Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MpcContext with local share public to protocol Rounds(eg. gg18 and gg20) cause security issue #4

Open
joyoFeng opened this issue Apr 28, 2023 · 0 comments
Open

MpcContext with local share public to protocol Rounds(eg. gg18 and gg20) cause security issue #4

joyoFeng opened this issue Apr 28, 2023 · 0 comments

Comments

@joyoFeng
Copy link

joyoFeng commented Apr 28, 2023
edited
Loading

We notice that gg18 and gg20 protocols, their sub-protocols refresh and sign are implemented by importing keys, then constructing MpcContext and providing it to multiple Rounds to perform cryptographic operations. The MpcContext in a Round is a public member, and furthermore its local share (SSS slice) is also public, exposing the local share publicly during the execution of each Round, which is a security risk for key management!

Note: The private key slice (local share) should be destroyed as soon as it is used up, with strict lifecycle control and no public access. (From PlatON Cryptography Team)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@joyoFeng