Skip to content

Filip/secret felt implementation #144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 27 commits into from
Aug 20, 2025
Merged

Filip/secret felt implementation #144

merged 27 commits into from
Aug 20, 2025

Conversation

FilipLaurentiu
Copy link
Contributor

Pull Request type

Please add the labels corresponding to the type of changes your PR introduces:

  • Feature

What is the current behavior?

Felt implement the Copy trait and it could leak the secret information into memory.
Felt is not zeroized on drop, it need to be manually zeroized.

Resolves: #NA

What is the new behavior?

New type SecretFelt is introduced for this specific purpose. This type could be used to represent sensible information that will not be leaked into memory at the end of the program

Does this introduce a breaking change?

No - Only if a project use the zeroize function on Felt and upgrade to the latest version of this library, but from what I know, nobody use it (starknet-rs doesn't use it)

FilipLaurentiu and others added 10 commits January 29, 2025 15:41
@tdelabro
Copy link
Collaborator

No - Only if a project use the zeroize function on Felt and upgrade to the latest version of this library, but from what I know, nobody use it (starknet-rs doesn't use it)

So yes haha ;)

tdelabro
tdelabro requested changes Jul 27, 2025
View reviewed changes
@FilipLaurentiu
Add warning message to raise attention that good cryptographic hygien…
05e2f40 
…e is a must.

Add `inner_value` function that returnes a safe copy of the inner felt. The value will be zeroized automatically when is out of scope.
@FilipLaurentiu
Merge branch 'main' into filip/secret_felt_implementation
ddf80c8
@tdelabro
Copy link
Collaborator

@FilipLaurentiu CI is failing

tdelabro
tdelabro requested changes Jul 29, 2025
View reviewed changes
@FilipLaurentiu FilipLaurentiu requested a review from tdelabro July 29, 2025 15:13
@FilipLaurentiu FilipLaurentiu marked this pull request as draft July 30, 2025 11:33
@FilipLaurentiu FilipLaurentiu marked this pull request as ready for review July 30, 2025 15:45
tdelabro
tdelabro requested changes Jul 30, 2025
View reviewed changes
@tdelabro
Copy link
Collaborator

tdelabro commented Aug 4, 2025

@FilipLaurentiu ok we have this secret felt now. But we can't do much with it. Just move it around in memory safely.

What operations can we safely implement on this type? Arithmetic (Add, Mul, and so on) seems out of reach due to the way the internal representation of Felt handles it.

    /// Field addition. Never overflows/underflows.
    impl ops::Add<Felt> for Felt {
        type Output = Felt;

        fn add(self, rhs: Felt) -> Self::Output {
            Self(self.0 + rhs.0)
        }
    }

    /// Field addition. Never overflows/underflows.
    impl ops::Add<&Felt> for Felt {
        type Output = Felt;

        fn add(self, rhs: &Felt) -> Self::Output {
            Self(self.0 + rhs.0)
        }
    }

A copy of the internal value will be created if I don't mistake.

We could add a constant time comparison for the secret felt, to add one more security measure against timing attacks.

@FilipLaurentiu FilipLaurentiu marked this pull request as draft August 4, 2025 15:00
@FilipLaurentiu
- Implement constant time equality check for SecretFelt using `subt…
f6f22fd 
…le` crate.

- Implement `from_random` for `SecretFelt` to generate a secret Felt using a CSPRNG
- Improve the `from_hex_string` example
- Change `from_bytes_be`, `from_bytes_le` function signature to accept a `[u8; 32]` instead of `Vec<u8>`. No conversion needed and the function can't fail anymore.
@FilipLaurentiu
Merge branch 'main' into filip/secret_felt_implementation
042b7b9
@FilipLaurentiu FilipLaurentiu marked this pull request as ready for review August 7, 2025 14:10
@FilipLaurentiu
Copy link
Contributor Author

@FilipLaurentiu ok we have this secret felt now. But we can't do much with it. Just move it around in memory safely.

What operations can we safely implement on this type? Arithmetic (Add, Mul, and so on) seems out of reach due to the way the internal representation of Felt handles it.

    /// Field addition. Never overflows/underflows.
    impl ops::Add<Felt> for Felt {
        type Output = Felt;

        fn add(self, rhs: Felt) -> Self::Output {
            Self(self.0 + rhs.0)
        }
    }

    /// Field addition. Never overflows/underflows.
    impl ops::Add<&Felt> for Felt {
        type Output = Felt;

        fn add(self, rhs: &Felt) -> Self::Output {
            Self(self.0 + rhs.0)
        }
    }

A copy of the internal value will be created if I don't mistake.

We could add a constant time comparison for the secret felt, to add one more security measure against timing attacks.

I manage to implement a constant time comparison function for the SecretFelt. I don't see a way to add arithmetic functions to it, the reason will be, as you said, the way Felt work under the hood.

One big usage for SecretFelt I see is to use as a secret key for signatures. For example sign function takes a referance to a Felt and SecretFelt could be used here

tdelabro
tdelabro requested changes Aug 19, 2025
View reviewed changes
@tdelabro
Copy link
Collaborator

@FilipLaurentiu I think once you add Eq and fix the failing CI we will be good for merging

@FilipLaurentiu
Copy link
Contributor Author

@FilipLaurentiu I think once you add Eq and fix the failing CI we will be good for merging

Done, ready to go 👍

gabrielbosio
gabrielbosio requested changes Aug 20, 2025
View reviewed changes
@tdelabro tdelabro merged commit 820c306 into starknet-io:main Aug 20, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tdelabro tdelabro tdelabro approved these changes

@gabrielbosio gabrielbosio gabrielbosio approved these changes

@0xLucqs 0xLucqs 0xLucqs approved these changes

@pefontana pefontana Awaiting requested review from pefontana pefontana is a code owner

@dan-starkware dan-starkware Awaiting requested review from dan-starkware dan-starkware is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@FilipLaurentiu @tdelabro @gabrielbosio @0xLucqs