JP(@jpthor):The exact leakage path has not been demonstrated yet, but it's clear it was a GG20 bug of the same form as a Paillier-modulus attack: a malicious participant can publish a malformed Paillier modulus during keygen, then use later signing/MtA rounds to extract honest parties’ ECDSA shares. It's likely the latest GG20 patches protects against this, but my recommendation is for thorchain to migrate to DKLS with @silencelabs

@jpthor

@thorchain @rujiranetwork @vultisig @stationwallet and some other things

Joined November 2018

3.1K Following 33.2K Followers

JP@jpthor

2026.05.17 01:16

The exact leakage path has not been demonstrated yet, but it's clear it was a GG20 bug of the same form as a Paillier-modulus attack: a malicious participant can publish a malformed Paillier modulus during keygen, then use later signing/MtA rounds to extract honest parties’ ECDSA shares. It's likely the latest GG20 patches protects against this, but my recommendation is for thorchain to migrate to DKLS with @silencelabs_sl maintaining the lib.

113

Forward to community

Most Popular Users