Comments (5)
This is actually a "I can make you think you received money when you didn't" bug, not an "address malleability" bug (we must assume the channel addresses are communicated over is reliable in any case).
from zips.
Maybe this isn't possible because of the circuit constraints on the ciphertext? I didn't look.
from zips.
There is indeed an attack due to the recipient trusting the apk they are given, which was fixed in [8b9851a]. That fix was after viewing keys were removed; if we reinstate viewing keys, we will have to make sure it is reapplied correctly.
[Edited to fix the commit link.]
from zips.
If we were to move apk back to the note plaintext (which is only one option, but it needs to be encrypted to the viewing key somewhere), then the recipient for a given address should check that the decrypted apk is the same as the address apk. Note that the circuit can't check this because it's not feasible to check the Curve25519 public key derivation, and a holder of a purported viewing key can't check that the viewing key is canonical (has apk consistent with pkenc). However, a holder of the actual viewing key will notice that something is wrong with the notes sent to the adversarially constructed address.
from zips.
This ticket being open is misleading people into thinking that it applies to the current design.
from zips.
Related Issues (20)
- [protocol spec] 5.6.3.1 Sapling Payment Addresses does not require that DiversifyHash^Sapling(d) ≠ ⊥
- [protocol spec] Make a note in 4.2.2 that the use of DerivePublic is correctly typed
- [protocol spec] [ZIP 216] Sapling pk_d should not allow the zero point
- [protocol spec] Document in 4.9 the security requirement that the note commitment tree must (at least for Sapling) be positionally binding
- [protocol spec] Document security consequences (none for Zcash) of a distinguisher on FF1 HOT 2
- [ZIP 209 update] Introduce transparent consistency check
- [protocol spec] Missing specification for mempool lock time check HOT 1
- [protocol spec] [ZIP 216] Document that it is possible to apply ZIP 216 retroactively
- ZIP 401 uses serialized size to calculate cost but the zcashd implementation uses RecursiveDynamicUsage HOT 2
- [ZIP 332] Wallet Recovery from zcashd HD Seeds HOT 2
- Descriptions of signature fields should reference the section that specifies their validation
- Section 5.6 of the protocol spec should say that UIVKs and UFVKs are encoded using Bech32m
- ZIP 317: clarify that tx_{in,out}_total_size do not include the sizes of tx_{in,out}_count
- [ZIP 230] Transaction V6 HOT 1
- Standardize a protocol for creating shielded transactions offline HOT 3
- Specify light wallet protocol changes as an update to ZIP 307 HOT 1
- ZIP 317: explicitly take into account dependent transactions in the block template construction algorithm
- [protocol spec] Minor nit in notes on Orchard Key Components section
- Generalize HD derivation as in Orchard to anything that wants to follow that pattern
- Make all in-line Rationale sections collapsible HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zips.