[Resource Topic] 2023/1234: Practical Key-Extraction Attacks in Leading MPC Wallets

Welcome to the resource topic for 2023/1234

Title:
Practical Key-Extraction Attacks in Leading MPC Wallets

Authors: Nikolaos Makriyannis, Oren Yomtov

Abstract:

Multi-Party Computation (MPC) has become a major tool for protecting hundreds of billions of dollars in cryptocurrency wallets. MPC protocols are currently powering the wallets of Coinbase, Binance, Zengo, BitGo, Fireblocks and many other fintech companies servicing thousands of financial institutions and hundreds of millions of end-user consumers.

We present four novel key-extraction attacks on popular MPC signing protocols showing how a single corrupted party may extract the secret in full during the MPC signing process. Our attacks are highly practical (the practicality of the attack depends on the number of signature-generation ceremonies the attacker participates in before extracting the key). Namely, we show key-extraction attacks against different threshold-ECDSA protocols/implementations requiring 10^6, 256, 16, and one signature, respectively. In addition, we provide proof-of-concept code that implements our attacks.

ePrint: https://eprint.iacr.org/2023/1234

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .