Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

error handing for verify() functions #569

Open
mrain opened this issue Apr 25, 2024 · 3 comments
Open

error handing for verify() functions #569

mrain opened this issue Apr 25, 2024 · 3 comments
Labels
tech debt Technical debt. We all pay eventually!

Comments

@mrain
Copy link
Contributor

mrain commented Apr 25, 2024

A lot of verification functions (e.g. in signature, commitment, merkle tree, etc) are returning a wrapped Result<VerificationResult, Error> that provides some detailed information about internal error. This could lead to a side-channel attack.

We should simply return a bool or Result<(), ()> which indicated whether the verification is successful, and nothing else.
Detailed internal error shouldn't only be provided in debug mode.
@mrain mrain added the tech debt Technical debt. We all pay eventually! label Apr 25, 2024
@mahmudsudo
Copy link

can i take on this ?

@mrain
Copy link
Contributor Author

mrain commented Jun 11, 2024

can i take on this ?

Thanks for volunteering. However, we need an internal meeting to make some design decisions. Thus we'll take care by our own.

@mahmudsudo
Copy link

Can I contribute to another issue then ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
tech debt Technical debt. We all pay eventually!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mrain @mahmudsudo