CVE-2023-33241
9.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Summary
Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signatures or more fully exfiltrate the other parties' private key shares.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| GG TSS Implementations | Wallet | 18 | affected |
| GG TSS Implementations | Wallet | 20 | affected |
Weaknesses
- Private Key Exfiltration
ADP Enrichment
CVE Program Container
Additional References
- https://www.fireblocks.com/blog/gg18-and-gg20-paillier-key-vulnerability-technical-report/
- https://github.com/fireblocks-labs/mpc-ecdsa-attacks-23
- https://github.com/fireblocks-labs/safeheron-gg20-exploit-poc
- https://eprint.iacr.org/2019/114.pdf
- https://eprint.iacr.org/2020/540.pdf
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.fireblocks.com/blog/gg18-and-gg20-paillier-key-vulnerability-technical-report/
- https://github.com/fireblocks-labs/mpc-ecdsa-attacks-23
- https://github.com/fireblocks-labs/safeheron-gg20-exploit-poc
- https://eprint.iacr.org/2019/114.pdf
- https://eprint.iacr.org/2020/540.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.