[Bug]: secp256k1 public keys with invalid SEC1 tags are accepted #20406
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Is there an existing issue for this?
What happened?
Valid secp256k1 public keys are typically 33-bytes long and begin with a SEC1 tag byte: either
0x02or0x03depending on whether the y-coordinate is odd, followed by the big endian serialization of the x-coordinate, which is 32-bytes.The current point validation logic only checks the length of the public key and does no validation of the SEC1 tag whatsoever: https://github.com/cosmos/cosmos-sdk/blob/b2e8feb/crypto/keys/secp256k1/secp256k1.go#L203-L211
This has lead to chains accepting public keys with invalid SEC1 tags: informalsystems/tendermint-rs#1419 (comment)
Ideally, if it's possible to retrofit improved validation, the SEC1 tag byte would be checked in addition to the length.
The SEC1 tag byte
0x00can be used to encode the identity point (with the x-coordinate typically omitted for a 1-byte encoding), though it seems these are currently encoded as 33-bytes of0x00, which is at least a tolerable encoding: informalsystems/tendermint-rs#1417Cosmos SDK Version
main
The text was updated successfully, but these errors were encountered: