Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Receiver not verifying Quorums' and Sender's signatures #188

Open
maneeSHA-256 opened this issue Jul 9, 2024 · 1 comment · May be fixed by #216
Open

Receiver not verifying Quorums' and Sender's signatures #188

maneeSHA-256 opened this issue Jul 9, 2024 · 1 comment · May be fixed by #216
Assignees
@thewebchap

Comments

@maneeSHA-256
Copy link
Contributor

At present, the receiver is not verifying the quorums' as well as sender's signature. If a receiver does not verify the sender's signature and quorums' signatures, several security and integrity issues can arise:

1. Tampering and Data Integrity

  • Unverified Sender Signature: Without verifying the sender's signature, the receiver cannot be sure that the transaction has not been altered. This opens the door for data tampering. An attacker could modify the transaction content, leading to incorrect or malicious data being processed.

  • Unverified Quorum Signatures: Quorum signatures provide a layer of trust and verification. If these are not checked, any fraudulent or incorrect data that managed to bypass initial checks could be accepted as valid. For example, quorums could create fake blocks with invalid transactions, and if these blocks are not verified, they could be accepted into the blockchain, causing inconsistencies.

2. Non-Repudiation

  • Unverified Signatures: Digital signatures provide non-repudiation, meaning the sender cannot deny sending the RBTs. If the receiver does not verify these signatures, there is no proof of the sender’s identity, and the sender can repudiate the transaction later, causing disputes and accountability issues.

3. Man-in-the-Middle (MITM) Attacks

  • Unverified Sender Signature: In a MITM attack, an attacker intercepts the communication between two parties. Without verifying the sender's signature, the receiver might accept data from the attacker, who could alter or steal information.

  • Unverified Quorum Signatures: If quorums are part of a consensus or verification process, not checking their signatures means an attacker could manipulate this process, undermining the integrity of the data, which can lead to chain forks, double-spending, and other integrity issues.

4. Loss of Trust in the System

  • Unverified Signatures: Trust is a crucial component in digital communications, especially in systems relying on cryptographic signatures for validation. If signatures are not verified, the entire system's trustworthiness is compromised, potentially leading to wider security breaches and loss of user confidence.
@thewebchap thewebchap self-assigned this Jul 9, 2024
@thewebchap
Copy link
Member

Refer : https://github.com/rubixchain/rubixgoplatform/tree/hari/recv-validation . Need to modify structure as per #185

@maneeSHA-256 maneeSHA-256 linked a pull request Sep 18, 2024 that will close this issue
Improving receiver's validations, signatures and pledge block #216
Open
@maneeSHA-256 maneeSHA-256 reopened this Nov 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thewebchap thewebchap

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Improving receiver's validations, signatures and pledge block rubixchain/rubixgoplatform
2 participants
@thewebchap @maneeSHA-256