CVE-2023-33241

Published: 09/08/2023 Updated: 25/08/2023

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 0

Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an malicious user to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signatures or more fully exfiltrate the other parties' private key shares.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gg20 project gg20 -
gg18 project gg18 -

Hierarchical Threshold Signature Scheme

Hierarchical Threshold Signature Scheme Introduction: This is Hierarchical Threshold Signature Scheme (HTSS) worked by AMIS Comparing to Threshold Signature Scheme (TSS), shares in this scheme are allowed to have different ranks The main merit of HTSS is vertical access control such that it has "partial accountability” Although TSS achieves joint control to di

tech-share Analysis of GG18/GG20 Protocol Vulnerability CVE-2023-33241 (Simplified Chinese) Analysis of GG18/GG20 Protocol Vulnerability CVE-2023-33241

CWE-74 https://www.fireblocks.com/blog/gg18-and-gg20-paillier-key-vulnerability-technical-report/https://eprint.iacr.org/2020/540.pdf https://eprint.iacr.org/2019/114.pdf https://github.com/fireblocks-labs/safeheron-gg20-exploit-poc https://github.com/fireblocks-labs/mpc-ecdsa-attacks-23 https://nvd.nist.gov https://github.com/getamis/alice

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-33241

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect