Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug(felt): Felt is not zeroized on drop #99

Open
Trantorian1 opened this issue Oct 8, 2024 · 0 comments · May be fixed by #100
Open

bug(felt): Felt is not zeroized on drop #99

Trantorian1 opened this issue Oct 8, 2024 · 0 comments · May be fixed by #100
Labels
bug Something isn't working

Comments

@Trantorian1
Copy link

Bug Report

types-rs version: 7ef3023

Current behavior: Felt does not implement any zeroizing when it is dropped, opening the door for potential memory read attacks on sensitive information such as private keys.

Expected behavior:

Felt should implement #[derive(ZeroizeOnDrop)] or similar to allow memory zeroing when dropped. This could be feature-gated.

Given Felt is currently based on lambdaworks-math FieldElement, and this does not implement any zeroing logic, either a manual implementation using ptr::write_volatile and atomic::compiler_fence or an update to lambdaworks-math would be needed.

A relevant issue has been opened there as well.

Other information:

While there certainly are more common ways to leak sensitive cryptographic information like private keys, it seems like for something in our control such as in-memory representation we should at least provide this as an option.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(zeroize): added zeorizing to Felt Trantorian1/types-rs
1 participant
@Trantorian1