Note status of vulnerabilities regarding Threshold Signature Scheme, TSSHOCK and CVE-2023-33241

Question

Note status of vulnerabilities regarding Threshold Signature Scheme, TSSHOCK and CVE-2023-33241

pad01g opened this issue a year ago · 0 comments

Feature Description

To evaluate security of this library (sdk-lib-mpc), I'd like to know official announcement of dev team regarding two disclosed vulnerabilities TSSHOCK[1] and CVE-2023-33241[2]. While I looked for fix status of two vulnerabilities reported, I could not confirm the status.
The statement can be expressed in any of followings.

README
blog
(this) GitHub issue
source code comment

Motivation

Our team is looking for reliable tss software, and others should also be interested in knowing the status of vulnerabilities that have far-reaching effects.

[1] https://www.verichains.io/tsshock/
[2] https://www.fireblocks.com/blog/gg18-and-gg20-paillier-key-vulnerability-technical-report/