BESU的BN254漏洞：子组支票缺陷暴露了安全风险

已经解决了与BN254曲线的子组检查有关的BESU以太坊客户端的关键漏洞。这个缺陷可能会损害加密安全性。

A critical vulnerability in Besu, an Ethereum execution client, has been addressed. This flaw, which involved an improper subgroup check on the BN254 curve, could have had broader implications for cryptographic security in the Ethereum ecosystem.

已经解决了以太坊执行客户端BESU的关键漏洞。这个缺陷涉及BN254曲线的不当子组检查，可能对以太坊生态系统中的加密安全具有更大的影响。

As explained in an analysis by the Ethereum Foundation, the issue arose due to a misplaced subgroup membership check in elliptic curve operations. This flaw, present in version 25.2.2 of Besu, had the potential to disrupt the consensus mechanism by allowing an attacker to manipulate cryptographic computations.

正如以太坊基金会的分析中所述，由于椭圆曲线操作中的亚组会员检查放错了位置的会员检查而引起了问题。这个缺陷是在Besu版本的25.2.2中存在的，有可能通过允许攻击者操纵加密计算来破坏共识机制。

At the heart of this vulnerability lies the BN254 curve, also known as alt_bn128. This curve, the sole pairing curve supported by the Ethereum Virtual Machine (EVM) prior to EIP-2537, is used for cryptographic functions within Ethereum. Notably, it forms the basis for precompiled contracts defined under EIP-196 and EIP-197, enabling efficient computation on the curve.

这种脆弱性的核心是BN254曲线，也称为alt_bn128。这条曲线是EIP-2537之前以太坊虚拟机（EVM）支持的唯一配对曲线，用于以太坊内的加密功能。值得注意的是，它构成了根据EIP-196和EIP-197定义的预编译合同的基础，从而在曲线上有效地计算了。

A common security concern in elliptic curve cryptography is the invalid curve attack, which occurs when a point does not lie on the correct curve. This is especially relevant for non-prime order curves like BN254 used in pairing-based cryptography, where ensuring a point belongs to the correct subgroup is crucial. Failure to do so can open doors for attackers to interfere with cryptographic operations.

椭圆曲线密码学中普遍的安全问题是无效的曲线攻击，当一个点不在正确的曲线上时发生。这与基于配对的密码学中使用的非稳定阶曲线（如BN254）尤其重要，在配对的密码学中，确保属于正确的亚组的点至关重要。否则，可以打开攻击者干扰加密操作的门。

In Besu's case, the vulnerability arose because the subgroup membership check was performed before verifying if the point was on the curve. This sequence error could allow a point that is within the correct subgroup but off the curve to slip through security checks.

在besu的情况下，出现了漏洞，因为在验证该点是否在曲线上之前执行了子组成员检查。此序列错误可能会允许在正确的子组内的点，但沿曲线偏离安全检查。

To validate a point P, both the curve and subgroup membership need to be confirmed. A point P is on the curve if it satisfies the equation y² = x³ + 486662 x + 1. To check subgroup membership, you multiply the point P by the subgroup's prime order. If the result is the identity element, then the point is in the subgroup.

为了验证点P，需要确认曲线和亚组成员资格。点P在曲线上，如果满足方程y²=x³ + 486662 x + 1。要检查子组成员资格，则将点P乘以子组的质量顺序。如果结果是身份元素，则点在子组中。

However, in Besu's implementation, the order of these checks was reversed, which could have allowed an attacker to create a point that is not on the curve but is in the correct subgroup. This could then be used to maliciously interfere with cryptographic operations.

但是，在Besu的实现中，这些检查的顺序被颠倒了，这可以使攻击者能够创建一个不在曲线上，而是在正确的子组中的点。然后，这可以用来恶意干扰加密操作。

The issue has now been addressed by the Besu team, with a fix being deployed in version 25.3.0 of the client software. The correction involves ensuring that both checks are performed in the appropriate order, thereby closing the vulnerability and safeguarding against any potential exploits.

BESU团队现在已经解决了问题，并在客户端软件的25.3.0版中部署了一个修复程序。纠正措施涉及确保以适当的顺序进行两次检查，从而关闭漏洞并保护任何潜在的漏洞。

While this flaw was specific to Besu and did not affect other Ethereum clients, it highlights the importance of consistent cryptographic checks across different software implementations. Discrepancies can lead to divergent client behavior, ultimately threatening the network's consensus and trust.

尽管此缺陷是特定于besu的，并且不影响其他以太坊客户端，但它突出了在不同软件实现中进行一致的加密检查的重要性。差异会导致客户行为不同，最终威胁到网络的共识和信任。

This incident also underscores the critical role of testing and security measures in blockchain systems. Initiatives like the Pectra audit competition, which helped surface this issue, are crucial for maintaining the ecosystem's resilience by encouraging comprehensive code reviews and vulnerability assessments.

该事件还强调了测试和安全措施在区块链系统中的关键作用。诸如Pectra审计竞赛之类的举措（有助于浮出水面）对于通过鼓励全面的代码审查和脆弱性评估来维持生态系统的韧性至关重要。

The Ethereum Foundation's proactive approach in reporting this vulnerability and the swift response from the Besu team demonstrate the importance of collaboration and vigilance in maintaining the integrity of blockchain systems.

以太坊基金会在报告这种脆弱性和BESU团队的迅速反应方面的积极主动方法表明，协作和警惕在维持区块链系统的完整性方面的重要性。