BESU的BN254漏洞：子組支票缺陷暴露了安全風險

已經解決了與BN254曲線的子組檢查有關的BESU以太坊客戶端的關鍵漏洞。這個缺陷可能會損害加密安全性。

A critical vulnerability in Besu, an Ethereum execution client, has been addressed. This flaw, which involved an improper subgroup check on the BN254 curve, could have had broader implications for cryptographic security in the Ethereum ecosystem.

已經解決了以太坊執行客戶端BESU的關鍵漏洞。這個缺陷涉及BN254曲線的不當子組檢查，可能對以太坊生態系統中的加密安全具有更大的影響。

As explained in an analysis by the Ethereum Foundation, the issue arose due to a misplaced subgroup membership check in elliptic curve operations. This flaw, present in version 25.2.2 of Besu, had the potential to disrupt the consensus mechanism by allowing an attacker to manipulate cryptographic computations.

正如以太坊基金會的分析中所述，由於橢圓曲線操作中的亞組會員檢查放錯了位置的會員檢查而引起了問題。這個缺陷是在Besu版本的25.2.2中存在的，有可能通過允許攻擊者操縱加密計算來破壞共識機制。

At the heart of this vulnerability lies the BN254 curve, also known as alt_bn128. This curve, the sole pairing curve supported by the Ethereum Virtual Machine (EVM) prior to EIP-2537, is used for cryptographic functions within Ethereum. Notably, it forms the basis for precompiled contracts defined under EIP-196 and EIP-197, enabling efficient computation on the curve.

這種脆弱性的核心是BN254曲線，也稱為alt_bn128。這條曲線是EIP-2537之前以太坊虛擬機（EVM）支持的唯一配對曲線，用於以太坊內的加密功能。值得注意的是，它構成了根據EIP-196和EIP-197定義的預編譯合同的基礎，從而在曲線上有效地計算了。

A common security concern in elliptic curve cryptography is the invalid curve attack, which occurs when a point does not lie on the correct curve. This is especially relevant for non-prime order curves like BN254 used in pairing-based cryptography, where ensuring a point belongs to the correct subgroup is crucial. Failure to do so can open doors for attackers to interfere with cryptographic operations.

橢圓曲線密碼學中普遍的安全問題是無效的曲線攻擊，當一個點不在正確的曲線上時發生。這與基於配對的密碼學中使用的非穩定階曲線（如BN254）尤其重要，在配對的密碼學中，確保屬於正確的亞組的點至關重要。否則，可以打開攻擊者乾擾加密操作的門。

In Besu's case, the vulnerability arose because the subgroup membership check was performed before verifying if the point was on the curve. This sequence error could allow a point that is within the correct subgroup but off the curve to slip through security checks.

在besu的情況下，出現了漏洞，因為在驗證該點是否在曲線上之前執行了子組成員檢查。此序列錯誤可能會允許在正確的子組內的點，但沿曲線偏離安全檢查。

To validate a point P, both the curve and subgroup membership need to be confirmed. A point P is on the curve if it satisfies the equation y² = x³ + 486662 x + 1. To check subgroup membership, you multiply the point P by the subgroup's prime order. If the result is the identity element, then the point is in the subgroup.

為了驗證點P，需要確認曲線和亞組成員資格。點P在曲線上，如果滿足方程y²=x³ + 486662 x + 1。要檢查子組成員資格，則將點P乘以子組的質量順序。如果結果是身份元素，則點在子組中。

However, in Besu's implementation, the order of these checks was reversed, which could have allowed an attacker to create a point that is not on the curve but is in the correct subgroup. This could then be used to maliciously interfere with cryptographic operations.

但是，在Besu的實現中，這些檢查的順序被顛倒了，這可以使攻擊者能夠創建一個不在曲線上，而是在正確的子組中的點。然後，這可以用來惡意干擾加密操作。

The issue has now been addressed by the Besu team, with a fix being deployed in version 25.3.0 of the client software. The correction involves ensuring that both checks are performed in the appropriate order, thereby closing the vulnerability and safeguarding against any potential exploits.

BESU團隊現在已經解決了問題，並在客戶端軟件的25.3.0版中部署了一個修復程序。糾正措施涉及確保以適當的順序進行兩次檢查，從而關閉漏洞並保護任何潛在的漏洞。

While this flaw was specific to Besu and did not affect other Ethereum clients, it highlights the importance of consistent cryptographic checks across different software implementations. Discrepancies can lead to divergent client behavior, ultimately threatening the network's consensus and trust.

儘管此缺陷是特定於besu的，並且不影響其他以太坊客戶端，但它突出了在不同軟件實現中進行一致的加密檢查的重要性。差異會導致客戶行為不同，最終威脅到網絡的共識和信任。

This incident also underscores the critical role of testing and security measures in blockchain systems. Initiatives like the Pectra audit competition, which helped surface this issue, are crucial for maintaining the ecosystem's resilience by encouraging comprehensive code reviews and vulnerability assessments.

該事件還強調了測試和安全措施在區塊鏈系統中的關鍵作用。諸如Pectra審計競賽之類的舉措（有助於浮出水面）對於通過鼓勵全面的代碼審查和脆弱性評估來維持生態系統的韌性至關重要。

The Ethereum Foundation's proactive approach in reporting this vulnerability and the swift response from the Besu team demonstrate the importance of collaboration and vigilance in maintaining the integrity of blockchain systems.

以太坊基金會在報告這種脆弱性和BESU團隊的迅速反應方面的積極主動方法表明，協作和警惕在維持區塊鏈系統的完整性方面的重要性。