Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue B: No Zeroization of Secret Data #471

Open
mpguerra opened this issue Feb 18, 2025 · 0 comments · May be fixed by #482
Open

Issue B: No Zeroization of Secret Data #471

mpguerra opened this issue Feb 18, 2025 · 0 comments · May be fixed by #482
Milestone
FROST Demo Audit

Comments

@mpguerra
Copy link
Contributor

Location

Examples (non-exhaustive):

Synopsis

Secret data, such as the nonce or the secret key, is not erased from memory and could be leaked.

Impact

This issue could potentially result in the full disclosure of secrets.

Preconditions

Root access to the machine is required, enabling the reading of process memory from other processes.

Severity

Low.

Technical Details

As highlighted in RFC 9591 and other related documentation, secret data, such as the nonce, must be deleted after it has been used. More specifically:

  • For the nonce and commitment in RFC 9591, Section 5.2: “Each participant MUST delete the nonce and corresponding commitment after completing sign.”
  • For the trusted dealer key generation in RFC 9591, Appendix C: “delete secret values after distributing shares to each participant” and “The trusted dealer MUST delete the secret_key and secret_key_shares upon completion.”
  • For the DKG protocol described in KG20, in Figure 1, the paper states that the proofs of knowledge sigma_i from Round 1, Step 5, as well as the polynomial evaluations from Round 2, Step 3, should be deleted.

Currently, secret data is stored in memory, while it is likely overwritten during normal code execution. This is neither a best practice nor a secure method for deleting secret data. Instead, zeroization should be implemented.

Remediation

We recommend utilizing memory zeroization of all sensitive values.
@mpguerra mpguerra added this to the FROST Demo Audit milestone Feb 18, 2025
@conradoplg conradoplg linked a pull request Feb 18, 2025 that will close this issue
Open
@mpguerra mpguerra linked a pull request Feb 18, 2025 that will close this issue
all: best-effort at zeroization of secrets #482
Open
@mpguerra mpguerra moved this to Review/QA in FROST Feb 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
FROST
Status: Review/QA
Milestone
FROST Demo Audit
Development

Successfully merging a pull request may close this issue.

all: best-effort at zeroization of secrets ZcashFoundation/frost-zcash-demo
1 participant
@mpguerra