fix(bls12381): remove superflous hashing (cometbft#4116)

The blst library already does it. Pre-hashing introduces an additional attack vector. Co-authored-by: Andy Nogueira <me@andynogueira.dev> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
FluxAstromeshLabs · Sep 20, 2024 · b7721ce · b7721ce
1 parent 8a7a640
commit b7721ce
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 15 deletions.
diff --git a/crypto/bls12381/const.go b/crypto/bls12381/const.go
@@ -9,8 +9,6 @@ const (
 	SignatureLength = 96
 	// KeyType is the string constant for the BLS12-381 algorithm.
 	KeyType = "bls12_381"
-	// MaxMsgLen defines the maximum length of the message bytes as passed to Sign.
-	MaxMsgLen = 32
 	// BLS12-381 private key name.
 	PrivKeyName = "cometbft/PrivKeyBls12_381"
 	// BLS12-381 public key name.

diff --git a/crypto/bls12381/key_bls12381.go b/crypto/bls12381/key_bls12381.go
@@ -108,15 +108,8 @@ func (PrivKey) Type() string {
 	return KeyType
 }
 
-// Sign signs the given byte array. If msg is larger than
-// MaxMsgLen, SHA256 sum will be signed instead of the raw bytes.
+// Sign signs the given byte array.
 func (privKey PrivKey) Sign(msg []byte) ([]byte, error) {
-	if len(msg) > MaxMsgLen {
-		hash := sha256.Sum256(msg)
-		signature := new(blstSignature).Sign(privKey.sk, hash[:], dstMinSig)
-		return signature.Compress(), nil
-	}
-
 	signature := new(blstSignature).Sign(privKey.sk, msg, dstMinSig)
 	return signature.Compress(), nil
 }
@@ -192,11 +185,6 @@ func (pubKey PubKey) VerifySignature(msg, sig []byte) bool {
 		return false
 	}
 
-	if len(msg) > MaxMsgLen {
-		hash := sha256.Sum256(msg)
-		return signature.Verify(false, pubKey.pk, false, hash[:], dstMinSig)
-	}
-
 	return signature.Verify(false, pubKey.pk, false, msg, dstMinSig)
 }