PT-2023-33022 · Tss-Lib · Tss-Lib
Published
2023-09-01
·
Updated
2023-09-01
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
tss-lib (affected versions not specified)
Description
The GG18 threshold ECDSA signature protocol specification contains an issue that allows an attacker to recover the shared secret key. This can occur when a participant generates a Paillier modulus
N with small factors, enabling them to steal other participants' secret key shares through the signing protocol. The master key can then be reconstructed from these shares.Recommendations
To address the issue, the implementation of GG18 in tss-lib should be updated to include proofs that
N is biprime and does not contain small factors, as per the CGGMP21 threshold ECDSA protocol. Specifically, the updated implementation should include:- Paillier-Blum Modulus proof to ensure
Nis the product of two primes - No Small Factor proof to ensure both factors of
Nare greater than2^256An additional round should be added to the resharing protocol to allow participants to confirm receipt of valid proofs. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tss-Lib