9 matches found
EUVD-2023-37410
Malicious code in bioql PyPI...
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli
Impact The specification of the GG18 threshold ECDSA signature protocol contains a vulnerability allowing an attacker to recover the shared secret key. If a participant generates a Paillier modulus N containing small factors less than 2^100 they can interact with other participants in the signing...
GHSA-H24C-6P6P-M3VX tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli
Impact The specification of the GG18 threshold ECDSA signature protocol contains a vulnerability allowing an attacker to recover the shared secret key. If a participant generates a Paillier modulus N containing small factors less than 2^100 they can interact with other participants in the signing...
PT-2023-33022 · Tss-Lib · Tss-Lib
Name of the Vulnerable Software and Affected Versions: tss-lib affected versions not specified Description: The GG18 threshold ECDSA signature protocol specification contains an issue that allows an attacker to recover the shared secret key. This can occur when a participant generates a Paillier...
CVE-2023-33241
Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signature...
Design/Logic Flaw
Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signature...
CVE-2023-33241
CVE-2023-33241 affects wallets using GG18/GG20 TSS (MPC) protocols. A malicious pallier key injected during the protocol and cheating in the range proof may allow an attacker to exfiltrate a full ECDSA private key (or other parties’ key shares), with the required effort potentially depending on B...
CVE-2023-33241 GG18 / GG20 TSS Beta Parameter Vulnerability
Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signature...
CVE-2023-33241 GG18 / GG20 TSS Beta Parameter Vulnerability
Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signature...