Bug: Challenge signing key is deterministic from public key
Severity: High (Security)
File: src/anti_spoof/network_challenge.py, create_challenge() (line 462)
Description:
privkey = hashlib.sha256(self.pubkey.encode()).digest() derives the challenge signing key by hashing the public key. Since the public key is, by definition, public, anyone can compute the same private key.
This completely defeats the purpose of signing challenges — any observer can forge challenge signatures.
Reproduction:
# Anyone who knows the pubkey can compute the signing key:
pubkey = 'target_validator_pubkey'
forged_privkey = hashlib.sha256(pubkey.encode()).digest()
# Now can forge any challenge signature
Impact:
- Challenge signatures provide zero authentication
- Anyone can forge challenges pretending to be any validator
- Undermines the entire anti-spoof challenge protocol
Expected Fix:
Use a real key pair (ed25519/secp256k1) or store a randomly-generated private key per validator instance.
Bug: Challenge signing key is deterministic from public key
Severity: High (Security)
File:
src/anti_spoof/network_challenge.py,create_challenge()(line 462)Description:
privkey = hashlib.sha256(self.pubkey.encode()).digest()derives the challenge signing key by hashing the public key. Since the public key is, by definition, public, anyone can compute the same private key.This completely defeats the purpose of signing challenges — any observer can forge challenge signatures.
Reproduction:
Impact:
Expected Fix:
Use a real key pair (ed25519/secp256k1) or store a randomly-generated private key per validator instance.