[tss][cs-20]: Malleable Keysign/Keygen MsgId
Opened this issue · 0 comments
byteflyfunny commented
The keyAccumulation loop concatenates the dynamic length strings to one big byte sequence. The original array-item structure is not preserved, introducing an ambiguity where different input arrays will produce the same compressed byte sequence and, therefore, msgId.
For example,["112233","44"] yields the same sequence as ["11", "223344"]. This msgId is malleable because a requester can force the same msgId on different input parameters, potentially confusing and sabotaging the keygen/keysign ceremony.