JP(@jpthor):The exact leakage path has not been demonstrated yet, but it's clear it was a GG20 bug of the same form as a Paillier-modulus attack: a malicious participant can publish a malformed Paillier modulus during keygen, then use later signing/MtA rounds to extract honest parties’ ECDSA shares. It's likely the latest GG20 patches protects against this, but my recommendation is for thorchain to migrate to DKLS with @silencelabs

@jpthor

@thorchain @rujiranetwork @vultisig @stationwallet and some other things

가입 November 2018

3.1K 팔로잉 중 33.2K 팬

JP@jpthor

2026.05.17 01:16

The exact leakage path has not been demonstrated yet, but it's clear it was a GG20 bug of the same form as a Paillier-modulus attack: a malicious participant can publish a malformed Paillier modulus during keygen, then use later signing/MtA rounds to extract honest parties’ ECDSA shares. It's likely the latest GG20 patches protects against this, but my recommendation is for thorchain to migrate to DKLS with @silencelabs_sl maintaining the lib.

113

커뮤니티로 전달

인기 있는 사용자