Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Biconomy Secp256r1>Discussion>Impact of signature inconsistency
GeneralOverview
Findings
High (3)
Informational (2)
DiscussionImpact of signature inconsistencyAddition bug analysisModular subtraction trickDocumentationPossible gas savings in `_jAdd`
Threat ModelWhat are threat models?Secp256r1.sol
Threat ModelVerification of correctness of elliptic curve arithmetic
Audit ResultsSummary

Possible impact of signature verification deviating from specifications

Findings ref, ref, and ref imply that an attacker can generate valid signatures for a key they control, which, however, are erroneously rejected by Verify (ref and ref) or generate invalid signatures for a key they control, which are erroneously accepted (ref and ref). The impact of this deviation is dependent on how signatures are otherwise used in the entire system that uses the Secp256r1 library that we audited.

The main point of possible concern would be if the same signature is independently verified in two (or more) places, with different code. The system as a whole might be built on the assumption that a signature is either valid or invalid and that all signature verifications will agree on validity. Bugs like the three referenced above then imply that an attacker could craft a signature that breaks this assumption. Consequences of this in concrete cases would be highly dependent on the specific scenario and require careful reasoning to analyze the interplay between all involved components.

When considering a cryptographic library for signature verification such as Secp256r1, we thus consider signatures being accepted if and only if they are valid according to their specification to be the central guarantee the library makes to users. We thus consider any deviations that can be triggered in practice to be bugs of high severity.

Zellic © 2023Back to top ↑