JP(@jpthor):The exact leakage path has not been demonstrated yet, but it's clear it was a GG20 bug of the same form as a Paillier-modulus attack: a malicious participant can publish a malformed Paillier modulus during keygen, then use later signing/MtA rounds to extract honest parties’ ECDSA shares. It's likely the latest GG20 patches protects against this, but my recommendation is for thorchain to migrate to DKLS with @silencelabs

@jpthor

@thorchain @rujiranetwork @vultisig @stationwallet and some other things

加入 November 2018

3.1K 正在關注 33.2K 粉絲

JP@jpthor

2026.05.17 01:16

The exact leakage path has not been demonstrated yet, but it's clear it was a GG20 bug of the same form as a Paillier-modulus attack: a malicious participant can publish a malformed Paillier modulus during keygen, then use later signing/MtA rounds to extract honest parties’ ECDSA shares. It's likely the latest GG20 patches protects against this, but my recommendation is for thorchain to migrate to DKLS with @silencelabs_sl maintaining the lib.

113

轉發到社區

熱門用戶