JP(@jpthor):The exact leakage path has not been demonstrated yet, but it's clear it was a GG20 bug of the same form as a Paillier-modulus attack: a malicious participant can publish a malformed Paillier modulus during keygen, then use later signing/MtA rounds to extract honest parties’ ECDSA shares. It's likely the latest GG20 patches protects against this, but my recommendation is for thorchain to migrate to DKLS with @silencelabs

@jpthor

@thorchain @rujiranetwork @vultisig @stationwallet and some other things

加入 November 2018

3.1K 正在关注 33.2K 粉丝

JP@jpthor

2026.05.17 01:16

The exact leakage path has not been demonstrated yet, but it's clear it was a GG20 bug of the same form as a Paillier-modulus attack: a malicious participant can publish a malformed Paillier modulus during keygen, then use later signing/MtA rounds to extract honest parties’ ECDSA shares. It's likely the latest GG20 patches protects against this, but my recommendation is for thorchain to migrate to DKLS with @silencelabs_sl maintaining the lib.

显示更多

113

转发到社区

热门用户