Careful Decrypting
The creator of a contract must understand the implications of decryption in various scenarios. For instance, decryption should never occur within a view function without considering alternative security measures, as relying solely on msg.sender
can be unreliable due to the potential for forging.
As a general precaution, handling a call to decrypt should be approached with caution, considering the various options for invoking such a function. For example, a secret intended for a specific user should not be decrypted in a manner that exposes it to everyone.
Don't: Do not reveal data intended for a specific user to everybody
contract BadContract {
//...
function balanceOf() public returns (uint64 balance){
ctUint64 balance = balances[msg.sender];
gtUint64 balanceGt = MpcCore.onBoard(balance);
// SHOULD NEVER BE CALLED
// A SIMPLE CALL TO GETBALANCE REVEALS THE BALANCE TO EVERYBODY
return MpcCore.decrypt(balanceGt);
}
//...
}
Do : Offboard
to a specific user.
contract GoodContract {
//...
function balanceOf() public returns (ctUint64 balance){
ctUint64 balance = balances[msg.sender];
// The balance is saved encrypted using the system key. However, to allow
// the user to access it, the balance needs to be re-encrypted using the user key.
// Therefore, we decrypt the balance (onBoard) and then encrypt it again using
// the user key (offBoardToUser).
gtUint64 balanceGt = MpcCore.onBoard(balance);
return MpcCore.offBoardToUser(balanceGt, msg.sender);
}
//...
}
Last updated
Was this helpful?