Cryptographic Registry Provenance Defends Against Dependency Confusion
A novel cryptographic framework has been developed to combat dependency confusion attacks within software package ecosystems. Described in arXiv:2605.03309, this system offers cryptographic verification of the registry that distributed a package, filling a critical void where such verification was previously absent. It consists of three main elements: the use of Ed25519 keypairs for cryptographic registry identity, a dual-signature approach where publishers sign during packaging and registries provide countersignatures upon publication, and authoritative namespace binding that allows consumers to pin registry fingerprints. These features establish three layers of defense, necessitating simultaneous breaches for an attack to succeed. The system has been tested across eight ecosystems: npm, Cargo, Hex.pm, PyPI, Go modules, Docker/OCI, NuGet, and Maven. Current defenses rely on configuration and can fail silently if misconfigured.
Key facts
- Dependency confusion attacks exploit a structural gap in software distribution.
- The system provides cryptographic proof of registry distribution.
- Three components: cryptographic registry identity, dual-signature model, authoritative namespace binding.
- Registries hold Ed25519 keypairs and sign every artifact.
- Publishers sign at packaging time; registries countersign at publication time.
- Consumers pin registry fingerprints; resolver cryptographically rejects unauthorized artifacts.
- Three defense layers require simultaneous compromise for successful attack.
- Evaluated across eight ecosystems: npm, Cargo, Hex.pm, PyPI, Go modules, Docker/OCI, NuGet, Maven.
Entities
—