3 matches found
CVE-2025-66017 CGGMP21 presignatures can be used in the way that significantly reduces security
CGGMP24 is a state-of-art ECDSA TSS protocol that supports 1-round signing requires 3 preprocessing rounds, identifiable abort, and a key refresh protocol. In versions 0.6.3 and prior of cggmp21 and version 0.7.0-alpha.1 of cggmp24, presignatures can be used in the way that significantly reduces...
CVE-2025-66017
CVE-2025-66017 affects the CGGMP family (CGGMP21 and CGGMP24). The vulnerability arises from improper use of presignatures in specific configurations, allowing signature forgery or reduced security. Affected details indicate that in CGGMP21 <= 0.6.3 and CGGMP24
RUSTSEC-2025-0128 CGGMP21 presignatures can be used in the way that significantly reduces security
This attack is against presignatures used in very specific context: Presignatures + HD wallets derivation: security level reduces to 85 bits \ Previously you could generate a presignature, and then choose a HD derivation path while issuing a partial signature via Presignature::setderivationpath,...