Skip to content

Deep security review: harden deserialization paths and publish updated security report#4

Draft
Copilot wants to merge 14 commits intomainfrom
copilot/run-deep-security-review
Draft

Deep security review: harden deserialization paths and publish updated security report#4
Copilot wants to merge 14 commits intomainfrom
copilot/run-deep-security-review

Conversation

Copy link
Copy Markdown

Copilot AI commented Apr 10, 2026

Summary

This PR performs a deep security review pass and ships targeted hardening changes for exploitable malformed-input paths, plus a full updated SECURITY_REPORT.md.

Security fixes included

  • Hardened public-key deserialization in:
    • src/kem/index.ts
    • src/k-mosaic-cli.ts
  • Added strict bounds checks and component size caps (8 MB per section).
  • Added canonical parsing checks (reject trailing bytes) for public keys.
  • Hardened signature deserialization in src/sign/index.ts to reject trailing bytes.

Regression coverage

  • Added test/kem-public-key-malformed.test.ts for malformed/oversized public-key parsing.
  • Updated test/sign.test.ts with trailing-byte rejection coverage for signature parsing.

Report

  • Replaced SECURITY_REPORT.md with a deep, current review documenting:
    • Findings
    • Exploitability assessment
    • What was fixed in this PR
    • Remaining architectural risk (signature verification design)

Validation

  • npm run build
  • npx prettier --check on changed files ✅
  • npm test cannot run in this runner because project test script requires Bun (bun test) and Bun is unavailable.
  • Parallel validation run:
    • Code Review ✅ (no comments)
    • CodeQL Security Scan ✅ (0 alerts)

Copilot AI and others added 2 commits April 10, 2026 17:42
Copilot AI requested a review from jkyberneees April 10, 2026 17:47
@jkyberneees
fix: replace pseudorandom signature response with sub-SLSS Sigma prot…
e1dc210 
…ocol

Replace SHAKE256(sk || challenge || witness) response with algebraically
verifiable z = r + c*s' witness. Verifier now checks the full lattice
relation A'*z - c*t' = w, preventing existential forgery without secret
key knowledge. Response grows from 64 to 128 bytes (204-byte signatures).
@jkyberneees
fix: export matVecMul from SLSS module for signature verification
13610d1 
Export matVecMul so the signing module can compute A'*z for algebraic
verification of the sub-SLSS Sigma protocol witness.
@jkyberneees
docs: update MOSAICSignature.response comment to 128 bytes
9b92f86 
Reflect the new sub-SLSS Sigma protocol response size (64B tBytes + 64B
zBytes = 128 bytes, up from 64).
@jkyberneees
test: add forgery resistance tests for sub-SLSS Sigma protocol
435e8f2 
Add 3 new tests: arbitrary commitment forgery rejection, algebraic
forgery with correct challenge but wrong response, and 1000 random
forgery attempts. Update response size assertions to 128 bytes.
@jkyberneees
test: update size validation assertions to 204-byte signatures
d0b48c3 
Update expected signature size from 140 to 204 bytes and clean stale
comments referencing the old response format.
@jkyberneees
docs: add Round 2 audit findings with independent revalidation
463332c 
Add 4 CRIT and 4 HIGH findings from automated security audit. Include
independent revalidation: CRIT-01 is false positive, CRIT-02/03
downgraded to HIGH (keyless decryption reduces KEM to SLSS-only),
CRIT-04 confirmed critical with deeper root cause (t' not independently
verifiable), all 4 HIGH findings confirmed valid.
@jkyberneees
docs: update README for 204-byte signatures and 366 tests
0fc0ff3 
Update response size comment, add existential forgery row to security
table, bump test count from 304 to 366.
@jkyberneees
docs: rewrite signing protocol section and refresh benchmarks
35bccba 
Rewrite Ch.9 for sub-SLSS Sigma protocol, refresh Ch.13 benchmark
numbers with real measurements, update signature sizes throughout.
@jkyberneees
docs: update size reference to 204-byte signatures with fresh benchmarks
aaf91e6 
Replace all 140B references with 204B, update formulas, ratios, and
performance numbers from real benchmark measurements.
@jkyberneees
docs: refresh white paper benchmark table with real measurements
40f23be 
Update timing numbers from actual bun run examples/benchmark.ts output.
@jkyberneees
docs: refresh CLI benchmark output and signature size
c43bc96 
Update sample benchmark output with real timings and 204-byte signature
size.
@jkyberneees
docs: fix benchmark signature size comment from ~7400B to 204B
ab14f5d 
Correct stale comment that referenced the old estimated signature size.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkyberneees jkyberneees Awaiting requested review from jkyberneees

Assignees

@jkyberneees jkyberneees

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jkyberneees