid
signatures to be used, it was theoretically possible (1 in 2^48
signatures) to have a signature that passes `verify` yet cannot be
proven (due to being out of element bound).
@xJonathanLEI xJonathanLEI force-pushed the dev/bump_starknet_crypto branch from bfaa612 to dc24871 Compare October 30, 2023 01:41
@codecov
Copy link

codecov bot commented Oct 30, 2023
edited
Loading

Codecov Report

Merging #1469 (dc24871) into main (e6171d6) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #1469   +/-   ##
=======================================
  Coverage   96.82%   96.82%           
=======================================
  Files          95       95           
  Lines       39451    39451           
=======================================
  Hits        38199    38199           
  Misses       1252     1252

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

fmoletta
fmoletta approved these changes Oct 31, 2023
View reviewed changes
Copy link
Contributor

@fmoletta fmoletta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@fmoletta fmoletta added this pull request to the merge queue Oct 31, 2023
Merged via the queue into lambdaclass:main with commit 0d41042 Oct 31, 2023
49 of 50 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fmoletta fmoletta fmoletta approved these changes

@Oppen Oppen Oppen approved these changes

@igaray igaray Awaiting requested review from igaray igaray is a code owner

@entropidelic entropidelic Awaiting requested review from entropidelic

@juanbono juanbono Awaiting requested review from juanbono juanbono is a code owner

@pefontana pefontana Awaiting requested review from pefontana pefontana is a code owner

@Juan-M-V Juan-M-V Awaiting requested review from Juan-M-V

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@xJonathanLEI @Oppen @fmoletta