Paper 2023/1234

Practical Key-Extraction Attacks in Leading MPC Wallets

Nikolaos Makriyannis, Fireblocks
Oren Yomtov, Fireblocks
Arik Galansky, Fireblocks
Abstract

Multi-Party Computation (MPC) has become a major tool for protecting hundreds of billions of dollars in cryptocurrency wallets. MPC protocols are currently powering the wallets of Coinbase, Binance, Zengo, BitGo, Fireblocks and many other fintech companies servicing thousands of financial institutions and hundreds of millions of end-user consumers. We present four novel key-extraction attacks on popular MPC signing protocols showing how a single corrupted party may extract the secret in full during the MPC signing process. Our attacks are highly practical (the practicality of the attack depends on the number of signature-generation ceremonies the attacker participates in before extracting the key). Namely, we show key-extraction attacks against different threshold-ECDSA protocols/implementations requiring $10^6$, $256$, $16$, and *one signature*, respectively. In addition, we provide proof-of-concept code that implements our attacks.

Note: New sections on Detection & Mitigation and Responsible Disclosure + Minor edits

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
ECDSAMPCThreshold CryptographyDigital SignaturesAttacksKey-Extraction
Contact author(s)
n makriyannis @ gmail com
History
2024-01-29: revised
2023-08-15: received
See all versions
Short URL
https://ia.cr/2023/1234
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/1234,
      author = {Nikolaos Makriyannis and Oren Yomtov and Arik Galansky},
      title = {Practical Key-Extraction Attacks in Leading {MPC} Wallets},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1234},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1234}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.