Verify missing dkg shares reports and mark offending signers as malicious#166
Verify missing dkg shares reports and mark offending signers as malicious#166
Conversation
| // signer_id reported missing shares but they were present | ||
| self.malicious_dkg_signer_ids.insert(*signer_id); |
There was a problem hiding this comment.
Wait, it's not clear that we want to do this. Just because the coordinator and the peer don't have shares doesn't mean that the peer was being malicious. An attacker, who is trying to remove a peer from the network, can try to prevent the peer from receiving messages. This is easy to do in systems where messages aren't gossiped, since all the attacker needs to do is not send a peer some shares but ensure that the coordinator gets my message. Even in gossiped protocols, a minority of signers may be able to prevent a peer from receiving messages.
On the flip side, we do not want signers to falsely claim that peers are being malicious, so I get why this was reported.
I'm guessing the reason why we didn't do this to begin with was because we cannot ascertain whether missing shares implies malicious behavior. Also, it's not clear if the malicious party was either the attacker or the attackee.
There was a problem hiding this comment.
Agreed, which is why I didn’t originally do this. I’m okay with not merging this change, I just wanted to have PRs up for every reported issue.
xoloki
force-pushed
the
missing-dkg-shares-malicious
branch
from
500afb1 to
6c212ff
Compare
…and mark the offending signer as malicious
…ing private shares; add tests
xoloki
force-pushed
the
missing-dkg-shares-malicious
branch
from
6c212ff to
81e34b3
Compare
2 participants
Fixes #163