Ho Chi Minh City, Vietnam — March 27, 2023 — Verichains, a leading provider of blockchain security solutions, announced today that it has discovered critical key extraction attacks in popular threshold signature scheme (TSS), a multi-party computing (MPC) protocol.
MPC is commonly used by multiparty wallets and digital asset custody solutions and has quickly become the standard for securing digital assets by major blockchain and financial institutions, including BNY Mellon (the largest global custodian bank), Revolut (Europe’s largest neobank), ING, Binance, Fireblocks, Coinbase and others.
One of the challenges in blockchain technology is to ensure the security and availability of funds without relying on a single trusted entity. A TSS is a cryptographic protocol that allows a group of parties to generate a signature on a message without revealing their individual secret keys. This way, the funds can be controlled by a distributed set of signers who can cooperate to authorize transactions.
Today, many institutions are implementing MPC protocols for threshold ECDSA based on GG18, GG20 and CGGMP21 algorithms (originating from the Gennaro and Goldfeder paper defining a protocol that implements homomorphic encryption and zero-knowledge proofs).
Since October 2022, Verichains has been researching threshold ECDSA security and found that nearly all TSS implementations, including popular open-source libraries in Golang and Rust, are vulnerable to key recovery attacks despite having undergone multiple security audits.
Verichains has built working proof-of-concept attacks that demonstrate a full private key extraction by a single malicious party in one to two signing ceremonies on various popular wallets, noncustodial key infrastructure and cross-chain asset management protocols. The attack leaves no trace and appears innocent to the other parties.
Verichains expects at least $8 billion of value in total assets to be at risk, but this may not reflect the total amount of funds at risk. In addition, other systems employing threshold ECDSA besides blockchain are affected if they use vulnerable implementations from open-source libraries.
Thanh Nguyen, co-founder of Verichains and former CPU security lead at Intel, said:
“Verichains has a strong commitment to responsible vulnerability disclosure, and we take careful and considered steps when disclosing attacks, especially given the wide range of impacted projects and significant user funds at risk.”
Verichains has notified a number of affected vendors and will release details of the attacks after the vulnerabilities have been mitigated, similar to the approach taken with the private key extraction vulnerability in fastMPC’s secure multi-party client of Multichain in December 2022.
Verichains is urging all projects and platforms that rely on threshold ECDSA to prioritize implementing robust security measures and seeking review from security experts to ensure their platforms’ safety and security.
Verichains is a leading blockchain security firm specializing in code audits, crypto analysis, perimeter security and incident investigation. Founded in 2017 by world-class security researchers, the company leverages extensive expertise in security, cryptography and core blockchain technology and has helped investigate and fix security issues in the largest crypto hacks, including the BNB Bridge and Ronin Bridge. For any inquiries or questions, please contact us at firstname.lastname@example.org.